Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Linux Analysis Report arm7

Overview

General Information

Sample Name:arm7
Analysis ID:518903
MD5:18e0a7425fa5b743bb6dd7002a71cfcc
SHA1:32fb441007353ad30ae7c10c7e1368686c999d3c
SHA256:ac4582bf75332e1b51b11e1dcaa362e5fa933bf13497bab1da64079dab0c1d6f
Tags:Mirai
Infos:

Detection

Mirai
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample tries to kill many processes (SIGKILL)
Reads system files that contain records of logged in users
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample contains only a LOAD segment without any section mappings
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:518903
Start date:10.11.2021
Start time:04:19:45
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 12s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:arm7
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal84.spre.troj.evad.lin@0/52@3/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: /opt/package/joesandbox/database/analysis/518903/sample/arm7

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 5209, Parent: 4331)
  • cat (PID: 5209, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.F8yqW15XWY
  • dash New Fork (PID: 5210, Parent: 4331)
  • head (PID: 5210, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5211, Parent: 4331)
  • tr (PID: 5211, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5212, Parent: 4331)
  • cut (PID: 5212, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5213, Parent: 4331)
  • cat (PID: 5213, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.F8yqW15XWY
  • dash New Fork (PID: 5214, Parent: 4331)
  • head (PID: 5214, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5215, Parent: 4331)
  • tr (PID: 5215, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5216, Parent: 4331)
  • cut (PID: 5216, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5219, Parent: 4331)
  • rm (PID: 5219, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.F8yqW15XWY /tmp/tmp.FsztahiAst /tmp/tmp.rbFtGPyqdP
  • arm7 (PID: 5249, Parent: 5110, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm7
    • arm7 New Fork (PID: 5251, Parent: 5249)
    • arm7 New Fork (PID: 5252, Parent: 5249)
      • arm7 New Fork (PID: 5256, Parent: 5252)
      • arm7 New Fork (PID: 5258, Parent: 5252)
        • arm7 New Fork (PID: 5260, Parent: 5258)
  • systemd New Fork (PID: 5296, Parent: 1)
  • whoopsie (PID: 5296, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5308, Parent: 1)
  • sshd (PID: 5308, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5309, Parent: 1)
  • sshd (PID: 5309, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • gdm3 New Fork (PID: 5314, Parent: 1320)
  • Default (PID: 5314, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5318, Parent: 1320)
  • Default (PID: 5318, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5319, Parent: 1)
  • accounts-daemon (PID: 5319, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5334, Parent: 5319, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5335, Parent: 5334, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5336, Parent: 5335, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5337, Parent: 5336)
          • locale (PID: 5337, Parent: 5336, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5338, Parent: 5336)
          • grep (PID: 5338, Parent: 5336, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • gdm3 New Fork (PID: 5339, Parent: 1320)
  • gdm-session-worker (PID: 5339, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-wayland-session (PID: 5343, Parent: 5339, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • dbus-run-session (PID: 5348, Parent: 5343, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5349, Parent: 5348, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5353, Parent: 5349)
            • false (PID: 5354, Parent: 5353, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5356, Parent: 5349)
            • false (PID: 5357, Parent: 5356, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5358, Parent: 5349)
            • false (PID: 5359, Parent: 5358, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5360, Parent: 5349)
            • false (PID: 5361, Parent: 5360, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5362, Parent: 5349)
            • false (PID: 5363, Parent: 5362, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5364, Parent: 5349)
            • false (PID: 5365, Parent: 5364, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5367, Parent: 5349)
            • false (PID: 5368, Parent: 5367, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5350, Parent: 5348, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5350, Parent: 5348, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5369, Parent: 5350, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5370, Parent: 5350, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5370, Parent: 5350, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • gdm3 New Fork (PID: 5398, Parent: 1320)
  • gdm-session-worker (PID: 5398, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-x-session (PID: 5405, Parent: 5398, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • Xorg (PID: 5407, Parent: 5405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg.wrap (PID: 5407, Parent: 5405, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg (PID: 5407, Parent: 5405, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
        • Xorg New Fork (PID: 5443, Parent: 5407)
        • sh (PID: 5443, Parent: 5407, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5444, Parent: 5443)
          • xkbcomp (PID: 5444, Parent: 5443, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
        • Xorg New Fork (PID: 5866, Parent: 5407)
        • sh (PID: 5866, Parent: 5407, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5869, Parent: 5866)
          • xkbcomp (PID: 5869, Parent: 5866, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
      • Default (PID: 5452, Parent: 5405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/Prime/Default
      • dbus-run-session (PID: 5453, Parent: 5405, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5454, Parent: 5453, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5509, Parent: 5454)
            • at-spi-bus-launcher (PID: 5510, Parent: 5509, MD5: 1563f274acd4e7ba530a55bdc4c95682) Arguments: /usr/libexec/at-spi-bus-launcher
              • dbus-daemon (PID: 5515, Parent: 5510, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
                • dbus-daemon New Fork (PID: 5931, Parent: 5515)
                  • at-spi2-registryd (PID: 5934, Parent: 5931, MD5: 1d904c2693452edebc7ede3a9e24d440) Arguments: /usr/libexec/at-spi2-registryd --use-gnome-session
          • dbus-daemon New Fork (PID: 5539, Parent: 5454)
            • false (PID: 5540, Parent: 5539, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5542, Parent: 5454)
            • false (PID: 5543, Parent: 5542, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5544, Parent: 5454)
            • false (PID: 5545, Parent: 5544, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5546, Parent: 5454)
            • false (PID: 5547, Parent: 5546, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5548, Parent: 5454)
            • false (PID: 5549, Parent: 5548, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5550, Parent: 5454)
            • false (PID: 5551, Parent: 5550, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5553, Parent: 5454)
            • false (PID: 5554, Parent: 5553, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5861, Parent: 5454)
            • ibus-portal (PID: 5862, Parent: 5861, MD5: 562ad55bd9a4d54bd7b76746b01e37d3) Arguments: /usr/libexec/ibus-portal
          • dbus-daemon New Fork (PID: 6095, Parent: 5454)
            • gjs (PID: 6096, Parent: 6095, MD5: 5f3eceb792bb65c22f23d1efb4fde3ad) Arguments: /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
          • dbus-daemon New Fork (PID: 6163, Parent: 5454)
            • false (PID: 6165, Parent: 6163, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5455, Parent: 5453, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5455, Parent: 5453, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5555, Parent: 5455, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5558, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5558, Parent: 5455, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
            • ibus-daemon (PID: 5609, Parent: 5558, MD5: 1e00fb9860b198c73f6e364e3ff16f31) Arguments: ibus-daemon --panel disable --xim
              • ibus-memconf (PID: 5857, Parent: 5609, MD5: 523e939905910d06598e66385761a822) Arguments: /usr/libexec/ibus-memconf
              • ibus-daemon New Fork (PID: 5859, Parent: 5609)
                • ibus-x11 (PID: 5860, Parent: 1, MD5: 2aa1e54666191243814c2733d6992dbd) Arguments: /usr/libexec/ibus-x11 --kill-daemon
              • ibus-engine-simple (PID: 6130, Parent: 5609, MD5: 0238866d5e8802a0ce1b1b9af8cb1376) Arguments: /usr/libexec/ibus-engine-simple
          • sh (PID: 6116, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
          • gsd-sharing (PID: 6116, Parent: 5455, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
          • sh (PID: 6118, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
          • gsd-wacom (PID: 6118, Parent: 5455, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
          • sh (PID: 6120, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
          • gsd-color (PID: 6120, Parent: 5455, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
          • sh (PID: 6121, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
          • gsd-keyboard (PID: 6121, Parent: 5455, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
          • sh (PID: 6122, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
          • sh (PID: 6123, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
          • gsd-rfkill (PID: 6123, Parent: 5455, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
          • sh (PID: 6124, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
          • gsd-smartcard (PID: 6124, Parent: 5455, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
          • sh (PID: 6128, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
          • gsd-datetime (PID: 6128, Parent: 5455, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
          • sh (PID: 6129, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
          • gsd-media-keys (PID: 6129, Parent: 5455, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
          • sh (PID: 6131, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
          • gsd-screensaver-proxy (PID: 6131, Parent: 5455, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
          • sh (PID: 6134, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
          • gsd-sound (PID: 6134, Parent: 5455, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
          • sh (PID: 6137, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
          • gsd-a11y-settings (PID: 6137, Parent: 5455, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
          • sh (PID: 6139, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
          • gsd-housekeeping (PID: 6139, Parent: 5455, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
          • sh (PID: 6144, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
          • gsd-power (PID: 6144, Parent: 5455, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
          • sh (PID: 6995, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
          • spice-vdagent (PID: 6995, Parent: 5455, MD5: 80fb7f613aa78d1b8a229dbcf4577a9d) Arguments: /usr/bin/spice-vdagent
          • sh (PID: 7018, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
          • xbrlapi (PID: 7018, Parent: 5455, MD5: 0cfe25df39d38af32d6265ed947ca5b9) Arguments: xbrlapi -q
  • gdm3 New Fork (PID: 5399, Parent: 1320)
  • Default (PID: 5399, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5400, Parent: 1320)
  • Default (PID: 5400, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5408, Parent: 1320)
  • Default (PID: 5408, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5414, Parent: 1860)
  • pulseaudio (PID: 5414, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • fusermount (PID: 5460, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5475, Parent: 1)
  • systemd-user-runtime-dir (PID: 5475, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 1000
  • systemd New Fork (PID: 5583, Parent: 1)
  • systemd-localed (PID: 5583, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • systemd New Fork (PID: 5873, Parent: 1334)
  • pulseaudio (PID: 5873, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5876, Parent: 1)
  • geoclue (PID: 5876, Parent: 1, MD5: 30ac5455f3c598dde91dc87477fb19f7) Arguments: /usr/libexec/geoclue
  • systemd New Fork (PID: 6169, Parent: 1)
  • systemd-hostnamed (PID: 6169, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • systemd New Fork (PID: 6497, Parent: 1)
  • systemd-localed (PID: 6497, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • systemd New Fork (PID: 6783, Parent: 1)
  • fprintd (PID: 6783, Parent: 1, MD5: b0d8829f05cd028529b84b061b660e84) Arguments: /usr/libexec/fprintd
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
arm7SUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0xafcc:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0xb03b:$s2: $Id: UPX
  • 0xafec:$s3: $Info: This file is packed with the UPX executable packer

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: arm7ReversingLabs: Detection: 15%
    Source: /usr/lib/xorg/Xorg (PID: 5407)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5456)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5516)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5528)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5558)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5414)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5873)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:37180 version: TLS 1.2

