Create Interactive Tour

Linux Analysis Report arm7

Overview

General Information

Sample Name:arm7
Analysis ID:519719
MD5:3ac52d54aa555033f5095b063a2ea628
SHA1:bc1a24e602b2f4201bbfaec9f7e0495bdeddb45f
SHA256:2a53b47394e367a0d4285aa9609938380cf048acbd57d8a18bfb218a0e34c566
Tags:Mirai
Infos:

Detection

Mirai
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample tries to kill many processes (SIGKILL)
Reads system files that contain records of logged in users
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample contains only a LOAD segment without any section mappings
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:519719
Start date:11.11.2021
Start time:04:22:57
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 11s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:arm7
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal84.spre.troj.evad.lin@0/51@3/0
Warnings:
  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • system is lnxubuntu20
  • arm7 (PID: 5244, Parent: 5118, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm7
    • arm7 New Fork (PID: 5246, Parent: 5244)
    • arm7 New Fork (PID: 5247, Parent: 5244)
      • arm7 New Fork (PID: 5251, Parent: 5247)
      • arm7 New Fork (PID: 5253, Parent: 5247)
        • arm7 New Fork (PID: 5255, Parent: 5253)
  • systemd New Fork (PID: 5293, Parent: 1)
  • whoopsie (PID: 5293, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5316, Parent: 1)
  • sshd (PID: 5316, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5317, Parent: 1)
  • sshd (PID: 5317, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • gdm3 New Fork (PID: 5324, Parent: 1320)
  • Default (PID: 5324, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5327, Parent: 1320)
  • Default (PID: 5327, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5328, Parent: 1)
  • accounts-daemon (PID: 5328, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5348, Parent: 5328, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5349, Parent: 5348, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5350, Parent: 5349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5351, Parent: 5350)
          • locale (PID: 5351, Parent: 5350, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5352, Parent: 5350)
          • grep (PID: 5352, Parent: 5350, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • gdm3 New Fork (PID: 5353, Parent: 1320)
  • gdm-session-worker (PID: 5353, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-wayland-session (PID: 5359, Parent: 5353, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • dbus-run-session (PID: 5362, Parent: 5359, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5363, Parent: 5362, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5367, Parent: 5363)
            • false (PID: 5368, Parent: 5367, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5370, Parent: 5363)
            • false (PID: 5371, Parent: 5370, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5372, Parent: 5363)
            • false (PID: 5373, Parent: 5372, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5374, Parent: 5363)
            • false (PID: 5375, Parent: 5374, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5376, Parent: 5363)
            • false (PID: 5377, Parent: 5376, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5378, Parent: 5363)
            • false (PID: 5379, Parent: 5378, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5381, Parent: 5363)
            • false (PID: 5382, Parent: 5381, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5364, Parent: 5362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5364, Parent: 5362, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5383, Parent: 5364, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5386, Parent: 5364, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5386, Parent: 5364, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • gdm3 New Fork (PID: 5392, Parent: 1320)
  • gdm-session-worker (PID: 5392, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-x-session (PID: 5417, Parent: 5392, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • Xorg (PID: 5421, Parent: 5417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg.wrap (PID: 5421, Parent: 5417, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg (PID: 5421, Parent: 5417, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
        • Xorg New Fork (PID: 5433, Parent: 5421)
        • sh (PID: 5433, Parent: 5421, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5434, Parent: 5433)
          • xkbcomp (PID: 5434, Parent: 5433, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
        • Xorg New Fork (PID: 5861, Parent: 5421)
        • sh (PID: 5861, Parent: 5421, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5862, Parent: 5861)
          • xkbcomp (PID: 5862, Parent: 5861, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
      • Default (PID: 5454, Parent: 5417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/Prime/Default
      • dbus-run-session (PID: 5455, Parent: 5417, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5456, Parent: 5455, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5473, Parent: 5456)
            • at-spi-bus-launcher (PID: 5474, Parent: 5473, MD5: 1563f274acd4e7ba530a55bdc4c95682) Arguments: /usr/libexec/at-spi-bus-launcher
              • dbus-daemon (PID: 5510, Parent: 5474, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
                • dbus-daemon New Fork (PID: 6090, Parent: 5510)
                  • at-spi2-registryd (PID: 6091, Parent: 6090, MD5: 1d904c2693452edebc7ede3a9e24d440) Arguments: /usr/libexec/at-spi2-registryd --use-gnome-session
          • dbus-daemon New Fork (PID: 5539, Parent: 5456)
            • false (PID: 5540, Parent: 5539, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5542, Parent: 5456)
            • false (PID: 5543, Parent: 5542, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5544, Parent: 5456)
            • false (PID: 5545, Parent: 5544, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5546, Parent: 5456)
            • false (PID: 5547, Parent: 5546, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5548, Parent: 5456)
            • false (PID: 5549, Parent: 5548, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5550, Parent: 5456)
            • false (PID: 5551, Parent: 5550, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5553, Parent: 5456)
            • false (PID: 5554, Parent: 5553, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5859, Parent: 5456)
            • ibus-portal (PID: 5860, Parent: 5859, MD5: 562ad55bd9a4d54bd7b76746b01e37d3) Arguments: /usr/libexec/ibus-portal
          • dbus-daemon New Fork (PID: 6094, Parent: 5456)
            • gjs (PID: 6095, Parent: 6094, MD5: 5f3eceb792bb65c22f23d1efb4fde3ad) Arguments: /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
          • dbus-daemon New Fork (PID: 6433, Parent: 5456)
            • false (PID: 6434, Parent: 6433, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5457, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5457, Parent: 5455, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5557, Parent: 5457, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5558, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5558, Parent: 5457, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
            • ibus-daemon (PID: 5736, Parent: 5558, MD5: 1e00fb9860b198c73f6e364e3ff16f31) Arguments: ibus-daemon --panel disable --xim
              • ibus-memconf (PID: 5855, Parent: 5736, MD5: 523e939905910d06598e66385761a822) Arguments: /usr/libexec/ibus-memconf
              • ibus-daemon New Fork (PID: 5857, Parent: 5736)
                • ibus-x11 (PID: 5858, Parent: 1, MD5: 2aa1e54666191243814c2733d6992dbd) Arguments: /usr/libexec/ibus-x11 --kill-daemon
              • ibus-engine-simple (PID: 6127, Parent: 5736, MD5: 0238866d5e8802a0ce1b1b9af8cb1376) Arguments: /usr/libexec/ibus-engine-simple
          • sh (PID: 6114, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
          • gsd-sharing (PID: 6114, Parent: 5457, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
          • sh (PID: 6116, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
          • gsd-wacom (PID: 6116, Parent: 5457, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
          • sh (PID: 6118, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
          • gsd-color (PID: 6118, Parent: 5457, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
          • sh (PID: 6119, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
          • gsd-keyboard (PID: 6119, Parent: 5457, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
          • sh (PID: 6121, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
          • sh (PID: 6124, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
          • gsd-rfkill (PID: 6124, Parent: 5457, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
          • sh (PID: 6126, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
          • gsd-smartcard (PID: 6126, Parent: 5457, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
          • sh (PID: 6128, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
          • gsd-datetime (PID: 6128, Parent: 5457, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
          • sh (PID: 6131, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
          • gsd-media-keys (PID: 6131, Parent: 5457, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
          • sh (PID: 6133, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
          • gsd-screensaver-proxy (PID: 6133, Parent: 5457, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
          • sh (PID: 6135, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
          • gsd-sound (PID: 6135, Parent: 5457, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
          • sh (PID: 6138, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
          • gsd-a11y-settings (PID: 6138, Parent: 5457, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
          • sh (PID: 6141, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
          • gsd-housekeeping (PID: 6141, Parent: 5457, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
          • sh (PID: 6144, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
          • gsd-power (PID: 6144, Parent: 5457, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
          • sh (PID: 6986, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
          • spice-vdagent (PID: 6986, Parent: 5457, MD5: 80fb7f613aa78d1b8a229dbcf4577a9d) Arguments: /usr/bin/spice-vdagent
          • sh (PID: 6992, Parent: 5457, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
          • xbrlapi (PID: 6992, Parent: 5457, MD5: 0cfe25df39d38af32d6265ed947ca5b9) Arguments: xbrlapi -q
  • gdm3 New Fork (PID: 5393, Parent: 1320)
  • Default (PID: 5393, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5414, Parent: 1320)
  • Default (PID: 5414, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5424, Parent: 1320)
  • Default (PID: 5424, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5437, Parent: 1860)
  • pulseaudio (PID: 5437, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • fusermount (PID: 5476, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5496, Parent: 1)
  • systemd-user-runtime-dir (PID: 5496, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 1000
  • systemd New Fork (PID: 5583, Parent: 1)
  • systemd-localed (PID: 5583, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • systemd New Fork (PID: 5870, Parent: 1334)
  • pulseaudio (PID: 5870, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5873, Parent: 1)
  • geoclue (PID: 5873, Parent: 1, MD5: 30ac5455f3c598dde91dc87477fb19f7) Arguments: /usr/libexec/geoclue
  • systemd New Fork (PID: 6161, Parent: 1)
  • systemd-hostnamed (PID: 6161, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • systemd New Fork (PID: 6492, Parent: 1)
  • systemd-localed (PID: 6492, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • systemd New Fork (PID: 6774, Parent: 1)
  • fprintd (PID: 6774, Parent: 1, MD5: b0d8829f05cd028529b84b061b660e84) Arguments: /usr/libexec/fprintd
  • cleanup
SourceRuleDescriptionAuthorStrings
arm7SUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0xafbc:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0xb02b:$s2: $Id: UPX
  • 0xafdc:$s3: $Info: This file is packed with the UPX executable packer
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted file
    Source: arm7Virustotal: Detection: 18%Perma Link
    Source: arm7ReversingLabs: Detection: 15%
    Source: /usr/lib/xorg/Xorg (PID: 5421)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5458)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5511)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5528)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5558)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5437)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5870)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35746 version: TLS 1.2