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.65.35.13:23 -> 192.168.2.23:43786
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:39384
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 72.27.206.111:23 -> 192.168.2.23:53578
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 72.27.206.111:23 -> 192.168.2.23:53578
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:39384
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.14.130.244:23 -> 192.168.2.23:52436
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 111.43.92.108:23 -> 192.168.2.23:46308
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 111.43.92.108:23 -> 192.168.2.23:46308
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:39560
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.14.130.244:23 -> 192.168.2.23:52436
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.14.130.244:23 -> 192.168.2.23:52436
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:39560
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.14.130.244:23 -> 192.168.2.23:52538
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 116.125.236.113:23 -> 192.168.2.23:57640
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 116.125.236.113:23 -> 192.168.2.23:57640
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:39694
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.14.130.244:23 -> 192.168.2.23:52538
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.14.130.244:23 -> 192.168.2.23:52538
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:39694
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:39824
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 111.43.92.108:23 -> 192.168.2.23:46694
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 111.43.92.108:23 -> 192.168.2.23:46694
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.14.130.244:23 -> 192.168.2.23:52824
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:39824
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.1.63.150:23 -> 192.168.2.23:53796
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.1.63.150:23 -> 192.168.2.23:53796
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:39928
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.14.130.244:23 -> 192.168.2.23:52824
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.14.130.244:23 -> 192.168.2.23:52824
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:39928
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58656
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46030
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:39994
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46054
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 116.125.236.113:23 -> 192.168.2.23:58060
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 116.125.236.113:23 -> 192.168.2.23:58060
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58694
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:39994
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46062
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58702
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46076
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46086
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58718
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 111.43.92.108:23 -> 192.168.2.23:46930
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 111.43.92.108:23 -> 192.168.2.23:46930
    Source: TrafficSnort IDS: 716 INFO TELNET access 180.150.18.5:23 -> 192.168.2.23:47634
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46122
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40072
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58764
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.14.130.244:23 -> 192.168.2.23:53056
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46162
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58800
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46172
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46178
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58810
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.165.81.76:23 -> 192.168.2.23:40110
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46184
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40072
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58820
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46190
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.14.130.244:23 -> 192.168.2.23:53056
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.14.130.244:23 -> 192.168.2.23:53056
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58826
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46200
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46208
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58840
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40162
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46214
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58852
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58862
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40162
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 41.174.122.154:23 -> 192.168.2.23:55788
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58876
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 72.27.206.111:23 -> 192.168.2.23:54360
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 72.27.206.111:23 -> 192.168.2.23:54360
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58884
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58904
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40218
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58930
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 111.43.92.108:23 -> 192.168.2.23:47130
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 111.43.92.108:23 -> 192.168.2.23:47130
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40218
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58952
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.14.130.244:23 -> 192.168.2.23:53244
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58968
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58976
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40298
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:58996
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40298
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:59014
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.14.130.244:23 -> 192.168.2.23:53244
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.14.130.244:23 -> 192.168.2.23:53244
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.14.130.244:23 -> 192.168.2.23:53308
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 72.27.206.111:23 -> 192.168.2.23:54500
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 72.27.206.111:23 -> 192.168.2.23:54500
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:59038
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:59066
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40396
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:59088
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 192.144.0.18:23 -> 192.168.2.23:42244
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40396
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:59102
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40424
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.14.130.244:23 -> 192.168.2.23:53308
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.14.130.244:23 -> 192.168.2.23:53308
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:59110
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 111.43.92.108:23 -> 192.168.2.23:47328
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 111.43.92.108:23 -> 192.168.2.23:47328
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:59122
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40424
    Source: TrafficSnort IDS: 716 INFO TELNET access 124.110.3.96:23 -> 192.168.2.23:59148
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.1.63.150:23 -> 192.168.2.23:54382
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.1.63.150:23 -> 192.168.2.23:54382
    Source: TrafficSnort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 2.249.90.152: -> 192.168.2.23:
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40506
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40506
    Source: TrafficSnort IDS: 716 INFO TELNET access 180.150.18.5:23 -> 192.168.2.23:48118
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.14.130.244:23 -> 192.168.2.23:53576
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40614
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.165.81.76:23 -> 192.168.2.23:40604
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40614
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46746
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.14.130.244:23 -> 192.168.2.23:53576
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.14.130.244:23 -> 192.168.2.23:53576
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 111.43.92.108:23 -> 192.168.2.23:47562
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 111.43.92.108:23 -> 192.168.2.23:47562
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46758
    Source: TrafficSnort IDS: 2023439 ET TROJAN Possible Linux.Mirai Login Attempt (hi3518) 192.168.2.23:54832 -> 81.141.62.27:23
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40708
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46782
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46820
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40708
    Source: TrafficSnort IDS: 716 INFO TELNET access 125.128.127.25:23 -> 192.168.2.23:49840
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46860
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46896
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 125.128.127.25:23 -> 192.168.2.23:49840
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46916
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 116.125.236.113:23 -> 192.168.2.23:58820
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 116.125.236.113:23 -> 192.168.2.23:58820
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46932
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40880
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46948
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40880
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46954
    Source: TrafficSnort IDS: 716 INFO TELNET access 125.128.127.25:23 -> 192.168.2.23:49962
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46962
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 125.128.127.25:23 -> 192.168.2.23:49962
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46974
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.14.130.244:23 -> 192.168.2.23:53894
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:46984
    Source: TrafficSnort IDS: 716 INFO TELNET access 110.12.142.194:23 -> 192.168.2.23:40940
    Source: TrafficSnort IDS: 716 INFO TELNET access 95.188.189.120:23 -> 192.168.2.23:47000
    Source: TrafficSnort IDS: 716 INFO TELNET access 125.128.127.25:23 -> 192.168.2.23:50018
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.12.142.194:23 -> 192.168.2.23:40940
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 125.128.127.25:23 -> 192.168.2.23:50018
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.14.130.244:23 -> 192.168.2.23:53894
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.14.130.244:23 -> 192.168.2.23:53894
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51254
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51260
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51272
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51284
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51292
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51296
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51302
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51318
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51324
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51332
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51348
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51360
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51376
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51388
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51404
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51426
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51440
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51452
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51462
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51470
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51476
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51480
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51486
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51498
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51504
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51518
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51528
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51548
    Source: global trafficTCP traffic: 192.168.2.23:56100 -> 185.227.108.66:40485
    Source: global trafficTCP traffic: 192.168.2.23:45900 -> 209.141.62.214:3074
    Source: /tmp/arm7 (PID: 5256)Socket: 0.0.0.0::23
    Source: /usr/sbin/sshd (PID: 5309)Socket: 0.0.0.0::22
    Source: /usr/sbin/sshd (PID: 5309)Socket: [::]::22
    Source: /usr/bin/dbus-daemon (PID: 5349)Socket: <unknown socket type>:unknown
    Source: /usr/libexec/gnome-session-binary (PID: 5350)Socket: <unknown socket type>:unknown
    Source: /usr/lib/xorg/Xorg (PID: 5407)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 5454)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 5515)Socket: <unknown socket type>:unknown
    Source: /usr/libexec/gnome-session-binary (PID: 5455)Socket: <unknown socket type>:unknown
    Source: /usr/bin/ibus-daemon (PID: 5609)Socket: <unknown socket type>:unknown
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37180
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37180 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 73.63.79.59
    Source: unknownTCP traffic detected without corresponding DNS query: 177.99.7.54
    Source: unknownTCP traffic detected without corresponding DNS query: 61.253.77.41
    Source: unknownTCP traffic detected without corresponding DNS query: 120.25.196.209
    Source: unknownTCP traffic detected without corresponding DNS query: 200.224.244.59
    Source: unknownTCP traffic detected without corresponding DNS query: 38.89.55.46
    Source: unknownTCP traffic detected without corresponding DNS query: 209.163.89.194
    Source: unknownTCP traffic detected without corresponding DNS query: 109.237.51.10
    Source: unknownTCP traffic detected without corresponding DNS query: 63.95.228.224
    Source: unknownTCP traffic detected without corresponding DNS query: 155.170.130.172
    Source: unknownTCP traffic detected without corresponding DNS query: 13.174.147.226
    Source: unknownTCP traffic detected without corresponding DNS query: 103.104.192.96
    Source: unknownTCP traffic detected without corresponding DNS query: 79.111.115.25
    Source: unknownTCP traffic detected without corresponding DNS query: 95.1.147.97
    Source: unknownTCP traffic detected without corresponding DNS query: 113.124.157.95
    Source: unknownTCP traffic detected without corresponding DNS query: 150.211.222.31
    Source: unknownTCP traffic detected without corresponding DNS query: 4.52.253.58
    Source: unknownTCP traffic detected without corresponding DNS query: 31.66.196.192
    Source: unknownTCP traffic detected without corresponding DNS query: 42.250.3.112
    Source: unknownTCP traffic detected without corresponding DNS query: 205.180.9.144
    Source: unknownTCP traffic detected without corresponding DNS query: 140.169.223.189
    Source: unknownTCP traffic detected without corresponding DNS query: 148.180.221.164
    Source: unknownTCP traffic detected without corresponding DNS query: 101.236.119.185
    Source: unknownTCP traffic detected without corresponding DNS query: 209.30.28.229
    Source: unknownTCP traffic detected without corresponding DNS query: 176.56.85.110
    Source: unknownTCP traffic detected without corresponding DNS query: 118.212.24.179
    Source: unknownTCP traffic detected without corresponding DNS query: 222.35.245.96
    Source: unknownTCP traffic detected without corresponding DNS query: 48.253.72.178
    Source: unknownTCP traffic detected without corresponding DNS query: 40.108.44.125
    Source: unknownTCP traffic detected without corresponding DNS query: 43.122.79.244
    Source: unknownTCP traffic detected without corresponding DNS query: 151.95.130.213
    Source: unknownTCP traffic detected without corresponding DNS query: 58.214.87.204
    Source: unknownTCP traffic detected without corresponding DNS query: 202.184.218.33
    Source: unknownTCP traffic detected without corresponding DNS query: 134.229.195.208
    Source: unknownTCP traffic detected without corresponding DNS query: 107.249.56.132
    Source: unknownTCP traffic detected without corresponding DNS query: 200.61.115.230
    Source: unknownTCP traffic detected without corresponding DNS query: 124.27.214.210
    Source: unknownTCP traffic detected without corresponding DNS query: 47.105.90.30
    Source: unknownTCP traffic detected without corresponding DNS query: 101.104.76.244
    Source: unknownTCP traffic detected without corresponding DNS query: 185.252.24.3
    Source: unknownTCP traffic detected without corresponding DNS query: 99.31.245.205
    Source: unknownTCP traffic detected without corresponding DNS query: 111.46.6.165
    Source: unknownTCP traffic detected without corresponding DNS query: 193.199.105.50
    Source: unknownTCP traffic detected without corresponding DNS query: 44.153.128.70
    Source: unknownTCP traffic detected without corresponding DNS query: 157.48.244.152
    Source: unknownTCP traffic detected without corresponding DNS query: 125.162.234.146
    Source: unknownTCP traffic detected without corresponding DNS query: 220.193.217.115
    Source: unknownTCP traffic detected without corresponding DNS query: 61.135.224.116
    Source: unknownTCP traffic detected without corresponding DNS query: 88.135.211.241
    Source: unknownTCP traffic detected without corresponding DNS query: 104.168.106.242
    Source: arm7String found in binary or memory: http://upx.sf.net
    Source: Xorg.0.log.104.drString found in binary or memory: http://wiki.x.org
    Source: Xorg.0.log.104.drString found in binary or memory: http://www.ubuntu.com/support)
    Source: motd-news.16.drString found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
    Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:37180 version: TLS 1.2

    System Summary:

    barindex
    Sample tries to kill many processes (SIGKILL)Show sources
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1888, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1983, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 2048, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5454)SIGKILL sent: pid: 5509, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5454)SIGKILL sent: pid: 5861, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5454)SIGKILL sent: pid: 6095, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5515)SIGKILL sent: pid: 5931, result: successful
    Source: LOAD without section mappingsProgram segment: 0x8000
    Source: arm7, type: SAMPLEMatched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1888, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 1983, result: successful
    Source: /tmp/arm7 (PID: 5256)SIGKILL sent: pid: 2048, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5454)SIGKILL sent: pid: 5509, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5454)SIGKILL sent: pid: 5861, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5454)SIGKILL sent: pid: 6095, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5515)SIGKILL sent: pid: 5931, result: successful
    Source: arm7Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
    Source: classification engineClassification label: mal84.spre.troj.evad.lin@0/52@3/0

    Data Obfuscation:

    barindex
    Sample is packed with UPXShow sources
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

    Persistence and Installation Behavior:

    barindex
    Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
    Source: /usr/bin/dbus-daemon (PID: 5349)File: /proc/5349/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 5454)File: /proc/5454/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 5515)File: /proc/5515/mountsJump to behavior
    Source: /usr/bin/gjs (PID: 6096)File: /proc/6096/mountsJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5558)File: /proc/5558/mountsJump to behavior
    Source: /bin/fusermount (PID: 5460)File: /proc/5460/mounts
    Source: /bin/sh (PID: 5338)Grep executable: /usr/bin/grep -> grep -F .utf8
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1582/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2033/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/670/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/793/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1579/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1699/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/674/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1335/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2028/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/675/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/796/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1334/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1532/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1576/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/797/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/676/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/677/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2025/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/799/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/910/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/912/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/517/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/759/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/918/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1594/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1349/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/761/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/840/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/884/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1389/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1983/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2038/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/720/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1344/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1465/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1586/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/721/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1463/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/800/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/801/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/847/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1900/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/491/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2050/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1877/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2009/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/772/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1599/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/774/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1477/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/654/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/896/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1476/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1872/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2048/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/655/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1475/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/656/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/777/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/657/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/658/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/419/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/936/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1809/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1494/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1890/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2062/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1888/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1601/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/420/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1886/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2018/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1489/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/785/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/2014/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1320/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/788/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/667/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/789/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/904/exe
    Source: /tmp/arm7 (PID: 5256)File opened: /proc/1207/exe
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6131/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6134/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6137/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/5862/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6096/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/5456/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6128/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6129/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/5558/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/5934/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6120/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6122/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6144/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6121/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6124/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6443/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6123/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/5454/status
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/5454/attr/current
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/5455/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/5510/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/5609/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6139/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5454)File opened: /proc/6116/cmdline
    Source: /usr/bin/whoopsie (PID: 5296)Directory: /nonexistent/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5319)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5319)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5319)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /usr/share/language-tools/language-options (PID: 5336)Shell command executed: sh -c "locale -a | grep -F .utf8 "
    Source: /usr/lib/xorg/Xorg (PID: 5443)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/lib/xorg/Xorg (PID: 5866)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/bin/dash (PID: 5219)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.F8yqW15XWY /tmp/tmp.FsztahiAst /tmp/tmp.rbFtGPyqdP
    Source: /usr/lib/xorg/Xorg (PID: 5407)Log file created: /var/log/Xorg.0.logJump to dropped file

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51254
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51260
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51272
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51284
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51292
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51296
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51302
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51318
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51324
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51332
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51348
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51360
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51376
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51388
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51404
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51426
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51440
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51452
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51462
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51470
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51476
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51480
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51486
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51498
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51504
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51518
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51528
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51548
    Source: /usr/lib/xorg/Xorg (PID: 5407)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5456)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5516)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5528)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5558)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5414)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5873)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /tmp/arm7 (PID: 5249)Queries kernel information via 'uname':
    Source: /usr/bin/whoopsie (PID: 5296)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 5339)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-binary (PID: 5350)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 5398)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-x-session (PID: 5405)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5407)Queries kernel information via 'uname':
    Source: /usr/libexec/at-spi-bus-launcher (PID: 5510)Queries kernel information via 'uname':
    Source: /usr/libexec/at-spi2-registryd (PID: 5934)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-binary (PID: 5455)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5456)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5516)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5528)Queries kernel information via 'uname':
    Source: /usr/bin/gnome-shell (PID: 5558)Queries kernel information via 'uname':
    Source: /usr/libexec/ibus-x11 (PID: 5860)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-wacom (PID: 6118)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-color (PID: 6120)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-keyboard (PID: 6121)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-smartcard (PID: 6124)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-media-keys (PID: 6129)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-power (PID: 6144)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5414)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5873)Queries kernel information via 'uname':
    Source: /lib/systemd/systemd-hostnamed (PID: 6169)Queries kernel information via 'uname':
    Source: /usr/libexec/fprintd (PID: 6783)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5407)Truncated file: /var/log/Xorg.pid-5407.log
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.088] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.161] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.322] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.071] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.318] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.631] (==) vmware(0): Backing store enabled
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.583] (--) vmware(0): depth: 24
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.400] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.990] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.118] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.653] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.357] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.994] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.762] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.770] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.212] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.826] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.123] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.545] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.094] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 488.120] (EE) vmware(0): Failed to open drm.
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.127] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.675] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.936] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.187] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.378] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.927] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.689] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.871] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.957] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.001] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.695] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.216] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.755] (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.825] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.681] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.618] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.357] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.915] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.066] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.786] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.833] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.660] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.396] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.975] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.430] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.728] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.403] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.909] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.635] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.947] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.771] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.939] (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.895] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.748] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.595] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.049] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.887] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.471] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.743] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.895] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
    Source: arm7, 5249.1.000000003ae29ced.0000000091cae7cb.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.453] (--) vmware(0): caps: 0xFDFF83E2
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.158] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.953] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.644] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.063] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.382] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.164] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.828] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.052] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.279] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.307] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.793] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.777] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.046] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.814] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.177] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.475] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.345] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.236] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.015] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.366] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.422] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.201] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.738] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.538] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.967] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.560] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.236] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.787] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.257] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.223] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.351] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.686] (==) vmware(0): Default visual is TrueColor
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.865] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 498.540] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.780] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.315] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.659] (--) vmware(0): w.red: 8
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.135] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.174] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.295] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.849] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.625] (--) vmware(0): vram: 4194304
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.521] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.407] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.060] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.933] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.735] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.637] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.799] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.835] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.449] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.245] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.684] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 488.152] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.291] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.949] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.032] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.910] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.205] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.678] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.085] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: arm7, 5249.1.000000003ae29ced.0000000091cae7cb.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm7SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7
    Source: Xorg.0.log.104.drBinary or memory string: [ 493.079] (==) vmware(0): Silken mouse enabled
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.662] (--) vmware(0): w.grn: 8
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.452] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.248] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.892] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.018] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.670] (--) vmware(0): vis: 4
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.644] (--) vmware(0): mwidt: 1176
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.931] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.170] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.311] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.690] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.842] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.575] (II) vmware(0): Virtual size is 800x600 (pitch 1176)
    Source: Xorg.0.log.104.drBinary or memory string: [ 487.759] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.326] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.433] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.038] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.242] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.415] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.765] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.680] (==) vmware(0): RGB weight 888
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.882] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: arm7, 5249.1.0000000048cded24.0000000058105968.rw-.sdmpBinary or memory string: 0V!/etc/qemu-binfmt/arm
    Source: Xorg.0.log.104.drBinary or memory string: [ 488.139] (WW) vmware(0): Disabling Render Acceleration.
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.389] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.661] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.035] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.855] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.905] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.418] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.341] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.058] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.742] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.808] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.849] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 498.534] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.362] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.655] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.847] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.138] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.806] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.426] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: arm7, 5256.1.0000000048cded24.0000000058105968.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.131] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.839] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.080] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.055] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.672] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.920] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.941] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.997] (==) vmware(0): DPI set to (96, 96)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.859] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.880] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 486.478] (==) Matched vmware as autoconfigured driver 0
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.582] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.510] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.634] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.504] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.567] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 486.497] (II) LoadModule: "vmware"
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.731] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.254] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.665] (--) vmware(0): w.blu: 8
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.820] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.674] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.801] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.657] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 498.590] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.854] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.142] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.531] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 486.511] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.803] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.466] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.341] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.209] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.145] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.727] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.334] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.648] (--) vmware(0): mheig: 885
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.723] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.870] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.640] (--) vmware(0): pbase: 0xe8000000
    Source: Xorg.0.log.104.drBinary or memory string: [ 498.549] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.876] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.760] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.720] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.251] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.891] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.689] (==) vmware(0): Using HW cursor
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.795] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.040] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 486.565] (II) Module vmware: vendor="X.Org Foundation"
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.981] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: arm7, 5256.1.0000000048cded24.0000000058105968.rw-.sdmpBinary or memory string: !/proc/1601/exe0!/usr/bin/vmtoolsd1
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.153] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.765] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.844] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.701] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.962] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.754] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.582] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.648] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.669] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.552] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.457] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.518] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.733] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.613] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.273] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.381] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.226] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.840] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.735] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.024] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.821] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.338] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.299] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.672] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.167] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.027] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 487.957] (II) vmware(0): Creating default Display subsection in Screen section
    Source: Xorg.0.log.104.drBinary or memory string: [ 488.146] (WW) vmware(0): Disabling RandR12+ support.
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.875] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.106] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.152] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.914] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.871] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.692] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.437] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.286] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.098] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.726] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.862] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.148] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.303] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.902] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.021] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.371] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: arm7, 5249.1.0000000048cded24.0000000058105968.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.232] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.334] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.392] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.900] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.239] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.441] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.702] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.011] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.981] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.920] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.676] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.352] (II) vmware(0): Initialized VMware Xinerama extension.
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.989] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.814] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.499] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.219] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.651] (--) vmware(0): depth: 24
    Source: Xorg.0.log.104.drBinary or memory string: [ 499.851] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.461] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.493] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.956] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.374] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.698] (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.925] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.331] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.229] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.695] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.800] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.444] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.078] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.102] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.663] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.029] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.069] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 488.133] (WW) vmware(0): Disabling 3D support.
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.091] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.043] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.749] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.180] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.077] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.411] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.973] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.524] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.074] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.962] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.195] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 493.459] (II) vmware(0): Initialized VMware Xv extension successfully.
    Source: Xorg.0.log.104.drBinary or memory string: [ 489.718] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.155] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.807] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 490.605] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz