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45246
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45252
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45256
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45262
    Source: TrafficSnort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 37.208.25.170: -> 192.168.2.23:
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:33698
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:33698
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45278
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:33708
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:33708
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45326
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:33744
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:33744
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:33810
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:33810
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45392
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.161.211.184:23 -> 192.168.2.23:45356
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 188.228.192.177:23 -> 192.168.2.23:49958
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 188.228.192.177:23 -> 192.168.2.23:49958
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:33852
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:33852
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45462
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:33950
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:33950
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 123.161.211.184:23 -> 192.168.2.23:45356
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45554
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:37584
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:33998
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:33998
    Source: TrafficSnort IDS: 716 INFO TELNET access 39.120.26.136:23 -> 192.168.2.23:48748
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.161.211.184:23 -> 192.168.2.23:45518
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45598
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 77.76.148.119:23 -> 192.168.2.23:55862
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 77.76.148.119:23 -> 192.168.2.23:55862
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:59632 -> 83.244.89.111:23
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34036
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34036
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 123.161.211.184:23 -> 192.168.2.23:45518
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45616
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:59644 -> 83.244.89.111:23
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:37628
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34048
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34048
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.161.211.184:23 -> 192.168.2.23:45562
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45636
    Source: TrafficSnort IDS: 716 INFO TELNET access 117.36.77.242:23 -> 192.168.2.23:36662
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34066
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34066
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 113.162.209.38:23 -> 192.168.2.23:60770
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 113.162.209.38:23 -> 192.168.2.23:60770
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:37656
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 117.36.77.242:23 -> 192.168.2.23:36662
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 77.76.148.119:23 -> 192.168.2.23:55934
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 77.76.148.119:23 -> 192.168.2.23:55934
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34086
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34086
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45656
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 123.161.211.184:23 -> 192.168.2.23:45562
    Source: TrafficSnort IDS: 716 INFO TELNET access 117.36.77.242:23 -> 192.168.2.23:36684
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34096
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34096
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:37676
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.161.211.184:23 -> 192.168.2.23:45602
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45672
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 117.36.77.242:23 -> 192.168.2.23:36684
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34110
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34110
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45686
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 123.161.211.184:23 -> 192.168.2.23:45602
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:37710
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34140
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34140
    Source: TrafficSnort IDS: 716 INFO TELNET access 117.36.77.242:23 -> 192.168.2.23:36748
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.94.0.1:23 -> 192.168.2.23:55346
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 77.76.148.119:23 -> 192.168.2.23:55982
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 77.76.148.119:23 -> 192.168.2.23:55982
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45764
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.161.211.184:23 -> 192.168.2.23:45718
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 94.26.54.196:23 -> 192.168.2.23:35366
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 94.26.54.196:23 -> 192.168.2.23:35366
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34218
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34218
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 117.36.77.242:23 -> 192.168.2.23:36748
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:37872
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45880
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 188.228.192.177:23 -> 192.168.2.23:50414
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 188.228.192.177:23 -> 192.168.2.23:50414
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34308
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34308
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 123.161.211.184:23 -> 192.168.2.23:45718
    Source: TrafficSnort IDS: 716 INFO TELNET access 117.36.77.242:23 -> 192.168.2.23:36934
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:45956
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34376
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34376
    Source: TrafficSnort IDS: 716 INFO TELNET access 39.120.26.136:23 -> 192.168.2.23:49120
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:37976
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 117.36.77.242:23 -> 192.168.2.23:36934
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.161.211.184:23 -> 192.168.2.23:45904
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 77.76.148.119:23 -> 192.168.2.23:56224
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 77.76.148.119:23 -> 192.168.2.23:56224
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:32794
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 94.26.54.196:23 -> 192.168.2.23:35606
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 94.26.54.196:23 -> 192.168.2.23:35606
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34414
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34414
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:46052
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:32868
    Source: TrafficSnort IDS: 716 INFO TELNET access 117.36.77.242:23 -> 192.168.2.23:37076
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 123.161.211.184:23 -> 192.168.2.23:45904
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.94.0.1:23 -> 192.168.2.23:55686
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:32888
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:38084
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34512
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34512
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:46100
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 117.36.77.242:23 -> 192.168.2.23:37076
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:32920
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.161.211.184:23 -> 192.168.2.23:46048
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:32966
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34568
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34568
    Source: TrafficSnort IDS: 716 INFO TELNET access 117.36.77.242:23 -> 192.168.2.23:37194
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:46170
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:32992
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:38190
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 77.76.148.119:23 -> 192.168.2.23:56430
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 77.76.148.119:23 -> 192.168.2.23:56430
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 94.26.54.196:23 -> 192.168.2.23:35792
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 94.26.54.196:23 -> 192.168.2.23:35792
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34628
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34628
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:33022
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 117.36.77.242:23 -> 192.168.2.23:37194
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 123.161.211.184:23 -> 192.168.2.23:46048
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:46224
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.94.0.1:23 -> 192.168.2.23:55842
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:33052
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34670
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34670
    Source: TrafficSnort IDS: 716 INFO TELNET access 121.33.113.160:23 -> 192.168.2.23:38258
    Source: TrafficSnort IDS: 716 INFO TELNET access 117.36.77.242:23 -> 192.168.2.23:37280
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.161.211.184:23 -> 192.168.2.23:46198
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:33078
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.249.26.124:23 -> 192.168.2.23:46278
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 198.210.67.144:23 -> 192.168.2.23:34710
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 198.210.67.144:23 -> 192.168.2.23:34710
    Source: TrafficSnort IDS: 716 INFO TELNET access 115.234.205.163:23 -> 192.168.2.23:52930
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.204.151.185:23 -> 192.168.2.23:33110
    Source: TrafficSnort IDS: 716 INFO TELNET access 115.234.205.163:23 -> 192.168.2.23:52942
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57304
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57316
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57322
    Source: global trafficTCP traffic: 192.168.2.23:48594 -> 144.172.71.18:40485
    Source: /tmp/arm7 (PID: 5251)Socket: 0.0.0.0::23
    Source: /usr/sbin/sshd (PID: 5317)Socket: 0.0.0.0::22
    Source: /usr/sbin/sshd (PID: 5317)Socket: [::]::22
    Source: /usr/bin/dbus-daemon (PID: 5363)Socket: <unknown socket type>:unknown
    Source: /usr/libexec/gnome-session-binary (PID: 5364)Socket: <unknown socket type>:unknown
    Source: /usr/lib/xorg/Xorg (PID: 5421)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 5456)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 5510)Socket: <unknown socket type>:unknown
    Source: /usr/libexec/gnome-session-binary (PID: 5457)Socket: <unknown socket type>:unknown
    Source: /usr/bin/ibus-daemon (PID: 5736)Socket: <unknown socket type>:unknown
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35746
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 192.199.57.252
    Source: unknownTCP traffic detected without corresponding DNS query: 176.152.95.5
    Source: unknownTCP traffic detected without corresponding DNS query: 36.225.204.31
    Source: unknownTCP traffic detected without corresponding DNS query: 19.158.28.134
    Source: unknownTCP traffic detected without corresponding DNS query: 121.88.200.84
    Source: unknownTCP traffic detected without corresponding DNS query: 79.181.225.135
    Source: unknownTCP traffic detected without corresponding DNS query: 174.225.180.228
    Source: unknownTCP traffic detected without corresponding DNS query: 209.125.28.100
    Source: unknownTCP traffic detected without corresponding DNS query: 140.4.56.25
    Source: unknownTCP traffic detected without corresponding DNS query: 66.195.28.149
    Source: unknownTCP traffic detected without corresponding DNS query: 157.117.128.224
    Source: unknownTCP traffic detected without corresponding DNS query: 161.30.117.79
    Source: unknownTCP traffic detected without corresponding DNS query: 189.7.67.184
    Source: unknownTCP traffic detected without corresponding DNS query: 95.244.81.146
    Source: unknownTCP traffic detected without corresponding DNS query: 188.12.130.208
    Source: unknownTCP traffic detected without corresponding DNS query: 212.64.62.167
    Source: unknownTCP traffic detected without corresponding DNS query: 76.107.79.99
    Source: unknownTCP traffic detected without corresponding DNS query: 176.221.17.131
    Source: unknownTCP traffic detected without corresponding DNS query: 165.122.137.37
    Source: unknownTCP traffic detected without corresponding DNS query: 130.147.198.147
    Source: unknownTCP traffic detected without corresponding DNS query: 112.55.0.34
    Source: unknownTCP traffic detected without corresponding DNS query: 92.163.185.163
    Source: unknownTCP traffic detected without corresponding DNS query: 79.133.204.182
    Source: unknownTCP traffic detected without corresponding DNS query: 66.140.111.130
    Source: unknownTCP traffic detected without corresponding DNS query: 32.71.34.229
    Source: unknownTCP traffic detected without corresponding DNS query: 186.67.192.29
    Source: unknownTCP traffic detected without corresponding DNS query: 91.217.82.124
    Source: unknownTCP traffic detected without corresponding DNS query: 128.108.131.154
    Source: unknownTCP traffic detected without corresponding DNS query: 173.212.208.70
    Source: unknownTCP traffic detected without corresponding DNS query: 44.122.121.93
    Source: unknownTCP traffic detected without corresponding DNS query: 51.14.9.58
    Source: unknownTCP traffic detected without corresponding DNS query: 42.55.184.30
    Source: unknownTCP traffic detected without corresponding DNS query: 152.74.247.14
    Source: unknownTCP traffic detected without corresponding DNS query: 44.94.224.198
    Source: unknownTCP traffic detected without corresponding DNS query: 119.53.254.131
    Source: unknownTCP traffic detected without corresponding DNS query: 109.102.2.232
    Source: unknownTCP traffic detected without corresponding DNS query: 39.35.170.77
    Source: unknownTCP traffic detected without corresponding DNS query: 213.223.111.27
    Source: unknownTCP traffic detected without corresponding DNS query: 163.130.106.69
    Source: unknownTCP traffic detected without corresponding DNS query: 20.140.155.61
    Source: unknownTCP traffic detected without corresponding DNS query: 59.2.171.77
    Source: unknownTCP traffic detected without corresponding DNS query: 157.251.47.109
    Source: unknownTCP traffic detected without corresponding DNS query: 131.96.70.127
    Source: unknownTCP traffic detected without corresponding DNS query: 181.148.185.52
    Source: unknownTCP traffic detected without corresponding DNS query: 37.252.145.43
    Source: unknownTCP traffic detected without corresponding DNS query: 220.212.79.248
    Source: unknownTCP traffic detected without corresponding DNS query: 64.129.206.237
    Source: unknownTCP traffic detected without corresponding DNS query: 151.242.252.90
    Source: unknownTCP traffic detected without corresponding DNS query: 147.92.30.27
    Source: unknownTCP traffic detected without corresponding DNS query: 105.49.136.22
    Source: arm7String found in binary or memory: http://upx.sf.net
    Source: Xorg.0.log.86.drString found in binary or memory: http://wiki.x.org
    Source: Xorg.0.log.86.drString found in binary or memory: http://www.ubuntu.com/support)
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35746 version: TLS 1.2