    Language, Device and Operating System Detection:

    barindex
    Reads system files that contain records of logged in usersShow sources
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5319)Logged in records file read: /var/log/wtmpJump to behavior

    Stealing of Sensitive Information:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting1Path InterceptionPath InterceptionFile and Directory Permissions Modification1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting1LSASS MemorySystem Owner/User Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Hidden Files and Directories1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSSystem Information Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptIndicator Removal on Host1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonFile Deletion1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 518903 Sample: arm7 Startdate: 10/11/2021 Architecture: LINUX Score: 84 120 110.12.142.194, 23, 39384, 39560 SKB-ASSKBroadbandCoLtdKR Korea Republic of 2->120 122 156.124.147.111 XNSTGCA United States 2->122 124 99 other IPs or domains 2->124 134 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->134 136 Multi AV Scanner detection for submitted file 2->136 138 Yara detected Mirai 2->138 140 2 other signatures 2->140 14 gdm3 gdm-session-worker 2->14         started        16 gdm3 gdm-session-worker 2->16         started        18 systemd accounts-daemon 2->18         started        21 26 other processes 2->21 signatures3 process4 signatures5 23 gdm-session-worker gdm-x-session 14->23         started        25 gdm-session-worker gdm-wayland-session 16->25         started        130 Reads system files that contain records of logged in users 18->130 27 accounts-daemon language-validate 18->27         started        132 Sample reads /proc/mounts (often used for finding a writable filesystem) 21->132 29 arm7 21->29         started        31 arm7 21->31         started        process6 process7 33 gdm-x-session dbus-run-session 23->33         started        35 gdm-x-session Xorg Xorg.wrap Xorg 23->35         started        37 gdm-x-session Default 23->37         started        39 gdm-wayland-session dbus-run-session 25->39         started        41 language-validate language-options 27->41         started        43 arm7 29->43         started        46 arm7 29->46         started        signatures8 48 dbus-run-session dbus-daemon 33->48         started        51 dbus-run-session gnome-session gnome-session-binary 1 33->51         started        53 Xorg sh 35->53         started        55 Xorg sh 35->55         started        57 dbus-run-session dbus-daemon 39->57         started        59 dbus-run-session gnome-session gnome-session-binary 1 39->59         started        61 language-options sh 41->61         started        148 Sample tries to kill many processes (SIGKILL) 43->148 63 arm7 46->63         started        process9 signatures10 126 Sample tries to kill many processes (SIGKILL) 48->126 128 Sample reads /proc/mounts (often used for finding a writable filesystem) 48->128 65 dbus-daemon 48->65         started        67 dbus-daemon 48->67         started        73 9 other processes 48->73 75 19 other processes 51->75 69 sh xkbcomp 53->69         started        71 sh xkbcomp 55->71         started        78 7 other processes 57->78 80 2 other processes 59->80 82 2 other processes 61->82 process11 signatures12 84 dbus-daemon at-spi-bus-launcher 65->84         started        86 dbus-daemon gjs 67->86         started        99 9 other processes 73->99 150 Sample reads /proc/mounts (often used for finding a writable filesystem) 75->150 89 gnome-shell ibus-daemon 75->89         started        91 gsd-print-notifications 75->91         started        93 gnome-session-check-accelerated gnome-session-check-accelerated-gl-helper 75->93         started        95 gnome-session-check-accelerated gnome-session-check-accelerated-gles-helper 75->95         started        97 dbus-daemon false 78->97         started        101 6 other processes 78->101 process13 signatures14 103 at-spi-bus-launcher dbus-daemon 84->103         started        142 Sample reads /proc/mounts (often used for finding a writable filesystem) 86->142 106 ibus-daemon 89->106         started        108 ibus-daemon ibus-memconf 89->108         started        110 ibus-daemon ibus-engine-simple 89->110         started        112 gsd-print-notifications gsd-printer 91->112         started        process15 signatures16 144 Sample tries to kill many processes (SIGKILL) 103->144 146 Sample reads /proc/mounts (often used for finding a writable filesystem) 103->146 114 dbus-daemon 103->114         started        116 ibus-daemon ibus-x11 106->116         started        process17 process18 118 dbus-daemon at-spi2-registryd 114->118         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    arm716%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    		162.213.33.132
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netarm7false
        		high
        http://wiki.x.orgXorg.0.log.104.drfalse
          		high
          http://www.ubuntu.com/support)Xorg.0.log.104.drfalse
            		high
            https://ubuntu.com/blog/microk8s-memory-optimisationmotd-news.16.drfalse
              		high

              Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public

              IPDomainCountryFlagASNASN NameMalicious
              170.212.145.26
              		unknownUnited States
              		46274UPHSUSfalse
              105.65.190.125
              		unknownMorocco
              		36884MAROCCONNECTMAfalse
              188.246.20.171
              		unknownGermany
              		15987PORTUNITY-ASDEfalse
              180.120.16.34
              		unknownChina
              		137702CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvincefalse
              209.195.10.55
              		unknownUnited States
              		6597CBDC-6597USfalse
              76.113.207.15
              		unknownUnited States
              		7922COMCAST-7922USfalse
              175.12.182.161
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              128.12.205.42
              		unknownUnited States
              		32STANFORDUSfalse
              153.144.103.33
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              20.180.146.143
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              95.195.139.139
              		unknownSweden
              		3301TELIANET-SWEDENTeliaCompanySEfalse
              190.18.242.84
              		unknownArgentina
              		10318TelecomArgentinaSAARfalse
              109.48.20.63
              		unknownPortugal
              		2860NOS_COMUNICACOESPTfalse
              98.21.254.198
              		unknownUnited States
              		7029WINDSTREAMUSfalse
              79.185.87.133
              		unknownPoland
              		5617TPNETPLfalse
              156.73.219.193
              		unknownUnited States
              		2024NUUSfalse
              103.153.197.182
              		unknownunknown
              		134687TWIDC-AS-APTWIDCLimitedHKfalse
              211.100.37.85
              		unknownChina
              		23724CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporationfalse
              114.38.29.71
              		unknownTaiwan; Republic of China (ROC)
              		3462HINETDataCommunicationBusinessGroupTWfalse
              119.13.248.48
              		unknownAustralia
              		9723ISEEK-AS-APiseekCommunicationsPtyLtdAUfalse
              59.89.206.225
              		unknownIndia
              		9829BSNL-NIBNationalInternetBackboneINfalse
              16.233.48.150
              		unknownUnited States
              		unknownunknownfalse
              86.61.47.5
              		unknownSlovenia
              		5603SIOL-NETTelekomSlovenijeddSIfalse
              172.76.159.4
              		unknownUnited States
              		5650FRONTIER-FRTRUSfalse
              82.139.21.125
              		unknownPoland
              		29314VECTRANET-ASAlZwyciestwa25381-525GdyniaPolandPLfalse
              83.126.63.20
              		unknownEuropean Union
              		44307MDSOLDEfalse
              223.197.123.195
              		unknownHong Kong
              		132585SIA-HK-ASSkyExchangeInternetAccessHKfalse
              59.75.11.76
              		unknownChina
              		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
              128.150.78.4
              		unknownUnited States
              		102NSF-HQ-ASUSfalse
              111.188.156.126
              		unknownJapan37903EMOBILEYmobileCorporationJPfalse
              168.114.199.237
              		unknownUnited States
              		36026AS-CHI-CORPUSfalse
              85.22.119.239
              		unknownGermany
              		15763ASDOKOMDEfalse
              213.25.144.224
              		unknownPoland
              		5617TPNETPLfalse
              139.245.51.216
              		unknownUnited States
              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
              85.91.248.195
              		unknownUnited Kingdom
              		34270INETCInternetConnectionsLtdGBfalse
              106.97.90.23
              		unknownKorea Republic of
              		17853LGTELECOM-AS-KRLGTELECOMKRfalse
              134.111.224.1
              		unknownUnited States
              		394990STRATUSfalse
              4.199.89.71
              		unknownUnited States
              		3356LEVEL3USfalse
              145.83.49.160
              		unknownNetherlands
              		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
              107.59.27.67
              		unknownUnited States
              		16567NETRIX-16567USfalse
              47.183.28.100
              		unknownUnited States
              		5650FRONTIER-FRTRUSfalse
              9.155.176.99
              		unknownUnited States
              		3356LEVEL3USfalse
              155.251.195.38
              		unknownGambia
              		37309QCellGMfalse
              172.116.139.149
              		unknownUnited States
              		20001TWC-20001-PACWESTUSfalse
              204.43.48.115
              		unknownUnited States
              		62600ABOR-SUN-CORRIDORUSfalse
              39.188.163.203
              		unknownChina
              		56041CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationCfalse
              63.255.73.32
              		unknownUnited States
              		7029WINDSTREAMUSfalse
              76.4.235.154
              		unknownUnited States
              		209CENTURYLINK-US-LEGACY-QWESTUSfalse
              129.49.188.202
              		unknownUnited States
              		5719SUNYSBUSfalse
              156.124.147.111
              		unknownUnited States
              		393504XNSTGCAfalse
              183.1.94.120
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              130.107.97.233
              		unknownUnited States
              		30SRI-AICNETUSfalse
              190.10.105.36
              		unknownCosta Rica
              		11830InstitutoCostarricensedeElectricidadyTelecomCRfalse
              141.249.35.45
              		unknownSwitzerland
              		559SWITCHPeeringrequestspeeringswitchchEUfalse
              191.27.216.180
              		unknownBrazil
              		26599TELEFONICABRASILSABRfalse
              173.45.88.166
              		unknownUnited States
              		10297ENET-2USfalse
              95.29.14.199
              		unknownRussian Federation
              		8402CORBINA-ASOJSCVimpelcomRUfalse
              141.194.211.199
              		unknownFrance
              		3215FranceTelecom-OrangeFRfalse
              80.154.177.192
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              169.74.17.62
              		unknownUnited States
              		37611AfrihostZAfalse
              173.213.255.221
              		unknownUnited States
              		6130AIS-WESTUSfalse
              37.220.16.93
              		unknownUnited Kingdom
              		20860IOMART-ASGBfalse
              110.229.133.172
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              73.36.184.226
              		unknownUnited States
              		7922COMCAST-7922USfalse
              187.226.12.43
              		unknownMexico
              		8151UninetSAdeCVMXfalse
              223.24.215.96
              		unknownThailand
              		7470TRUEINTERNET-AS-APTRUEINTERNETCoLtdTHfalse
              195.189.97.168
              		unknownLithuania
              		59642CHERRYSERVERS2-ASLTfalse
              169.106.1.81
              		unknownUnited States
              		37611AfrihostZAfalse
              90.141.14.164
              		unknownSweden
              		2119TELENOR-NEXTELTelenorNorgeASNOfalse
              212.198.158.88
              		unknownFrance
              		21502ASN-NUMERICABLEFRfalse
              182.127.195.29
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              62.137.142.218
              		unknownUnited Kingdom
              		12337NORIS-NETWORKITServiceProviderlocatedinNuernbergGermfalse
              219.158.227.86
              		unknownChina
              		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
              187.183.39.5
              		unknownBrazil
              		28573CLAROSABRfalse
              147.12.222.5
              		unknownUnited Kingdom
              		201838ASN-COMMUNITYFIBREGBfalse
              164.71.189.136
              		unknownJapan2510INFOWEBFUJITSULIMITEDJPfalse
              79.246.126.247
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              189.207.91.14
              		unknownMexico
              		6503AxtelSABdeCVMXfalse
              86.184.165.197
              		unknownUnited Kingdom
              		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
              199.117.111.48
              		unknownUnited States
              		26819TOIBGP1USfalse
              121.15.186.182
              		unknownChina
              		58466CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNfalse
              99.179.58.217
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              170.249.28.54
              		unknownUnited States
              		46208PFNL-ASNUSfalse
              110.12.142.194
              		unknownKorea Republic of
              		9318SKB-ASSKBroadbandCoLtdKRtrue
              46.12.7.13
              		unknownGreece
              		1241FORTHNET-GRForthnetEUfalse
              204.134.225.188
              		unknownUnited States
              		17380PROJ-MUT-TELUSfalse
              72.106.171.198
              		unknownUnited States
              		22394CELLCOUSfalse
              201.116.34.142
              		unknownMexico
              		8151UninetSAdeCVMXfalse
              94.252.222.15
              		unknownSyrian Arab Republic
              		29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
              161.13.166.242
              		unknownUnited States
              		14351SOUTHWESTERN-EDUUSfalse
              98.244.162.230
              		unknownUnited States
              		7922COMCAST-7922USfalse
              89.47.85.218
              		unknownSyrian Arab Republic
              		29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
              218.87.200.152
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              97.208.169.168
              		unknownUnited States
              		6167CELLCO-PARTUSfalse
              84.239.60.225
              		unknownRomania
              		5541ADNET-TELECOMROfalse
              116.226.86.236
              		unknownChina
              		4812CHINANET-SH-APChinaTelecomGroupCNfalse
              178.252.201.48
              		unknownRussian Federation
              		24689ROSINTEL-ASRUfalse
              183.34.226.62
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              32.20.49.106
              		unknownUnited States
              		2686ATGS-MMD-ASUSfalse
              62.248.99.166
              		unknownTurkey
              		9121TTNETTRfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              daisy.ubuntu.comx86Get hashmaliciousBrowse
              • 162.213.33.132
              armGet hashmaliciousBrowse
              • 162.213.33.108
              armGet hashmaliciousBrowse
              • 162.213.33.132
              x86Get hashmaliciousBrowse
              • 162.213.33.108
              arm7Get hashmaliciousBrowse
              • 162.213.33.132
              Filecoder.Hive_linux.binGet hashmaliciousBrowse
              • 162.213.33.108
              yFbmGHoONEGet hashmaliciousBrowse
              • 162.213.33.108
              zju8TB277lGet hashmaliciousBrowse
              • 162.213.33.108
              JYWllP5wHPGet hashmaliciousBrowse
              • 162.213.33.108
              uwgXkY20gBGet hashmaliciousBrowse
              • 162.213.33.108
              arm7Get hashmaliciousBrowse
              • 162.213.33.108
              armGet hashmaliciousBrowse
              • 162.213.33.132
              x86Get hashmaliciousBrowse
              • 162.213.33.132
              FWsCarsq8QGet hashmaliciousBrowse
              • 162.213.33.108
              x86Get hashmaliciousBrowse
              • 162.213.33.108
              arm7Get hashmaliciousBrowse
              • 162.213.33.132
              armGet hashmaliciousBrowse
              • 162.213.33.132
              7qvn4qlmi3Get hashmaliciousBrowse
              • 162.213.33.132
              JuofJwjQMTGet hashmaliciousBrowse
              • 162.213.33.108
              GRPVtMlbK5Get hashmaliciousBrowse
              • 162.213.33.108

              ASN

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              MAROCCONNECTMASQFoFeC1jQGet hashmaliciousBrowse
              • 197.145.41.202
              NEaRhAVeo9Get hashmaliciousBrowse
              • 197.144.26.138
              Hilix.arm7Get hashmaliciousBrowse
              • 197.144.115.203
              x86Get hashmaliciousBrowse
              • 105.71.60.181
              x86_64Get hashmaliciousBrowse
              • 105.64.212.1
              U1WRbn3wOaGet hashmaliciousBrowse
              • 197.144.115.243
              b3astmode.x86Get hashmaliciousBrowse
              • 105.77.187.180
              JYWllP5wHPGet hashmaliciousBrowse
              • 197.146.254.217
              GRPVtMlbK5Get hashmaliciousBrowse
              • 197.144.26.151
              armGet hashmaliciousBrowse
              • 197.144.163.105
              7vmT7Q2se0Get hashmaliciousBrowse
              • 105.71.48.24
              UCelJ4imjHGet hashmaliciousBrowse
              • 105.64.212.3
              B2WBaqkm8kGet hashmaliciousBrowse
              • 105.73.29.133
              x86.lightGet hashmaliciousBrowse
              • 197.144.115.246
              arm.lightGet hashmaliciousBrowse
              • 41.137.188.218
              KEgx4lC3NiGet hashmaliciousBrowse
              • 197.144.26.132
              JOKLVsEL8uGet hashmaliciousBrowse
              • 105.69.125.132
              jew.arm7Get hashmaliciousBrowse
              • 105.77.187.192
              sMzJ1RKrK6Get hashmaliciousBrowse
              • 105.77.76.129
              b3astmode.x86Get hashmaliciousBrowse
              • 105.75.71.106
              UPHSUSDvwfkRaTRoGet hashmaliciousBrowse
              • 170.213.1.18
              P82zcbRMNtGet hashmaliciousBrowse
              • 170.212.233.216
              auzkesGet hashmaliciousBrowse
              • 170.213.66.14
              WmEErPtdS9Get hashmaliciousBrowse
              • 170.213.42.63
              eNrYzJWFvBGet hashmaliciousBrowse
              • 170.212.121.43
              bqrHRKVNodGet hashmaliciousBrowse
              • 170.214.183.91
              hWT9RJDotDGet hashmaliciousBrowse
              • 170.213.91.12
              x86.lightGet hashmaliciousBrowse
              • 170.213.91.17
              JOKLVsEL8uGet hashmaliciousBrowse
              • 170.214.195.73
              l0uZkpwjxyGet hashmaliciousBrowse
              • 170.212.121.54
              666.arm7Get hashmaliciousBrowse
              • 170.212.121.51
              666.armGet hashmaliciousBrowse
              • 170.212.121.65
              K3h3TPEpzeGet hashmaliciousBrowse
              • 170.212.121.63
              3FjsOtbeXqGet hashmaliciousBrowse
              • 170.212.121.72
              LRLZJUXBPkGet hashmaliciousBrowse
              • 170.213.17.21
              1UK4uee6IrGet hashmaliciousBrowse
              • 170.212.121.55
              tW7pu9B8A0Get hashmaliciousBrowse
              • 170.212.145.242
              DDy9cpZuI8Get hashmaliciousBrowse
              • 170.214.158.52
              Y3A7DmxPYoGet hashmaliciousBrowse
              • 170.212.169.32
              Vc750ym6VOGet hashmaliciousBrowse
              • 170.213.66.26

              JA3 Fingerprints

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              8662467bc96db2d387755570446a7946Filecoder.Hive_linux.binGet hashmaliciousBrowse
              • 162.213.33.108
              mirai.armGet hashmaliciousBrowse
              • 162.213.33.108
              2j7dEG022bGet hashmaliciousBrowse
              • 162.213.33.108
              sora.arm7Get hashmaliciousBrowse
              • 162.213.33.108
              sora.x86Get hashmaliciousBrowse
              • 162.213.33.108
              sora.armGet hashmaliciousBrowse
              • 162.213.33.108
              EHqBakwhNUGet hashmaliciousBrowse
              • 162.213.33.108
              vq0sPlNJDKGet hashmaliciousBrowse
              • 162.213.33.108
              w07UCYGzBeGet hashmaliciousBrowse
              • 162.213.33.108
              Rry5mHEWuHGet hashmaliciousBrowse
              • 162.213.33.108
              ofgE8wetW4Get hashmaliciousBrowse
              • 162.213.33.108
              0bqzNIp9PVGet hashmaliciousBrowse
              • 162.213.33.108
              yjJXz4a3u6Get hashmaliciousBrowse
              • 162.213.33.108
              g3wyMOTecEGet hashmaliciousBrowse
              • 162.213.33.108
              7k6FKvDl0xGet hashmaliciousBrowse
              • 162.213.33.108
              KSzA1ujvlVGet hashmaliciousBrowse
              • 162.213.33.108
              y66dLhUn0GGet hashmaliciousBrowse
              • 162.213.33.108
              5j9ZIHs8fDGet hashmaliciousBrowse
              • 162.213.33.108
              1isequal9.arm7Get hashmaliciousBrowse
              • 162.213.33.108
              1isequal9.x86Get hashmaliciousBrowse
              • 162.213.33.108