    System Summary:

    barindex
    Sample tries to kill many processes (SIGKILL)
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1888, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1983, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 2048, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5456)SIGKILL sent: pid: 5473, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5456)SIGKILL sent: pid: 5859, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5456)SIGKILL sent: pid: 6094, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5510)SIGKILL sent: pid: 6090, result: successful
    Source: LOAD without section mappingsProgram segment: 0x8000
    Source: arm7, type: SAMPLEMatched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1888, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 1983, result: successful
    Source: /tmp/arm7 (PID: 5251)SIGKILL sent: pid: 2048, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5456)SIGKILL sent: pid: 5473, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5456)SIGKILL sent: pid: 5859, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5456)SIGKILL sent: pid: 6094, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5510)SIGKILL sent: pid: 6090, result: successful
    Source: arm7Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
    Source: classification engineClassification label: mal84.spre.troj.evad.lin@0/51@3/0

    Data Obfuscation:

    barindex
    Sample is packed with UPX
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

    Persistence and Installation Behavior:

    barindex
    Sample reads /proc/mounts (often used for finding a writable filesystem)
    Source: /usr/bin/dbus-daemon (PID: 5363)File: /proc/5363/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 5456)File: /proc/5456/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 5510)File: /proc/5510/mountsJump to behavior
    Source: /usr/bin/gjs (PID: 6095)File: /proc/6095/mountsJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5558)File: /proc/5558/mountsJump to behavior
    Source: /bin/fusermount (PID: 5476)File: /proc/5476/mounts
    Source: /bin/sh (PID: 5352)Grep executable: /usr/bin/grep -> grep -F .utf8
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1582/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2033/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/670/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/793/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1579/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1612/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1699/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/674/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1335/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2028/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/675/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/796/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1334/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1532/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1576/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/797/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/676/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/677/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2025/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/799/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/910/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/912/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/517/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/759/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/918/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1594/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1349/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/761/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/884/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1389/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1983/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2038/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/720/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1344/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1465/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1586/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/721/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1463/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/800/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/801/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/847/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1900/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/491/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2050/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1877/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2009/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/772/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1599/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/774/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1477/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/654/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/896/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1476/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1872/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2048/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/655/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1475/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/656/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/777/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/657/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/658/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/419/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/936/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1809/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1494/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1890/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2062/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1888/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1601/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/420/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1886/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2018/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1489/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/785/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/2014/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1320/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/788/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/667/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/789/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/904/exe
    Source: /tmp/arm7 (PID: 5251)File opened: /proc/1207/exe
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/6131/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/6144/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/5510/status
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/5510/attr/current
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/6091/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/6116/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/5458/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/6119/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/5558/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/6118/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/5528/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5510)File opened: /proc/5858/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/6131/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/6133/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/6135/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/5860/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/6114/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/6091/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/6095/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/5456/status
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/5456/attr/current
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/6128/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/5457/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5456)File opened: /proc/5458/cmdline
    Source: /usr/bin/whoopsie (PID: 5293)Directory: /nonexistent/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5328)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5328)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5328)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /usr/share/language-tools/language-options (PID: 5350)Shell command executed: sh -c "locale -a | grep -F .utf8 "
    Source: /usr/lib/xorg/Xorg (PID: 5433)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/lib/xorg/Xorg (PID: 5861)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/lib/xorg/Xorg (PID: 5421)Log file created: /var/log/Xorg.0.logJump to dropped file

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57304
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57316
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57322
    Source: /usr/lib/xorg/Xorg (PID: 5421)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5458)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5511)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5528)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5558)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5437)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5870)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /tmp/arm7 (PID: 5244)Queries kernel information via 'uname':
    Source: /usr/bin/whoopsie (PID: 5293)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 5353)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-binary (PID: 5364)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 5392)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-x-session (PID: 5417)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5421)Queries kernel information via 'uname':
    Source: /usr/libexec/at-spi-bus-launcher (PID: 5474)Queries kernel information via 'uname':
    Source: /usr/libexec/at-spi2-registryd (PID: 6091)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-binary (PID: 5457)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5458)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5511)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5528)Queries kernel information via 'uname':
    Source: /usr/bin/gnome-shell (PID: 5558)Queries kernel information via 'uname':
    Source: /usr/libexec/ibus-x11 (PID: 5858)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-wacom (PID: 6116)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-color (PID: 6118)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-keyboard (PID: 6119)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-smartcard (PID: 6126)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-media-keys (PID: 6131)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-power (PID: 6144)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5437)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5870)Queries kernel information via 'uname':
    Source: /lib/systemd/systemd-hostnamed (PID: 6161)Queries kernel information via 'uname':
    Source: /usr/libexec/fprintd (PID: 6774)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5421)Truncated file: /var/log/Xorg.pid-5421.log
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.773] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.479] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.362] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.823] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.819] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.321] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.217] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.492] (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.415] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.312] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.734] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.657] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.068] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.236] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.682] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.515] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.419] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.537] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.137] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.452] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.341] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.792] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.511] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.641] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.607] (--) vmware(0): w.red: 8
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.301] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.694] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.712] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.740] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.437] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.530] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.678] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.577] (--) vmware(0): vram: 4194304
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.040] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.587] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.749] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.107] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.047] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.040] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.714] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.153] (WW) vmware(0): Disabling RandR12+ support.
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.685] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.491] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.455] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.237] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.640] (==) vmware(0): Default visual is TrueColor
    Source: arm7, 5244.1.000000003fb70bab.000000008f3bd8a1.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.891] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.204] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.158] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.563] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.089] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.733] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.376] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.564] (--) vmware(0): depth: 24
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.587] (--) vmware(0): mwidt: 1176
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.801] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.295] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.737] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.592] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.723] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.286] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.916] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.737] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.298] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.158] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.585] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.761] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.188] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.734] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.622] (--) vmware(0): vis: 4