              Dropped Files

              No context

              Created / dropped Files

              /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):10
              Entropy (8bit):2.9219280948873623
              Encrypted:false
              SSDEEP:3:5bkPn:pkP
              MD5:FF001A15CE15CF062A3704CEA2991B5F
              SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
              SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
              SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview: auto_null.
              /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):18
              Entropy (8bit):3.4613201402110088
              Encrypted:false
              SSDEEP:3:5bkrIZsXvn:pkckv
              MD5:28FE6435F34B3367707BB1C5D5F6B430
              SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
              SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
              SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview: auto_null.monitor.
              /proc/5309/oom_score_adj
              Process:/usr/sbin/sshd
              File Type:ASCII text
              Category:dropped
              Size (bytes):6
              Entropy (8bit):1.7924812503605778
              Encrypted:false
              SSDEEP:3:ptn:Dn
              MD5:CBF282CC55ED0792C33D10003D1F760A
              SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
              SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
              SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
              Malicious:false
              Reputation:high, very likely benign file
              Preview: -1000.
              /proc/5354/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview: 0
              /proc/5357/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview: 0
              /proc/5359/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview: 0
              /proc/5361/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview: 0
              /proc/5363/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5365/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5368/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5510/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5540/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5543/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5545/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5547/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5549/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5551/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5554/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5862/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/5934/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/6096/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /proc/6165/oom_score_adj
              Process:/usr/bin/dbus-daemon
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:CFCD208495D565EF66E7DFF9F98764DA
              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
              Malicious:false
              Preview: 0
              /run/sshd.pid
              Process:/usr/sbin/sshd
              File Type:ASCII text
              Category:dropped
              Size (bytes):5
              Entropy (8bit):2.321928094887362
              Encrypted:false
              SSDEEP:3:DVcv:Je
              MD5:67C6C7A19AD77C7A022F3CA0F47B5DC1
              SHA1:B20FED7048E1ED1D30F1FC309347CCD80D323D10
              SHA-256:645DEDF45F2201B624D44BA9389274520328A9D16568BBE99B0CD60F675E5B23
              SHA-512:A2F6C519536D91C5EC081DDF2522DA04A121868B005CFB89E074000D4A4A43907B3F87B144133D6FA8BF29C3E59DC95985653F659D0F72EE9149C66AFB00F229
              Malicious:false
              Preview: 5309.
              /run/user/1000/pulse/pid
              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):5
              Entropy (8bit):1.9219280948873623
              Encrypted:false
              SSDEEP:3:ESn:ES
              MD5:01895904E99DFA92AE03CD54B4FBC6FB
              SHA1:C38A1109FF3907ACFC3163B6C90629159D2AFCAF
              SHA-256:B6E80AFF395E6420FC6A40066BB683EB0AF0DC336428F54DD533BAFC1359603E
              SHA-512:92E9461FF816D59D2AF7BA04A8E8FD1A941CE754C3BC956999E67C1CDBB3271CFE7AE0AF9603935F09EFA4B58878DCF489EC532B48D190B0070409E9F018FF9A
              Malicious:false
              Preview: 5414.
              /run/user/127/ICEauthority
              Process:/usr/libexec/gnome-session-binary
              File Type:data
              Category:dropped
              Size (bytes):1304
              Entropy (8bit):5.971492084482531
              Encrypted:false
              SSDEEP:12:OxPinYPMveY+inYKxPbo0eveY+bxaxP5mhijveY+5tWmxPwWoveY+wcZVveY+wYN:dLg07MwqrY5+u0
              MD5:103AC039CA34E1FCAD294A4B16997227
              SHA1:12E91CF7107A182DA4DD3BDF1DB9DD3DEEE09974
              SHA-256:57B896B8D33C6B2A509779E049A940F205066278F281E2E28D72499F71039E65
              SHA-512:FF81DBAD664C2ED1FC6915EC6C819953BBA6A8E3E22D7606AA58EABD504C41D82802A14E6C395BE110CD5DF767F40376F40B08EE2C118E27F4673D270F6AEB88
              Malicious:false
              Preview: ..XSMP...!unix/galassia:/tmp/.ICE-unix/5455..MIT-MAGIC-COOKIE-1....f.9.T.........XSMP...#local/galassia:@/tmp/.ICE-unix/5455..MIT-MAGIC-COOKIE-1...[./.u?X.F..."....ICE...!unix/galassia:/tmp/.ICE-unix/5350..MIT-MAGIC-COOKIE-1...X...nU..........ICE...#local/galassia:@/tmp/.ICE-unix/5350..MIT-MAGIC-COOKIE-1....vd,M89.g.R..D...XSMP...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1...p.......A.9%..XSMP...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....o.(R...}.9...ICE...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...w$....^.'fI..1..ICE...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...^f........E..c..XSMP...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1... ......Y...@.t...XSMP...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...#...,.:B.o......ICE...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1..N..yte|4yXJ...Mf..ICE...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....cN.....N+..$..XSMP...#local/galass
              /run/user/127/dconf/user
              Process:/usr/libexec/gsd-power
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3::
              MD5:93B885ADFE0DA089CDF634904FD59F71
              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
              Malicious:false
              Preview: .
              /run/user/127/gdm/Xauthority
              Process:/usr/lib/gdm3/gdm-x-session
              File Type:X11 Xauthority data
              Category:dropped
              Size (bytes):104
              Entropy (8bit):5.0217563256604105
              Encrypted:false
              SSDEEP:3:rg/WFllasO93UAa9WFllasO93Ul:rg/WFl2kAa9WFl2kl
              MD5:78C15B5CA0F46184CA853F3B6F026C10
              SHA1:4E34A81DECA4EB927F28F630B530007168BEEFC7
              SHA-256:C58D2AF355F230BC5848CB15D53CFF99C5D4430DBD20582D76B948DB539F400C
              SHA-512:F2571326097E91BF5CE2269208134BE408669D40119ED01EC6C62C5DCDE306A9B7FCBB6D95AE52E8FF1ED4E41EF62284DDAF9282344CEF82A79CCC6B40BDF791
              Malicious:false
              Preview: ....galassia....MIT-MAGIC-COOKIE-1..m...k....B.........galassia....MIT-MAGIC-COOKIE-1..m...k....B.....
              /run/user/127/pulse/pid
              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):5
              Entropy (8bit):2.321928094887362
              Encrypted:false
              SSDEEP:3:Ilv:Ilv
              MD5:47F88514E1FCFA836614BA96A8E1C5BF
              SHA1:751DC412C22BB5737961269C7D901F78BBA94BF5
              SHA-256:8C726B4FAEDFB4F2FF9B430181FD654C91E39F20AA6F2F9571CD649A0CE24AA6
              SHA-512:E92BDAC552DCEAF7FD0C608576E207192FE8C01CA50EA8552266BB8847813DE84CADB28FD766EC31A8BA24F0D9B98484FCFCC29AC36BED3115B0780233E106FB
              Malicious:false
              Preview: 5873.
              /tmp/server-0.xkm
              Process:/usr/bin/xkbcomp
              File Type:Unknown
              Category:dropped
              Size (bytes):12060
              Entropy (8bit):4.8492493153178975
              Encrypted:false
              SSDEEP:192:tDyb2zOmnECQmwTVFfLaSLus4UVcqLkjoqdD//HJeCQ1+JdDx0s2T:tDyAxvYhFf+S6tUzmp7/1MJ
              MD5:B4E3EB0B8B6B0FC1F46740C573E18D86
              SHA1:7D35426357695EBA77850757E8939A62DCEFF2D1
              SHA-256:7951135CC89A6E89493E3A9997C3D9054439459F8BFCE3DDEC76B943DA79FA91
              SHA-512:8196A23E2B5E525A5581562A2D7F2EE4FF5B694FEF3E218206D52EA9BFE80600BB0C6AA8968CA58E93E1AAD478FA05E157D08DB6D4D1224DDEA6754E377BE001
              Malicious:false
              Preview: .mkx..............D.......................h.......<.....P.@%.......&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18
              /var/cache/motd-news
              Process:/usr/bin/cut
              File Type:ASCII text
              Category:dropped
              Size (bytes):191
              Entropy (8bit):4.515771857099866
              Encrypted:false
              SSDEEP:3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
              MD5:DD514F892B5F93ED615D366E58AC58AF
              SHA1:BA75EDB3C2232CC260BC187F604DC8F25AA72C11
              SHA-256:F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF
              SHA-512:9150BDE63F6C4850C5340D8877892B4D9BBF9EBDC98CDCF557A93FA304C1222CEE446418F5BE2ACCDBF38393778AFA5D4F3EDCB37A47BF57D3A4B2DEAD42A2D0
              Malicious:false
              Preview: * Super-optimized for small spaces - read how we shrank the memory. footprint of MicroK8s to make it the smallest full K8s around... https://ubuntu.com/blog/microk8s-memory-optimisation.
              /var/lib/AccountsService/users/gdm.G9YJC1
              Process:/usr/lib/accountsservice/accounts-daemon
              File Type:ASCII text
              Category:dropped
              Size (bytes):61
              Entropy (8bit):4.66214589518167
              Encrypted:false
              SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
              MD5:542BA3FB41206AE43928AF1C5E61FEBC
              SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
              SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
              SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
              Malicious:false
              Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
              /var/lib/AccountsService/users/gdm.WH5PC1
              Process:/usr/lib/accountsservice/accounts-daemon
              File Type:ASCII text
              Category:dropped
              Size (bytes):61
              Entropy (8bit):4.66214589518167
              Encrypted:false
              SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
              MD5:542BA3FB41206AE43928AF1C5E61FEBC
              SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
              SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
              SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
              Malicious:false
              Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
              /var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
              Process:/usr/bin/ibus-daemon
              File Type:ASCII text
              Category:dropped
              Size (bytes):381
              Entropy (8bit):5.184925060132627
              Encrypted:false
              SSDEEP:6:SbF4b2sONeZVkSoQ65EfqFFAU+qmnQT23msRvkTFacecf8h/zKLGWW1ohX4pA19H:q5sU3LWfLUDmQymqSFbfomSHohGAfH
              MD5:6C30425EBF0424831BB890F37511D738
              SHA1:635DBBF50FAD07A2858021FA291DC72D1A07FCA8
              SHA-256:556526E5305217FB12DB458CC145C0A31A71353C761580FC1C92863BAEA37A00
              SHA-512:956C9B9A926975925F644931AEA56670ED1DC0864094E98F3CF4E238361DD56D35A4230DDD8DC5A9488AEA56CD93B4F9E8BCD270DFF756FFF75A05509CC0705E
              Malicious:false
              Preview: # This file is created by ibus-daemon, please do not modify it..# This file allows processes on the machine to find the.# ibus session bus with the below address..# If the IBUS_ADDRESS environment variable is set, it will.# be used rather than this file..IBUS_ADDRESS=unix:abstract=/var/lib/gdm3/.cache/ibus/dbus-MXBrP39k,guid=8e502356918246cb6e477da7618b4903.IBUS_DAEMON_PID=5609.
              /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
              Process:/usr/bin/pulseaudio
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:v:v
              MD5:68B329DA9893E34099C7D8AD5CB9C940
              SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
              SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
              SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
              Malicious:false
              Preview: .
              /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
              Process:/usr/bin/pulseaudio
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:v:v
              MD5:68B329DA9893E34099C7D8AD5CB9C940
              SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
              SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
              SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
              Malicious:false
              Preview: .
              /var/lib/whoopsie/whoopsie-id.Y8U6B1
              Process:/usr/bin/whoopsie
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):128
              Entropy (8bit):3.9410969045919657
              Encrypted:false
              SSDEEP:3:19y6UTAvBTdDVEQcNgAT0XUQhd3tjCZccCKcsVQWQ7JW:3y6BlVEfQXU8djCZd40
              MD5:D2B5AAF22916F8D6665CF9E835EAD5E7
              SHA1:AAEF3CE527B8F1E3733BCD03EF7A6C0F30881E15
              SHA-256:FEB925D4465BF6D30A42B19112406AD1B59BA90673DC4F91B25005A90FEFEB36
              SHA-512:B55A45FA0DECE5A3B0348BC3F3031A7329590E57BAD5013690AFEAA9825C0DE4B75D27057A56C33800F1626935840DA2262AAF14E795C75F39362B728D95F18A
              Malicious:false
              Preview: 9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e
              /var/log/Xorg.0.log
              Process:/usr/lib/xorg/Xorg
              File Type:ASCII text
              Category:dropped
              Size (bytes):41347
              Entropy (8bit):5.287066635729438
              Encrypted:false
              SSDEEP:384:XpgBwlDvMnd4did2dPdyd8dddIdjdgdRdFdhdTdndAdBd4dWd0dcDdZvdc2d+d7B:ZgBUY7wSiUj/WvMqOjf5kH
              MD5:51F3496C1A34781D172A478206DE9F93
              SHA1:513E4689FBFC01EAC87C040DAECC53F0C1F85D24
              SHA-256:0CC6FC9FE92F582ACBDD1784F817D6669272D52034683514BDAA9019F12D723F
              SHA-512:E74695AC0AFC539EAC11F329CA650918403AB396C27E1E2BE9CF75CB634BD69D8F7ED1BAC4C0DF5CAF16E460A4F8F83BBD7E1E4D1A61DC1FD24462BA05EC7CC0
              Malicious:false
              Preview: [ 484.220] (--) Log file renamed from "/var/log/Xorg.pid-5407.log" to "/var/log/Xorg.0.log".[ 484.245] .X.Org X Server 1.20.11.X Protocol Version 11, Revision 0.[ 484.255] Build Operating System: linux Ubuntu.[ 484.261] Current Operating System: Linux galassia 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64.[ 484.268] Kernel command line: Patched by Joe: BOOT_IMAGE=/vmlinuz-5.4.0-72-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro maybe-ubiquity.[ 484.285] Build Date: 06 July 2021 10:17:51AM.[ 484.290] xorg-server 2:1.20.11-1ubuntu1~20.04.2 (For technical support please see http://www.ubuntu.com/support) .[ 484.296] Current version of pixman: 0.38.4.[ 484.302] .Before reporting problems, check http://wiki.x.org..to make sure that you have the latest version..[ 484.316] Markers: (--) probed, (**) from config file, (==) default setting,..(++) from command line, (!!) notice, (II) informational,..(WW) warning, (EE) error, (NI) not implemented, (??)

              Static File Info

              General

              File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, stripped
              Entropy (8bit):7.986206825808691
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:arm7
              File size:64528
              MD5:18e0a7425fa5b743bb6dd7002a71cfcc
              SHA1:32fb441007353ad30ae7c10c7e1368686c999d3c
              SHA256:ac4582bf75332e1b51b11e1dcaa362e5fa933bf13497bab1da64079dab0c1d6f
              SHA512:766ce70e1936af18117aae83c4586f46757244bca8d8f41895403931dee8ae34a597ebec5b76639cb06a3a6f1ad99f1e4b48afecfdfbdea452a7f526c5086771
              SSDEEP:1536:aTOic71ErNWpa9I9pH5KjkyIiUEBMHLc7fOhx68R4TLg:ztE63skXEBmLc7fOH6i4ng
              File Content Preview:.ELF..............(......$..4...........4. ...(.........................................x...x...x...................Q.td...............................aUPX!....................l..........?.E.h;....#..$...o.....b..~B.*...5N&"a....#R.a..a..,..C....g...k.'..

              Static ELF Info

              ELF header

              Class:ELF32
              Data:2's complement, little endian
              Version:1 (current)
              Machine:ARM
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - Linux
              ABI Version:0
              Entry Point Address:0x124d8
              Flags:0x4000002
              ELF Header Size:52
              Program Header Offset:52
              Program Header Size:32
              Number of Program Headers:3
              Section Header Offset:0
              Section Header Size:40
              Number of Section Headers:0
              Header String Table Index:0

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x80000x80000xb6c50xb6c54.04450x5R E0x8000
              LOAD0x8780x308780x308780x00x00.00000x6RW 0x8000
              GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Nov 10, 2021 04:20:29.605710030 CET4272723192.168.2.2373.63.79.59
              Nov 10, 2021 04:20:29.605789900 CET4272723192.168.2.23177.99.7.54
              Nov 10, 2021 04:20:29.605806112 CET4272723192.168.2.2361.253.77.41
              Nov 10, 2021 04:20:29.605804920 CET4272723192.168.2.23120.25.196.209
              Nov 10, 2021 04:20:29.605806112 CET4272723192.168.2.23200.224.244.59
              Nov 10, 2021 04:20:29.605823994 CET4272723192.168.2.2338.89.55.46
              Nov 10, 2021 04:20:29.605824947 CET4272723192.168.2.23209.163.89.194
              Nov 10, 2021 04:20:29.605834007 CET4272723192.168.2.23109.237.51.10
              Nov 10, 2021 04:20:29.605850935 CET4272723192.168.2.2363.95.228.224
              Nov 10, 2021 04:20:29.605851889 CET4272723192.168.2.23155.170.130.172
              Nov 10, 2021 04:20:29.605859041 CET4272723192.168.2.2313.174.147.226
              Nov 10, 2021 04:20:29.605884075 CET4272723192.168.2.23103.104.192.96
              Nov 10, 2021 04:20:29.605885029 CET4272723192.168.2.2379.111.115.25
              Nov 10, 2021 04:20:29.605890036 CET4272723192.168.2.2395.1.147.97
              Nov 10, 2021 04:20:29.605917931 CET4272723192.168.2.23113.124.157.95
              Nov 10, 2021 04:20:29.605917931 CET4272723192.168.2.23150.211.222.31
              Nov 10, 2021 04:20:29.605931997 CET4272723192.168.2.234.52.253.58
              Nov 10, 2021 04:20:29.605961084 CET4272723192.168.2.2331.66.196.192
              Nov 10, 2021 04:20:29.605963945 CET4272723192.168.2.2342.250.3.112
              Nov 10, 2021 04:20:29.605993986 CET4272723192.168.2.23205.180.9.144
              Nov 10, 2021 04:20:29.606003046 CET4272723192.168.2.23140.169.223.189
              Nov 10, 2021 04:20:29.606014967 CET4272723192.168.2.23148.180.221.164
              Nov 10, 2021 04:20:29.606041908 CET4272723192.168.2.23149.167.10.63
              Nov 10, 2021 04:20:29.606043100 CET4272723192.168.2.23101.236.119.185
              Nov 10, 2021 04:20:29.606059074 CET4272723192.168.2.23209.30.28.229
              Nov 10, 2021 04:20:29.606061935 CET4272723192.168.2.2361.110.117.177
              Nov 10, 2021 04:20:29.606065989 CET4272723192.168.2.23176.56.85.110
              Nov 10, 2021 04:20:29.606067896 CET4272723192.168.2.23118.212.24.179
              Nov 10, 2021 04:20:29.606081963 CET4272723192.168.2.2391.10.203.140
              Nov 10, 2021 04:20:29.606134892 CET4272723192.168.2.23222.35.245.96
              Nov 10, 2021 04:20:29.606143951 CET4272723192.168.2.2348.253.72.178
              Nov 10, 2021 04:20:29.606144905 CET4272723192.168.2.2340.108.44.125
              Nov 10, 2021 04:20:29.606192112 CET4272723192.168.2.2343.122.79.244
              Nov 10, 2021 04:20:29.606194019 CET4272723192.168.2.23151.95.130.213
              Nov 10, 2021 04:20:29.606209993 CET4272723192.168.2.2358.214.87.204
              Nov 10, 2021 04:20:29.606276035 CET4272723192.168.2.23202.184.218.33
              Nov 10, 2021 04:20:29.606276989 CET4272723192.168.2.23134.229.195.208
              Nov 10, 2021 04:20:29.606286049 CET4272723192.168.2.23107.249.56.132
              Nov 10, 2021 04:20:29.606296062 CET4272723192.168.2.23200.61.115.230
              Nov 10, 2021 04:20:29.606297016 CET4272723192.168.2.23124.27.214.210
              Nov 10, 2021 04:20:29.606297970 CET4272723192.168.2.2347.105.90.30
              Nov 10, 2021 04:20:29.606306076 CET4272723192.168.2.23101.104.76.244
              Nov 10, 2021 04:20:29.606308937 CET4272723192.168.2.23185.252.24.3
              Nov 10, 2021 04:20:29.606327057 CET4272723192.168.2.2399.31.245.205
              Nov 10, 2021 04:20:29.606384993 CET4272723192.168.2.23111.46.6.165
              Nov 10, 2021 04:20:29.606399059 CET4272723192.168.2.23145.209.10.175
              Nov 10, 2021 04:20:29.606400013 CET4272723192.168.2.23193.199.105.50
              Nov 10, 2021 04:20:29.606403112 CET4272723192.168.2.2344.153.128.70
              Nov 10, 2021 04:20:29.606404066 CET4272723192.168.2.23157.48.244.152
              Nov 10, 2021 04:20:29.606408119 CET4272723192.168.2.23125.162.234.146
              Nov 10, 2021 04:20:29.606421947 CET4272723192.168.2.23220.193.217.115
              Nov 10, 2021 04:20:29.606441021 CET4272723192.168.2.2361.135.224.116
              Nov 10, 2021 04:20:29.606453896 CET4272723192.168.2.2388.135.211.241
              Nov 10, 2021 04:20:29.606472969 CET4272723192.168.2.23104.168.106.242
              Nov 10, 2021 04:20:29.606477976 CET4272723192.168.2.23219.114.56.28
              Nov 10, 2021 04:20:29.606489897 CET4272723192.168.2.23187.241.244.60
              Nov 10, 2021 04:20:29.606493950 CET4272723192.168.2.23132.134.57.116
              Nov 10, 2021 04:20:29.606574059 CET4272723192.168.2.2368.109.61.110
              Nov 10, 2021 04:20:29.606575966 CET4272723192.168.2.23157.175.71.253
              Nov 10, 2021 04:20:29.606581926 CET4272723192.168.2.23201.86.38.237
              Nov 10, 2021 04:20:29.606597900 CET4272723192.168.2.23132.60.241.165
              Nov 10, 2021 04:20:29.606688023 CET4272723192.168.2.238.245.16.67
              Nov 10, 2021 04:20:29.606690884 CET4272723192.168.2.2335.33.251.138
              Nov 10, 2021 04:20:29.606692076 CET4272723192.168.2.2377.90.186.234
              Nov 10, 2021 04:20:29.606693029 CET4272723192.168.2.23174.9.95.242
              Nov 10, 2021 04:20:29.606693983 CET4272723192.168.2.2373.222.99.229
              Nov 10, 2021 04:20:29.606695890 CET4272723192.168.2.23148.146.142.123
              Nov 10, 2021 04:20:29.606704950 CET4272723192.168.2.2384.63.43.124
              Nov 10, 2021 04:20:29.606713057 CET4272723192.168.2.2334.255.179.54
              Nov 10, 2021 04:20:29.606714010 CET4272723192.168.2.23185.139.70.32
              Nov 10, 2021 04:20:29.606714964 CET4272723192.168.2.2339.138.178.240
              Nov 10, 2021 04:20:29.606717110 CET4272723192.168.2.23134.146.206.66
              Nov 10, 2021 04:20:29.606720924 CET4272723192.168.2.2318.64.221.42
              Nov 10, 2021 04:20:29.606726885 CET4272723192.168.2.2366.191.118.225
              Nov 10, 2021 04:20:29.606728077 CET4272723192.168.2.23118.167.111.38
              Nov 10, 2021 04:20:29.606728077 CET4272723192.168.2.23165.77.130.92
              Nov 10, 2021 04:20:29.606729984 CET4272723192.168.2.2324.208.10.211
              Nov 10, 2021 04:20:29.606729984 CET4272723192.168.2.23202.99.9.195
              Nov 10, 2021 04:20:29.606731892 CET4272723192.168.2.23191.238.46.62
              Nov 10, 2021 04:20:29.606738091 CET4272723192.168.2.23209.116.68.1
              Nov 10, 2021 04:20:29.606738091 CET4272723192.168.2.2332.204.143.96
              Nov 10, 2021 04:20:29.606745005 CET4272723192.168.2.2391.30.49.65
              Nov 10, 2021 04:20:29.606748104 CET4272723192.168.2.2358.14.130.8
              Nov 10, 2021 04:20:29.606751919 CET4272723192.168.2.23160.195.33.201
              Nov 10, 2021 04:20:29.606753111 CET4272723192.168.2.2337.96.72.123
              Nov 10, 2021 04:20:29.606755018 CET4272723192.168.2.23119.32.27.200
              Nov 10, 2021 04:20:29.606760979 CET4272723192.168.2.23220.58.77.252
              Nov 10, 2021 04:20:29.606762886 CET4272723192.168.2.23165.87.22.139
              Nov 10, 2021 04:20:29.606764078 CET4272723192.168.2.23192.242.145.24
              Nov 10, 2021 04:20:29.606771946 CET4272723192.168.2.23129.125.87.211
              Nov 10, 2021 04:20:29.606775045 CET4272723192.168.2.23146.128.6.77
              Nov 10, 2021 04:20:29.606776953 CET4272723192.168.2.2323.49.169.119
              Nov 10, 2021 04:20:29.606781006 CET4272723192.168.2.2357.157.20.234
              Nov 10, 2021 04:20:29.606781960 CET4272723192.168.2.2395.119.249.180
              Nov 10, 2021 04:20:29.606782913 CET4272723192.168.2.2367.143.22.38
              Nov 10, 2021 04:20:29.606792927 CET4272723192.168.2.23145.13.182.223
              Nov 10, 2021 04:20:29.606792927 CET4272723192.168.2.23183.42.59.149
              Nov 10, 2021 04:20:29.606797934 CET4272723192.168.2.23209.91.10.95
              Nov 10, 2021 04:20:29.606802940 CET4272723192.168.2.23110.70.74.61
              Nov 10, 2021 04:20:29.606805086 CET4272723192.168.2.2318.208.9.248

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
              Nov 10, 2021 04:21:13.643590927 CET192.168.2.231.1.1.10x2c3bStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)
              Nov 10, 2021 04:21:13.643702984 CET192.168.2.231.1.1.10x596bStandard query (0)daisy.ubuntu.com28IN (0x0001)
              Nov 10, 2021 04:21:13.735826969 CET192.168.2.231.1.1.10xe44aStandard query (0)daisy.ubuntu.com28IN (0x0001)

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
              Nov 10, 2021 04:21:13.672904968 CET1.1.1.1192.168.2.230x2c3bNo error (0)daisy.ubuntu.com162.213.33.132A (IP address)IN (0x0001)
              Nov 10, 2021 04:21:13.672904968 CET1.1.1.1192.168.2.230x2c3bNo error (0)daisy.ubuntu.com162.213.33.108A (IP address)IN (0x0001)

              System Behavior

              Analysis Process: dash PID: 5209 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: cat PID: 5209 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/cat
              Arguments:cat /tmp/tmp.F8yqW15XWY
              File size:43416 bytes
              MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

              Analysis Process: dash PID: 5210 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: head PID: 5210 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/head
              Arguments:head -n 10
              File size:47480 bytes
              MD5 hash:fd96a67145172477dd57131396fc9608

              Analysis Process: dash PID: 5211 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: tr PID: 5211 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/tr
              Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
              File size:51544 bytes
              MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

              Analysis Process: dash PID: 5212 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: cut PID: 5212 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/cut
              Arguments:cut -c -80
              File size:47480 bytes
              MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

              Analysis Process: dash PID: 5213 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: cat PID: 5213 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/cat
              Arguments:cat /tmp/tmp.F8yqW15XWY
              File size:43416 bytes
              MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

              Analysis Process: dash PID: 5214 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: head PID: 5214 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/head
              Arguments:head -n 10
              File size:47480 bytes
              MD5 hash:fd96a67145172477dd57131396fc9608

              Analysis Process: dash PID: 5215 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: tr PID: 5215 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/tr
              Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
              File size:51544 bytes
              MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

              Analysis Process: dash PID: 5216 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: cut PID: 5216 Parent PID: 4331

              General

              Start time:04:20:23
              Start date:10/11/2021
              Path:/usr/bin/cut
              Arguments:cut -c -80
              File size:47480 bytes
              MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

              Analysis Process: dash PID: 5219 Parent PID: 4331

              General

              Start time:04:20:24
              Start date:10/11/2021
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: rm PID: 5219 Parent PID: 4331

              General

              Start time:04:20:24
              Start date:10/11/2021
              Path:/usr/bin/rm
              Arguments:rm -f /tmp/tmp.F8yqW15XWY /tmp/tmp.FsztahiAst /tmp/tmp.rbFtGPyqdP
              File size:72056 bytes
              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

              Analysis Process: arm7 PID: 5249 Parent PID: 5110

              General

              Start time:04:20:28
              Start date:10/11/2021
              Path:/tmp/arm7
              Arguments:/tmp/arm7
              File size:4956856 bytes
              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

              Analysis Process: arm7 PID: 5251 Parent PID: 5249

              General

              Start time:04:20:28
              Start date:10/11/2021
              Path:/tmp/arm7
              Arguments:n/a
              File size:4956856 bytes
              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

              Analysis Process: arm7 PID: 5252 Parent PID: 5249

              General

              Start time:04:20:28
              Start date:10/11/2021
              Path:/tmp/arm7
              Arguments:n/a
              File size:4956856 bytes
              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

              Analysis Process: arm7 PID: 5256 Parent PID: 5252

              General

              Start time:04:20:28
              Start date:10/11/2021
              Path:/tmp/arm7
              Arguments:n/a
              File size:4956856 bytes
              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

              Analysis Process: arm7 PID: 5258 Parent PID: 5252

              General

              Start time:04:20:28
              Start date:10/11/2021
              Path:/tmp/arm7
              Arguments:n/a
              File size:4956856 bytes
              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

              Analysis Process: arm7 PID: 5260 Parent PID: 5258

              General

              Start time:04:20:28
              Start date:10/11/2021
              Path:/tmp/arm7
              Arguments:n/a
              File size:4956856 bytes
              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

              Analysis Process: systemd PID: 5296 Parent PID: 1

              General

              Start time:04:21:12
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: whoopsie PID: 5296 Parent PID: 1

              General

              Start time:04:21:12
              Start date:10/11/2021
              Path:/usr/bin/whoopsie
              Arguments:/usr/bin/whoopsie -f
              File size:68592 bytes
              MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

              Analysis Process: systemd PID: 5308 Parent PID: 1

              General

              Start time:04:21:16
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: sshd PID: 5308 Parent PID: 1

              General

              Start time:04:21:16
              Start date:10/11/2021
              Path:/usr/sbin/sshd
              Arguments:/usr/sbin/sshd -t
              File size:876328 bytes
              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

              Analysis Process: systemd PID: 5309 Parent PID: 1

              General

              Start time:04:21:16
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: sshd PID: 5309 Parent PID: 1

              General

              Start time:04:21:16
              Start date:10/11/2021
              Path:/usr/sbin/sshd
              Arguments:/usr/sbin/sshd -D
              File size:876328 bytes
              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

              Analysis Process: gdm3 PID: 5314 Parent PID: 1320

              General

              Start time:04:21:23
              Start date:10/11/2021
              Path:/usr/sbin/gdm3
              Arguments:n/a
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Analysis Process: Default PID: 5314 Parent PID: 1320

              General

              Start time:04:21:23
              Start date:10/11/2021
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gdm3 PID: 5318 Parent PID: 1320

              General

              Start time:04:21:23
              Start date:10/11/2021
              Path:/usr/sbin/gdm3
              Arguments:n/a
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Analysis Process: Default PID: 5318 Parent PID: 1320

              General

              Start time:04:21:23
              Start date:10/11/2021
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: systemd PID: 5319 Parent PID: 1

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: accounts-daemon PID: 5319 Parent PID: 1

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/usr/lib/accountsservice/accounts-daemon
              Arguments:/usr/lib/accountsservice/accounts-daemon
              File size:203192 bytes
              MD5 hash:01a899e3fb5e7e434bea1290255a1f30

              Analysis Process: accounts-daemon PID: 5334 Parent PID: 5319

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/usr/lib/accountsservice/accounts-daemon
              Arguments:n/a
              File size:203192 bytes
              MD5 hash:01a899e3fb5e7e434bea1290255a1f30

              Analysis Process: language-validate PID: 5334 Parent PID: 5319

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/usr/share/language-tools/language-validate
              Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: language-validate PID: 5335 Parent PID: 5334

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/usr/share/language-tools/language-validate
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: language-options PID: 5335 Parent PID: 5334

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/usr/share/language-tools/language-options
              Arguments:/usr/share/language-tools/language-options
              File size:3478464 bytes
              MD5 hash:16a21f464119ea7fad1d3660de963637

              Analysis Process: language-options PID: 5336 Parent PID: 5335

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/usr/share/language-tools/language-options
              Arguments:n/a
              File size:3478464 bytes
              MD5 hash:16a21f464119ea7fad1d3660de963637

              Analysis Process: sh PID: 5336 Parent PID: 5335

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:sh -c "locale -a | grep -F .utf8 "
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: sh PID: 5337 Parent PID: 5336

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: locale PID: 5337 Parent PID: 5336

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/usr/bin/locale
              Arguments:locale -a
              File size:58944 bytes
              MD5 hash:c72a78792469db86d91369c9057f20d2

              Analysis Process: sh PID: 5338 Parent PID: 5336

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: grep PID: 5338 Parent PID: 5336

              General

              Start time:04:21:24
              Start date:10/11/2021
              Path:/usr/bin/grep
              Arguments:grep -F .utf8
              File size:199136 bytes
              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

              Analysis Process: gdm3 PID: 5339 Parent PID: 1320

              General

              Start time:04:21:26
              Start date:10/11/2021
              Path:/usr/sbin/gdm3
              Arguments:n/a
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Analysis Process: gdm-session-worker PID: 5339 Parent PID: 1320

              General

              Start time:04:21:26
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-session-worker
              Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
              File size:293360 bytes
              MD5 hash:692243754bd9f38fe9bd7e230b5c060a

              Analysis Process: gdm-session-worker PID: 5343 Parent PID: 5339

              General

              Start time:04:21:28
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-session-worker
              Arguments:n/a
              File size:293360 bytes
              MD5 hash:692243754bd9f38fe9bd7e230b5c060a

              Analysis Process: gdm-wayland-session PID: 5343 Parent PID: 5339

              General

              Start time:04:21:28
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-wayland-session
              Arguments:/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
              File size:76368 bytes
              MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

              Analysis Process: gdm-wayland-session PID: 5348 Parent PID: 5343

              General

              Start time:04:21:28
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-wayland-session
              Arguments:n/a
              File size:76368 bytes
              MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