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.718] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.962] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.200] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.211] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: arm7, 5244.1.0000000031600e67.00000000015e858b.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.980] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.727] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.538] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.689] (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.668] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.796] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.378] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.266] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.386] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.351] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.471] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.496] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.444] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.466] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.922] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.731] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.005] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.728] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.142] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.242] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.709] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.439] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.223] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.363] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.098] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.152] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.538] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.755] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.323] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.658] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.718] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.704] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.346] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.699] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.355] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.723] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.754] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.134] (EE) vmware(0): Failed to open drm.
    Source: arm7, 5251.1.000000003fb70bab.000000008f3bd8a1.rw-.sdmpBinary or memory string: !/proc/1599/exe0!/usr/bin/vmtoolsd1@P
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.598] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.699] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.193] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.508] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.644] (==) vmware(0): Using HW cursor
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.432] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.460] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.147] (WW) vmware(0): Disabling Render Acceleration.
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.731] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.171] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.530] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.172] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.424] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.017] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.967] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.422] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.957] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.679] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
    Source: arm7, 5244.1.0000000031600e67.00000000015e858b.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm7SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.293] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.615] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.636] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.695] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.248] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.198] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.987] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.471] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.681] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.693] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.572] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.767] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.967] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.147] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.439] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.565] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.604] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.408] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.290] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.625] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.279] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.867] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.798] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: arm7, 5251.1.000000003fb70bab.000000008f3bd8a1.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.273] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.597] (--) vmware(0): depth: 24
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.481] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.367] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.062] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.557] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.653] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.207] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.507] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.384] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.268] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.515] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.257] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.766] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 488.238] (II) vmware(0): Initialized VMware Xv extension successfully.
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.146] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.582] (--) vmware(0): pbase: 0xe8000000
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.972] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.945] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.608] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.524] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.677] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.740] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.649] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.759] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.306] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.776] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.548] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.445] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.639] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.510] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.024] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.627] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.054] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.250] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.401] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.551] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.611] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.781] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.215] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.281] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.255] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.985] (II) vmware(0): Initialized VMware Xinerama extension.
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.570] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.101] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.553] (--) vmware(0): caps: 0xFDFF83E2
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.704] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.401] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.665] (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.806] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.777] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.347] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.095] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.609] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.669] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.177] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.770] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.118] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.243] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.506] (II) vmware(0): Virtual size is 800x600 (pitch 1176)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.766] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.716] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.958] (II) vmware(0): Creating default Display subsection in Screen section
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.357] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.121] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 482.431] (II) Module vmware: vendor="X.Org Foundation"
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.393] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 482.361] (II) LoadModule: "vmware"
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.930] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.450] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.519] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.697] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.230] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.444] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.827] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 482.332] (==) Matched vmware as autoconfigured driver 0
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.558] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.675] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.602] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.433] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.142] (WW) vmware(0): Disabling 3D support.
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.688] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.780] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.630] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 482.376] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.951] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.673] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.318] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.937] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.075] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.999] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.613] (==) vmware(0): DPI set to (96, 96)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.881] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.711] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.544] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.903] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.635] (==) vmware(0): RGB weight 888
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.514] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.897] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.501] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.396] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 488.227] (==) vmware(0): Silken mouse enabled
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.846] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.579] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.716] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.972] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
    Source: arm7, 5244.1.000000003fb70bab.000000008f3bd8a1.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.132] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.127] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.743] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.710] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.032] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.599] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.977] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.391] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.991] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.733] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.617] (--) vmware(0): w.blu: 8
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.647] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.708] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.371] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.663] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.010] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.166] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.544] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.230] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.792] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.620] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.223] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.161] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.612] (--) vmware(0): w.grn: 8
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.475] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.787] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.405] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.491] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.592] (--) vmware(0): mheig: 885
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.522] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.795] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.499] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.156] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.552] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.684] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.565] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.410] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.572] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.86.drBinary or memory string: [ 487.569] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 488.216] (==) vmware(0): Backing store enabled
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.670] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.415] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.430] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.429] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.525] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.789] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.993] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.783] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.434] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.910] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.771] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.615] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'