              Analysis Process: dbus-run-session PID: 5348 Parent PID: 5343

              General

              Start time:04:21:28
              Start date:10/11/2021
              Path:/usr/bin/dbus-run-session
              Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
              File size:14480 bytes
              MD5 hash:245f3ef6a268850b33b0225a8753b7f4

              Analysis Process: dbus-run-session PID: 5349 Parent PID: 5348

              General

              Start time:04:21:28
              Start date:10/11/2021
              Path:/usr/bin/dbus-run-session
              Arguments:n/a
              File size:14480 bytes
              MD5 hash:245f3ef6a268850b33b0225a8753b7f4

              Analysis Process: dbus-daemon PID: 5349 Parent PID: 5348

              General

              Start time:04:21:29
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:dbus-daemon --nofork --print-address 4 --session
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5353 Parent PID: 5349

              General

              Start time:04:21:30
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5354 Parent PID: 5353

              General

              Start time:04:21:30
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5354 Parent PID: 5353

              General

              Start time:04:21:30
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5356 Parent PID: 5349

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5357 Parent PID: 5356

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5357 Parent PID: 5356

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5358 Parent PID: 5349

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5359 Parent PID: 5358

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5359 Parent PID: 5358

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5360 Parent PID: 5349

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5361 Parent PID: 5360

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5361 Parent PID: 5360

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5362 Parent PID: 5349

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5363 Parent PID: 5362

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5363 Parent PID: 5362

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5364 Parent PID: 5349

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5365 Parent PID: 5364

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5365 Parent PID: 5364

              General

              Start time:04:21:31
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5367 Parent PID: 5349

              General

              Start time:04:21:32
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5368 Parent PID: 5367

              General

              Start time:04:21:32
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5368 Parent PID: 5367

              General

              Start time:04:21:32
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-run-session PID: 5350 Parent PID: 5348

              General

              Start time:04:21:29
              Start date:10/11/2021
              Path:/usr/bin/dbus-run-session
              Arguments:n/a
              File size:14480 bytes
              MD5 hash:245f3ef6a268850b33b0225a8753b7f4

              Analysis Process: gnome-session PID: 5350 Parent PID: 5348

              General

              Start time:04:21:29
              Start date:10/11/2021
              Path:/usr/bin/gnome-session
              Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gnome-session-binary PID: 5350 Parent PID: 5348

              General

              Start time:04:21:29
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: gnome-session-binary PID: 5369 Parent PID: 5350

              General

              Start time:04:21:32
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: session-migration PID: 5369 Parent PID: 5350

              General

              Start time:04:21:32
              Start date:10/11/2021
              Path:/usr/bin/session-migration
              Arguments:session-migration
              File size:22680 bytes
              MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

              Analysis Process: gnome-session-binary PID: 5370 Parent PID: 5350

              General

              Start time:04:21:33
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 5370 Parent PID: 5350

              General

              Start time:04:21:33
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gnome-shell PID: 5370 Parent PID: 5350

              General

              Start time:04:21:33
              Start date:10/11/2021
              Path:/usr/bin/gnome-shell
              Arguments:/usr/bin/gnome-shell
              File size:23168 bytes
              MD5 hash:da7a257239677622fe4b3a65972c9e87

              Analysis Process: gdm3 PID: 5398 Parent PID: 1320

              General

              Start time:04:21:37
              Start date:10/11/2021
              Path:/usr/sbin/gdm3
              Arguments:n/a
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Analysis Process: gdm-session-worker PID: 5398 Parent PID: 1320

              General

              Start time:04:21:37
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-session-worker
              Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
              File size:293360 bytes
              MD5 hash:692243754bd9f38fe9bd7e230b5c060a

              Analysis Process: gdm-session-worker PID: 5405 Parent PID: 5398

              General

              Start time:04:21:38
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-session-worker
              Arguments:n/a
              File size:293360 bytes
              MD5 hash:692243754bd9f38fe9bd7e230b5c060a

              Analysis Process: gdm-x-session PID: 5405 Parent PID: 5398

              General

              Start time:04:21:38
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-x-session
              Arguments:/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
              File size:96944 bytes
              MD5 hash:498a824333f1c1ec7767f4612d1887cc

              Analysis Process: gdm-x-session PID: 5407 Parent PID: 5405

              General

              Start time:04:21:38
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-x-session
              Arguments:n/a
              File size:96944 bytes
              MD5 hash:498a824333f1c1ec7767f4612d1887cc

              Analysis Process: Xorg PID: 5407 Parent PID: 5405

              General

              Start time:04:21:38
              Start date:10/11/2021
              Path:/usr/bin/Xorg
              Arguments:/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: Xorg.wrap PID: 5407 Parent PID: 5405

              General

              Start time:04:21:38
              Start date:10/11/2021
              Path:/usr/lib/xorg/Xorg.wrap
              Arguments:/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
              File size:14488 bytes
              MD5 hash:48993830888200ecf19dd7def0884dfd

              Analysis Process: Xorg PID: 5407 Parent PID: 5405

              General

              Start time:04:21:38
              Start date:10/11/2021
              Path:/usr/lib/xorg/Xorg
              Arguments:/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
              File size:2448840 bytes
              MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

              Analysis Process: Xorg PID: 5443 Parent PID: 5407

              General

              Start time:04:21:49
              Start date:10/11/2021
              Path:/usr/lib/xorg/Xorg
              Arguments:n/a
              File size:2448840 bytes
              MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

              Analysis Process: sh PID: 5443 Parent PID: 5407

              General

              Start time:04:21:49
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: sh PID: 5444 Parent PID: 5443

              General

              Start time:04:21:49
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: xkbcomp PID: 5444 Parent PID: 5443

              General

              Start time:04:21:49
              Start date:10/11/2021
              Path:/usr/bin/xkbcomp
              Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
              File size:217184 bytes
              MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

              Analysis Process: Xorg PID: 5866 Parent PID: 5407

              General

              Start time:04:22:28
              Start date:10/11/2021
              Path:/usr/lib/xorg/Xorg
              Arguments:n/a
              File size:2448840 bytes
              MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

              Analysis Process: sh PID: 5866 Parent PID: 5407

              General

              Start time:04:22:28
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: sh PID: 5869 Parent PID: 5866

              General

              Start time:04:22:28
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: xkbcomp PID: 5869 Parent PID: 5866

              General

              Start time:04:22:28
              Start date:10/11/2021
              Path:/usr/bin/xkbcomp
              Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
              File size:217184 bytes
              MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

              Analysis Process: gdm-x-session PID: 5452 Parent PID: 5405

              General

              Start time:04:21:55
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-x-session
              Arguments:n/a
              File size:96944 bytes
              MD5 hash:498a824333f1c1ec7767f4612d1887cc

              Analysis Process: Default PID: 5452 Parent PID: 5405

              General

              Start time:04:21:55
              Start date:10/11/2021
              Path:/etc/gdm3/Prime/Default
              Arguments:/etc/gdm3/Prime/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gdm-x-session PID: 5453 Parent PID: 5405

              General

              Start time:04:21:55
              Start date:10/11/2021
              Path:/usr/lib/gdm3/gdm-x-session
              Arguments:n/a
              File size:96944 bytes
              MD5 hash:498a824333f1c1ec7767f4612d1887cc

              Analysis Process: dbus-run-session PID: 5453 Parent PID: 5405

              General

              Start time:04:21:55
              Start date:10/11/2021
              Path:/usr/bin/dbus-run-session
              Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
              File size:14480 bytes
              MD5 hash:245f3ef6a268850b33b0225a8753b7f4

              Analysis Process: dbus-run-session PID: 5454 Parent PID: 5453

              General

              Start time:04:21:55
              Start date:10/11/2021
              Path:/usr/bin/dbus-run-session
              Arguments:n/a
              File size:14480 bytes
              MD5 hash:245f3ef6a268850b33b0225a8753b7f4

              Analysis Process: dbus-daemon PID: 5454 Parent PID: 5453

              General

              Start time:04:21:55
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:dbus-daemon --nofork --print-address 4 --session
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5509 Parent PID: 5454

              General

              Start time:04:22:07
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5510 Parent PID: 5509

              General

              Start time:04:22:07
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: at-spi-bus-launcher PID: 5510 Parent PID: 5509

              General

              Start time:04:22:07
              Start date:10/11/2021
              Path:/usr/libexec/at-spi-bus-launcher
              Arguments:/usr/libexec/at-spi-bus-launcher
              File size:27008 bytes
              MD5 hash:1563f274acd4e7ba530a55bdc4c95682

              Analysis Process: at-spi-bus-launcher PID: 5515 Parent PID: 5510

              General

              Start time:04:22:07
              Start date:10/11/2021
              Path:/usr/libexec/at-spi-bus-launcher
              Arguments:n/a
              File size:27008 bytes
              MD5 hash:1563f274acd4e7ba530a55bdc4c95682

              Analysis Process: dbus-daemon PID: 5515 Parent PID: 5510

              General

              Start time:04:22:07
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5931 Parent PID: 5515

              General

              Start time:04:22:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5934 Parent PID: 5931

              General

              Start time:04:22:31
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: at-spi2-registryd PID: 5934 Parent PID: 5931

              General

              Start time:04:22:31
              Start date:10/11/2021
              Path:/usr/libexec/at-spi2-registryd
              Arguments:/usr/libexec/at-spi2-registryd --use-gnome-session
              File size:100224 bytes
              MD5 hash:1d904c2693452edebc7ede3a9e24d440

              Analysis Process: dbus-daemon PID: 5539 Parent PID: 5454

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5540 Parent PID: 5539

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5540 Parent PID: 5539

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5542 Parent PID: 5454

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5543 Parent PID: 5542

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5543 Parent PID: 5542

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5544 Parent PID: 5454

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5545 Parent PID: 5544

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5545 Parent PID: 5544

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5546 Parent PID: 5454

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5547 Parent PID: 5546

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5547 Parent PID: 5546

              General

              Start time:04:22:10
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5548 Parent PID: 5454

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5549 Parent PID: 5548

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5549 Parent PID: 5548

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5550 Parent PID: 5454

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5551 Parent PID: 5550

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5551 Parent PID: 5550

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5553 Parent PID: 5454

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5554 Parent PID: 5553

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 5554 Parent PID: 5553

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-daemon PID: 5861 Parent PID: 5454

              General

              Start time:04:22:27
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 5862 Parent PID: 5861

              General

              Start time:04:22:27
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: ibus-portal PID: 5862 Parent PID: 5861

              General

              Start time:04:22:27
              Start date:10/11/2021
              Path:/usr/libexec/ibus-portal
              Arguments:/usr/libexec/ibus-portal
              File size:92536 bytes
              MD5 hash:562ad55bd9a4d54bd7b76746b01e37d3

              Analysis Process: dbus-daemon PID: 6095 Parent PID: 5454

              General

              Start time:04:22:32
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 6096 Parent PID: 6095

              General

              Start time:04:22:32
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: gjs PID: 6096 Parent PID: 6095

              General

              Start time:04:22:32
              Start date:10/11/2021
              Path:/usr/bin/gjs
              Arguments:/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
              File size:23128 bytes
              MD5 hash:5f3eceb792bb65c22f23d1efb4fde3ad

              Analysis Process: dbus-daemon PID: 6163 Parent PID: 5454

              General

              Start time:04:22:47
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: dbus-daemon PID: 6165 Parent PID: 6163

              General

              Start time:04:22:47
              Start date:10/11/2021
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              Analysis Process: false PID: 6165 Parent PID: 6163

              General

              Start time:04:22:47
              Start date:10/11/2021
              Path:/bin/false
              Arguments:/bin/false
              File size:39256 bytes
              MD5 hash:3177546c74e4f0062909eae43d948bfc

              Analysis Process: dbus-run-session PID: 5455 Parent PID: 5453

              General

              Start time:04:21:56
              Start date:10/11/2021
              Path:/usr/bin/dbus-run-session
              Arguments:n/a
              File size:14480 bytes
              MD5 hash:245f3ef6a268850b33b0225a8753b7f4

              Analysis Process: gnome-session PID: 5455 Parent PID: 5453

              General

              Start time:04:21:56
              Start date:10/11/2021
              Path:/usr/bin/gnome-session
              Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gnome-session-binary PID: 5455 Parent PID: 5453

              General

              Start time:04:21:56
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: gnome-session-binary PID: 5456 Parent PID: 5455

              General

              Start time:04:21:56
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: gnome-session-check-accelerated PID: 5456 Parent PID: 5455

              General

              Start time:04:21:56
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-check-accelerated
              Arguments:/usr/libexec/gnome-session-check-accelerated
              File size:18752 bytes
              MD5 hash:a64839518af85b2b9de31aca27646396

              Analysis Process: gnome-session-check-accelerated PID: 5516 Parent PID: 5456

              General

              Start time:04:22:07
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-check-accelerated
              Arguments:n/a
              File size:18752 bytes
              MD5 hash:a64839518af85b2b9de31aca27646396

              Analysis Process: gnome-session-check-accelerated-gl-helper PID: 5516 Parent PID: 5456

              General

              Start time:04:22:07
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-check-accelerated-gl-helper
              Arguments:/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
              File size:22920 bytes
              MD5 hash:b1ab9a384f9e98a39ae5c36037dd5e78

              Analysis Process: gnome-session-check-accelerated PID: 5528 Parent PID: 5456

              General

              Start time:04:22:08
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-check-accelerated
              Arguments:n/a
              File size:18752 bytes
              MD5 hash:a64839518af85b2b9de31aca27646396

              Analysis Process: gnome-session-check-accelerated-gles-helper PID: 5528 Parent PID: 5456

              General

              Start time:04:22:08
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-check-accelerated-gles-helper
              Arguments:/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
              File size:14728 bytes
              MD5 hash:1bd78885765a18e60c05ed1fb5fa3bf8

              Analysis Process: gnome-session-binary PID: 5555 Parent PID: 5455

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: session-migration PID: 5555 Parent PID: 5455

              General

              Start time:04:22:11
              Start date:10/11/2021
              Path:/usr/bin/session-migration
              Arguments:session-migration
              File size:22680 bytes
              MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

              Analysis Process: gnome-session-binary PID: 5558 Parent PID: 5455

              General

              Start time:04:22:12
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 5558 Parent PID: 5455

              General

              Start time:04:22:12
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gnome-shell PID: 5558 Parent PID: 5455

              General

              Start time:04:22:12
              Start date:10/11/2021
              Path:/usr/bin/gnome-shell
              Arguments:/usr/bin/gnome-shell
              File size:23168 bytes
              MD5 hash:da7a257239677622fe4b3a65972c9e87