    Language, Device and Operating System Detection:

    barindex
    Reads system files that contain records of logged in users
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5328)Logged in records file read: /var/log/wtmpJump to behavior

    Stealing of Sensitive Information:

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality:

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting1Path InterceptionPath InterceptionFile and Directory Permissions Modification1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting1LSASS MemorySystem Owner/User Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Hidden Files and Directories1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSSystem Information Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptIndicator Removal on Host1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

    Malware Configuration

    No configs have been found
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 519719 Sample: arm7 Startdate: 11/11/2021 Architecture: LINUX Score: 84 120 98.137.186.220, 23 YAHOO-GQ1US United States 2->120 122 81.58.17.231 VERSATELASfortheTrans-EuropeanTele2IPTransportbackbo Belgium 2->122 124 99 other IPs or domains 2->124 134 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->134 136 Multi AV Scanner detection for submitted file 2->136 138 Yara detected Mirai 2->138 140 2 other signatures 2->140 14 gdm3 gdm-session-worker 2->14         started        16 gdm3 gdm-session-worker 2->16         started        18 systemd accounts-daemon 2->18         started        21 18 other processes 2->21 signatures3 process4 signatures5 23 gdm-session-worker gdm-x-session 14->23         started        25 gdm-session-worker gdm-wayland-session 16->25         started        130 Reads system files that contain records of logged in users 18->130 27 accounts-daemon language-validate 18->27         started        132 Sample reads /proc/mounts (often used for finding a writable filesystem) 21->132 29 arm7 21->29         started        31 arm7 21->31         started        process6 process7 33 gdm-x-session dbus-run-session 23->33         started        35 gdm-x-session Xorg Xorg.wrap Xorg 23->35         started        37 gdm-x-session Default 23->37         started        39 gdm-wayland-session dbus-run-session 25->39         started        41 language-validate language-options 27->41         started        43 arm7 29->43         started        46 arm7 29->46         started        signatures8 48 dbus-run-session dbus-daemon 33->48         started        51 dbus-run-session gnome-session gnome-session-binary 1 33->51         started        53 Xorg sh 35->53         started        55 Xorg sh 35->55         started        57 dbus-run-session dbus-daemon 39->57         started        59 dbus-run-session gnome-session gnome-session-binary 1 39->59         started        61 language-options sh 41->61         started        148 Sample tries to kill many processes (SIGKILL) 43->148 63 arm7 46->63         started        process9 signatures10 126 Sample tries to kill many processes (SIGKILL) 48->126 128 Sample reads /proc/mounts (often used for finding a writable filesystem) 48->128 65 dbus-daemon 48->65         started        67 dbus-daemon 48->67         started        73 9 other processes 48->73 75 19 other processes 51->75 69 sh xkbcomp 53->69         started        71 sh xkbcomp 55->71         started        78 7 other processes 57->78 80 2 other processes 59->80 82 2 other processes 61->82 process11 signatures12 84 dbus-daemon at-spi-bus-launcher 65->84         started        86 dbus-daemon gjs 67->86         started        99 9 other processes 73->99 150 Sample reads /proc/mounts (often used for finding a writable filesystem) 75->150 89 gnome-shell ibus-daemon 75->89         started        91 gsd-print-notifications 75->91         started        93 gnome-session-check-accelerated gnome-session-check-accelerated-gl-helper 75->93         started        95 gnome-session-check-accelerated gnome-session-check-accelerated-gles-helper 75->95         started        97 dbus-daemon false 78->97         started        101 6 other processes 78->101 process13 signatures14 103 at-spi-bus-launcher dbus-daemon 84->103         started        142 Sample reads /proc/mounts (often used for finding a writable filesystem) 86->142 106 ibus-daemon 89->106         started        108 ibus-daemon ibus-memconf 89->108         started        110 ibus-daemon ibus-engine-simple 89->110         started        112 gsd-print-notifications gsd-printer 91->112         started        process15 signatures16 144 Sample tries to kill many processes (SIGKILL) 103->144 146 Sample reads /proc/mounts (often used for finding a writable filesystem) 103->146 114 dbus-daemon 103->114         started        116 ibus-daemon ibus-x11 106->116         started        process17 process18 118 dbus-daemon at-spi2-registryd 114->118         started       
    SourceDetectionScannerLabelLink
    arm718%VirustotalBrowse
    arm716%ReversingLabsLinux.Trojan.Mirai
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    162.213.33.108
    truefalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netarm7false
        high
        http://wiki.x.orgXorg.0.log.86.drfalse
          high
          http://www.ubuntu.com/support)Xorg.0.log.86.drfalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            102.233.125.222
            unknownunknown
            36926CKL1-ASNKEfalse
            78.218.236.140
            unknownFrance
            12322PROXADFRfalse
            181.18.62.83
            unknownVenezuela
            27889TelecomunicacionesMOVILNETVEfalse
            172.152.49.110
            unknownUnited States
            7018ATT-INTERNET4USfalse
            92.83.24.178
            unknownRomania
            9050RTDBucharestRomaniaROfalse
            39.64.200.116
            unknownChina
            4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
            4.81.153.118
            unknownUnited States
            3356LEVEL3USfalse
            19.108.160.107
            unknownUnited States
            3MIT-GATEWAYSUSfalse
            124.229.96.184
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            87.74.162.63
            unknownUnited Kingdom
            25310ASN-CWACCESSGBfalse
            57.252.125.35
            unknownBelgium
            2686ATGS-MMD-ASUSfalse
            60.137.207.70
            unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            196.86.186.135
            unknownMorocco
            6713IAM-ASMAfalse
            208.93.2.243
            unknownUnited States
            20419NETBLK-DMRCOMUSfalse
            118.181.224.157
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            125.150.108.30
            unknownKorea Republic of
            4766KIXS-AS-KRKoreaTelecomKRfalse
            41.183.96.133
            unknownSouth Africa
            37028FNBCONNECTZAfalse
            172.195.226.39
            unknownAustralia
            18747IFX18747USfalse
            97.21.13.245
            unknownUnited States
            22394CELLCOUSfalse
            84.95.60.115
            unknownIsrael
            9116GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSystefalse
            124.248.198.79
            unknownHong Kong
            4646SUNNYVISIONSunnyVisionLimitedHKfalse
            118.85.231.198
            unknownChina
            4809CHINATELECOM-CORE-WAN-CN2ChinaTelecomNextGenerationCarrfalse
            5.130.60.48
            unknownRussian Federation
            31200NTKIPv6customersRUfalse
            88.46.176.34
            unknownItaly
            3269ASN-IBSNAZITfalse
            91.130.14.14
            unknownAustria
            1257TELE2EUfalse
            112.0.135.246
            unknownChina
            56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
            91.52.65.166
            unknownGermany
            3320DTAGInternetserviceprovideroperationsDEfalse
            132.246.240.173
            unknownCanada
            25689SSC-299-25689CAfalse
            100.57.32.230
            unknownUnited States
            701UUNETUSfalse
            211.41.216.119
            unknownKorea Republic of
            9943KNCTV-ASKangNamCableTVKRfalse
            161.58.239.216
            unknownUnited States
            2914NTT-COMMUNICATIONS-2914USfalse
            178.211.49.197
            unknownTurkey
            42926RADORETRfalse
            114.201.2.14
            unknownKorea Republic of
            9318SKB-ASSKBroadbandCoLtdKRfalse