              Analysis Process: gnome-shell PID: 5609 Parent PID: 5558

              General

              Start time:04:22:25
              Start date:10/11/2021
              Path:/usr/bin/gnome-shell
              Arguments:n/a
              File size:23168 bytes
              MD5 hash:da7a257239677622fe4b3a65972c9e87

              Analysis Process: ibus-daemon PID: 5609 Parent PID: 5558

              General

              Start time:04:22:26
              Start date:10/11/2021
              Path:/usr/bin/ibus-daemon
              Arguments:ibus-daemon --panel disable --xim
              File size:199088 bytes
              MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

              Analysis Process: ibus-daemon PID: 5857 Parent PID: 5609

              General

              Start time:04:22:27
              Start date:10/11/2021
              Path:/usr/bin/ibus-daemon
              Arguments:n/a
              File size:199088 bytes
              MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

              Analysis Process: ibus-memconf PID: 5857 Parent PID: 5609

              General

              Start time:04:22:27
              Start date:10/11/2021
              Path:/usr/libexec/ibus-memconf
              Arguments:/usr/libexec/ibus-memconf
              File size:22904 bytes
              MD5 hash:523e939905910d06598e66385761a822

              Analysis Process: ibus-daemon PID: 5859 Parent PID: 5609

              General

              Start time:04:22:27
              Start date:10/11/2021
              Path:/usr/bin/ibus-daemon
              Arguments:n/a
              File size:199088 bytes
              MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

              Analysis Process: ibus-daemon PID: 5860 Parent PID: 5859

              General

              Start time:04:22:27
              Start date:10/11/2021
              Path:/usr/bin/ibus-daemon
              Arguments:n/a
              File size:199088 bytes
              MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

              Analysis Process: ibus-x11 PID: 5860 Parent PID: 1

              General

              Start time:04:22:27
              Start date:10/11/2021
              Path:/usr/libexec/ibus-x11
              Arguments:/usr/libexec/ibus-x11 --kill-daemon
              File size:100352 bytes
              MD5 hash:2aa1e54666191243814c2733d6992dbd

              Analysis Process: ibus-daemon PID: 6130 Parent PID: 5609

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/usr/bin/ibus-daemon
              Arguments:n/a
              File size:199088 bytes
              MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

              Analysis Process: ibus-engine-simple PID: 6130 Parent PID: 5609

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/usr/libexec/ibus-engine-simple
              Arguments:/usr/libexec/ibus-engine-simple
              File size:14712 bytes
              MD5 hash:0238866d5e8802a0ce1b1b9af8cb1376

              Analysis Process: gnome-session-binary PID: 6116 Parent PID: 5455

              General

              Start time:04:22:36
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6116 Parent PID: 5455

              General

              Start time:04:22:36
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-sharing PID: 6116 Parent PID: 5455

              General

              Start time:04:22:36
              Start date:10/11/2021
              Path:/usr/libexec/gsd-sharing
              Arguments:/usr/libexec/gsd-sharing
              File size:35424 bytes
              MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

              Analysis Process: gnome-session-binary PID: 6118 Parent PID: 5455

              General

              Start time:04:22:36
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6118 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-wacom PID: 6118 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/usr/libexec/gsd-wacom
              Arguments:/usr/libexec/gsd-wacom
              File size:39520 bytes
              MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

              Analysis Process: gnome-session-binary PID: 6120 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6120 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-color PID: 6120 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/usr/libexec/gsd-color
              Arguments:/usr/libexec/gsd-color
              File size:92832 bytes
              MD5 hash:ac2861ad93ce047283e8e87cefef9a19

              Analysis Process: gnome-session-binary PID: 6121 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6121 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-keyboard PID: 6121 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/usr/libexec/gsd-keyboard
              Arguments:/usr/libexec/gsd-keyboard
              File size:39760 bytes
              MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

              Analysis Process: gnome-session-binary PID: 6122 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6122 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-print-notifications PID: 6122 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/usr/libexec/gsd-print-notifications
              Arguments:/usr/libexec/gsd-print-notifications
              File size:51840 bytes
              MD5 hash:71539698aa691718cee775d6b9450ae2

              Analysis Process: gsd-print-notifications PID: 6442 Parent PID: 6122

              General

              Start time:04:22:49
              Start date:10/11/2021
              Path:/usr/libexec/gsd-print-notifications
              Arguments:n/a
              File size:51840 bytes
              MD5 hash:71539698aa691718cee775d6b9450ae2

              Analysis Process: gsd-print-notifications PID: 6443 Parent PID: 6442

              General

              Start time:04:22:49
              Start date:10/11/2021
              Path:/usr/libexec/gsd-print-notifications
              Arguments:n/a
              File size:51840 bytes
              MD5 hash:71539698aa691718cee775d6b9450ae2

              Analysis Process: gsd-printer PID: 6443 Parent PID: 1

              General

              Start time:04:22:49
              Start date:10/11/2021
              Path:/usr/libexec/gsd-printer
              Arguments:/usr/libexec/gsd-printer
              File size:31120 bytes
              MD5 hash:7995828cf98c315fd55f2ffb3b22384d

              Analysis Process: gnome-session-binary PID: 6123 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6123 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-rfkill PID: 6123 Parent PID: 5455

              General

              Start time:04:22:38
              Start date:10/11/2021
              Path:/usr/libexec/gsd-rfkill
              Arguments:/usr/libexec/gsd-rfkill
              File size:51808 bytes
              MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

              Analysis Process: gnome-session-binary PID: 6124 Parent PID: 5455

              General

              Start time:04:22:37
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6124 Parent PID: 5455

              General

              Start time:04:22:38
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-smartcard PID: 6124 Parent PID: 5455

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/usr/libexec/gsd-smartcard
              Arguments:/usr/libexec/gsd-smartcard
              File size:109152 bytes
              MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

              Analysis Process: gnome-session-binary PID: 6128 Parent PID: 5455

              General

              Start time:04:22:38
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6128 Parent PID: 5455

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-datetime PID: 6128 Parent PID: 5455

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/usr/libexec/gsd-datetime
              Arguments:/usr/libexec/gsd-datetime
              File size:76736 bytes
              MD5 hash:d80d39745740de37d6634d36e344d4bc

              Analysis Process: gnome-session-binary PID: 6129 Parent PID: 5455

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6129 Parent PID: 5455

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-media-keys PID: 6129 Parent PID: 5455

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/usr/libexec/gsd-media-keys
              Arguments:/usr/libexec/gsd-media-keys
              File size:232936 bytes
              MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

              Analysis Process: gnome-session-binary PID: 6131 Parent PID: 5455

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6131 Parent PID: 5455

              General

              Start time:04:22:39
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-screensaver-proxy PID: 6131 Parent PID: 5455

              General

              Start time:04:22:40
              Start date:10/11/2021
              Path:/usr/libexec/gsd-screensaver-proxy
              Arguments:/usr/libexec/gsd-screensaver-proxy
              File size:27232 bytes
              MD5 hash:77e309450c87dceee43f1a9e50cc0d02

              Analysis Process: gnome-session-binary PID: 6134 Parent PID: 5455

              General

              Start time:04:22:40
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6134 Parent PID: 5455

              General

              Start time:04:22:41
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-sound PID: 6134 Parent PID: 5455

              General

              Start time:04:22:41
              Start date:10/11/2021
              Path:/usr/libexec/gsd-sound
              Arguments:/usr/libexec/gsd-sound
              File size:31248 bytes
              MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

              Analysis Process: gnome-session-binary PID: 6137 Parent PID: 5455

              General

              Start time:04:22:41
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6137 Parent PID: 5455

              General

              Start time:04:22:41
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-a11y-settings PID: 6137 Parent PID: 5455

              General

              Start time:04:22:42
              Start date:10/11/2021
              Path:/usr/libexec/gsd-a11y-settings
              Arguments:/usr/libexec/gsd-a11y-settings
              File size:23056 bytes
              MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

              Analysis Process: gnome-session-binary PID: 6139 Parent PID: 5455

              General

              Start time:04:22:41
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6139 Parent PID: 5455

              General

              Start time:04:22:42
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-housekeeping PID: 6139 Parent PID: 5455

              General

              Start time:04:22:43
              Start date:10/11/2021
              Path:/usr/libexec/gsd-housekeeping
              Arguments:/usr/libexec/gsd-housekeeping
              File size:51840 bytes
              MD5 hash:b55f3394a84976ddb92a2915e5d76914

              Analysis Process: gnome-session-binary PID: 6144 Parent PID: 5455

              General

              Start time:04:22:42
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6144 Parent PID: 5455

              General

              Start time:04:22:43
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gsd-power PID: 6144 Parent PID: 5455

              General

              Start time:04:22:43
              Start date:10/11/2021
              Path:/usr/libexec/gsd-power
              Arguments:/usr/libexec/gsd-power
              File size:88672 bytes
              MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

              Analysis Process: gnome-session-binary PID: 6995 Parent PID: 5455

              General

              Start time:04:23:07
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 6995 Parent PID: 5455

              General

              Start time:04:23:07
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: spice-vdagent PID: 6995 Parent PID: 5455

              General

              Start time:04:23:07
              Start date:10/11/2021
              Path:/usr/bin/spice-vdagent
              Arguments:/usr/bin/spice-vdagent
              File size:80664 bytes
              MD5 hash:80fb7f613aa78d1b8a229dbcf4577a9d

              Analysis Process: gnome-session-binary PID: 7018 Parent PID: 5455

              General

              Start time:04:23:10
              Start date:10/11/2021
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Analysis Process: sh PID: 7018 Parent PID: 5455

              General

              Start time:04:23:10
              Start date:10/11/2021
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: xbrlapi PID: 7018 Parent PID: 5455

              General

              Start time:04:23:11
              Start date:10/11/2021
              Path:/usr/bin/xbrlapi
              Arguments:xbrlapi -q
              File size:166384 bytes
              MD5 hash:0cfe25df39d38af32d6265ed947ca5b9

              Analysis Process: gdm3 PID: 5399 Parent PID: 1320

              General

              Start time:04:21:37
              Start date:10/11/2021
              Path:/usr/sbin/gdm3
              Arguments:n/a
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Analysis Process: Default PID: 5399 Parent PID: 1320

              General

              Start time:04:21:37
              Start date:10/11/2021
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gdm3 PID: 5400 Parent PID: 1320

              General

              Start time:04:21:37
              Start date:10/11/2021
              Path:/usr/sbin/gdm3
              Arguments:n/a
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Analysis Process: Default PID: 5400 Parent PID: 1320

              General

              Start time:04:21:37
              Start date:10/11/2021
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: gdm3 PID: 5408 Parent PID: 1320

              General

              Start time:04:21:41
              Start date:10/11/2021
              Path:/usr/sbin/gdm3
              Arguments:n/a
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Analysis Process: Default PID: 5408 Parent PID: 1320

              General

              Start time:04:21:41
              Start date:10/11/2021
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Analysis Process: systemd PID: 5414 Parent PID: 1860

              General

              Start time:04:21:46
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: pulseaudio PID: 5414 Parent PID: 1860

              General

              Start time:04:21:46
              Start date:10/11/2021
              Path:/usr/bin/pulseaudio
              Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
              File size:100832 bytes
              MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

              Analysis Process: gvfsd-fuse PID: 5460 Parent PID: 2038

              General

              Start time:04:21:59
              Start date:10/11/2021
              Path:/usr/libexec/gvfsd-fuse
              Arguments:n/a
              File size:47632 bytes
              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

              Analysis Process: fusermount PID: 5460 Parent PID: 2038

              General

              Start time:04:21:59
              Start date:10/11/2021
              Path:/bin/fusermount
              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
              File size:39144 bytes
              MD5 hash:576a1b135c82bdcbc97a91acea900566

              Analysis Process: systemd PID: 5475 Parent PID: 1

              General

              Start time:04:22:01
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: systemd-user-runtime-dir PID: 5475 Parent PID: 1

              General

              Start time:04:22:01
              Start date:10/11/2021
              Path:/lib/systemd/systemd-user-runtime-dir
              Arguments:/lib/systemd/systemd-user-runtime-dir stop 1000
              File size:22672 bytes
              MD5 hash:d55f4b0847f88131dbcfb07435178e54

              Analysis Process: systemd PID: 5583 Parent PID: 1

              General

              Start time:04:22:26
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: systemd-localed PID: 5583 Parent PID: 1

              General

              Start time:04:22:26
              Start date:10/11/2021
              Path:/lib/systemd/systemd-localed
              Arguments:/lib/systemd/systemd-localed
              File size:43232 bytes
              MD5 hash:1244af9646256d49594f2a8203329aa9

              Analysis Process: systemd PID: 5873 Parent PID: 1334

              General

              Start time:04:22:29
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: pulseaudio PID: 5873 Parent PID: 1334

              General

              Start time:04:22:29
              Start date:10/11/2021
              Path:/usr/bin/pulseaudio
              Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
              File size:100832 bytes
              MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

              Analysis Process: systemd PID: 5876 Parent PID: 1

              General

              Start time:04:22:31
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: geoclue PID: 5876 Parent PID: 1

              General

              Start time:04:22:31
              Start date:10/11/2021
              Path:/usr/libexec/geoclue
              Arguments:/usr/libexec/geoclue
              File size:301544 bytes
              MD5 hash:30ac5455f3c598dde91dc87477fb19f7

              Analysis Process: systemd PID: 6169 Parent PID: 1

              General

              Start time:04:22:48
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: systemd-hostnamed PID: 6169 Parent PID: 1

              General

              Start time:04:22:48
              Start date:10/11/2021
              Path:/lib/systemd/systemd-hostnamed
              Arguments:/lib/systemd/systemd-hostnamed
              File size:35040 bytes
              MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

              Analysis Process: systemd PID: 6497 Parent PID: 1

              General

              Start time:04:23:01
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: systemd-localed PID: 6497 Parent PID: 1

              General

              Start time:04:23:01
              Start date:10/11/2021
              Path:/lib/systemd/systemd-localed
              Arguments:/lib/systemd/systemd-localed
              File size:43232 bytes
              MD5 hash:1244af9646256d49594f2a8203329aa9

              Analysis Process: systemd PID: 6783 Parent PID: 1

              General

              Start time:04:23:05
              Start date:10/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: fprintd PID: 6783 Parent PID: 1

              General

              Start time:04:23:05
              Start date:10/11/2021
              Path:/usr/libexec/fprintd
              Arguments:/usr/libexec/fprintd
              File size:125312 bytes
              MD5 hash:b0d8829f05cd028529b84b061b660e84