            57.213.33.248
            unknownBelgium
            2686ATGS-MMD-ASUSfalse
            126.85.3.177
            unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            76.226.164.60
            unknownUnited States
            7018ATT-INTERNET4USfalse
            126.3.138.66
            unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            177.72.20.48
            unknownBrazil
            262691CONECTALTDABRfalse
            114.165.235.177
            unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
            70.108.52.29
            unknownUnited States
            701UUNETUSfalse
            60.141.152.168
            unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            12.125.15.35
            unknownUnited States
            7018ATT-INTERNET4USfalse
            118.128.100.237
            unknownKorea Republic of
            3786LGDACOMLGDACOMCorporationKRfalse
            143.152.230.1
            unknownUnited States
            385AFCONC-BLOCK1-ASUSfalse
            31.64.109.81
            unknownUnited Kingdom
            12576EELtdGBfalse
            42.3.185.111
            unknownHong Kong
            4760HKTIMS-APHKTLimitedHKfalse
            89.187.44.123
            unknownMoldova Republic of
            25129MONITORING-ASMDfalse
            135.232.5.21
            unknownUnited States
            10455LUCENT-CIOUSfalse
            154.10.35.122
            unknownKorea Republic of
            9578CJNET-ASCheiljedangCoIncKRfalse
            128.227.72.73
            unknownUnited States
            6356NERDCNETUSfalse
            117.47.253.132
            unknownThailand
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            76.201.244.112
            unknownUnited States
            7018ATT-INTERNET4USfalse
            36.158.136.114
            unknownChina
            56047CMNET-HUNAN-APChinaMobilecommunicationscorporationCNfalse
            117.106.133.114
            unknownChina
            4847CNIX-APChinaNetworksInter-ExchangeCNfalse
            53.113.156.205
            unknownGermany
            31399DAIMLER-ASITIGNGlobalNetworkDEfalse
            80.48.28.80
            unknownPoland
            5617TPNETPLfalse
            163.175.224.201
            unknownNetherlands
            57506ASN-PDMTNOfalse
            179.172.101.86
            unknownBrazil
            26599TELEFONICABRASILSABRfalse
            81.58.17.231
            unknownBelgium
            13127VERSATELASfortheTrans-EuropeanTele2IPTransportbackbofalse
            2.126.221.17
            unknownUnited Kingdom
            5607BSKYB-BROADBAND-ASGBfalse
            151.30.126.81
            unknownItaly
            1267ASN-WINDTREIUNETEUfalse
            197.75.183.150
            unknownSouth Africa
            16637MTNNS-ASZAfalse
            188.125.174.125
            unknownTurkey
            49632DATATELEKOMTRfalse
            111.240.86.162
            unknownTaiwan; Republic of China (ROC)
            3462HINETDataCommunicationBusinessGroupTWfalse
            70.98.251.121
            unknownUnited States
            10587FIBERPIPEUSfalse
            178.198.202.29
            unknownSwitzerland
            3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
            119.145.130.27
            unknownChina
            134764CT-FOSHAN-IDCCHINANETGuangdongprovincenetworkCNfalse
            218.48.113.16
            unknownKorea Republic of
            9318SKB-ASSKBroadbandCoLtdKRfalse
            197.73.132.129
            unknownSouth Africa
            16637MTNNS-ASZAfalse
            160.13.162.120
            unknownJapan2497IIJInternetInitiativeJapanIncJPfalse
            130.254.133.105
            unknownUnited States
            18759SAV-ASUSfalse
            32.17.114.188
            unknownUnited States
            2686ATGS-MMD-ASUSfalse
            43.160.107.77
            unknownJapan4249LILLY-ASUSfalse
            148.76.99.191
            unknownUnited States
            6128CABLE-NET-1USfalse
            95.194.237.230
            unknownSweden
            3301TELIANET-SWEDENTeliaCompanySEfalse
            39.32.71.178
            unknownPakistan
            45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKfalse
            46.198.63.212
            unknownCyprus
            6866CYTA-NETWORKInternetServicesCYfalse
            17.139.169.80
            unknownUnited States
            714APPLE-ENGINEERINGUSfalse
            71.137.108.224
            unknownUnited States
            7018ATT-INTERNET4USfalse
            200.193.105.69
            unknownBrazil
            8167BrasilTelecomSA-FilialDistritoFederalBRfalse
            195.126.43.153
            unknownGermany
            702UUNETUSfalse
            189.86.165.237
            unknownBrazil
            4230CLAROSABRfalse
            39.126.211.63
            unknownKorea Republic of
            7562HCNSEOCHO-AS-KRHCNDongjakKRfalse
            13.103.83.161
            unknownUnited States
            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            175.152.229.198
            unknownChina
            4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
            178.17.68.63
            unknownUnited Kingdom
            1273CWVodafoneGroupPLCEUfalse
            185.226.106.152
            unknownSpain
            207046REDSERVICIOESfalse
            46.92.247.163
            unknownGermany
            3320DTAGInternetserviceprovideroperationsDEfalse
            199.255.120.35
            unknownUnited States
            40627RC-COLO1USfalse
            2.91.119.2
            unknownSaudi Arabia
            25019SAUDINETSTC-ASSAfalse
            148.119.111.121
            unknownNorway
            2119TELENOR-NEXTELTelenorNorgeASNOfalse
            204.211.64.111
            unknownUnited States
            6559NCIHUSfalse
            181.201.185.172
            unknownChile
            7418TELEFONICACHILESACLfalse
            41.121.55.44
            unknownSouth Africa
            16637MTNNS-ASZAfalse
            48.160.163.212
            unknownUnited States
            2686ATGS-MMD-ASUSfalse
            189.3.115.151
            unknownBrazil
            4230CLAROSABRfalse
            161.106.193.148
            unknownFrance
            2278ORANGELABSOrangeLabsOLPSEUfalse
            66.191.240.163
            unknownUnited States
            20115CHARTER-20115USfalse
            98.137.186.220
            unknownUnited States
            36647YAHOO-GQ1USfalse
            179.205.121.74
            unknownBrazil
            26615TIMSABRfalse
            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            178.211.49.197vz3I1CuJPQGet hashmaliciousBrowse
              91.52.65.166BitmCvTrdOGet hashmaliciousBrowse
                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                daisy.ubuntu.comarmGet hashmaliciousBrowse
                • 162.213.33.108
                arm7Get hashmaliciousBrowse
                • 162.213.33.108
                x86Get hashmaliciousBrowse
                • 162.213.33.108
                armGet hashmaliciousBrowse
                • 162.213.33.108
                arm7Get hashmaliciousBrowse
                • 162.213.33.132
                x86Get hashmaliciousBrowse
                • 162.213.33.132
                armGet hashmaliciousBrowse
                • 162.213.33.108
                armGet hashmaliciousBrowse
                • 162.213.33.132
                x86Get hashmaliciousBrowse
                • 162.213.33.108
                arm7Get hashmaliciousBrowse
                • 162.213.33.132
                Filecoder.Hive_linux.binGet hashmaliciousBrowse
                • 162.213.33.108
                yFbmGHoONEGet hashmaliciousBrowse
                • 162.213.33.108
                zju8TB277lGet hashmaliciousBrowse
                • 162.213.33.108
                JYWllP5wHPGet hashmaliciousBrowse
                • 162.213.33.108
                uwgXkY20gBGet hashmaliciousBrowse
                • 162.213.33.108
                arm7Get hashmaliciousBrowse
                • 162.213.33.108
                armGet hashmaliciousBrowse
                • 162.213.33.132
                x86Get hashmaliciousBrowse
                • 162.213.33.132
                FWsCarsq8QGet hashmaliciousBrowse
                • 162.213.33.108
                x86Get hashmaliciousBrowse
                • 162.213.33.108
                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                TelecomunicacionesMOVILNETVEx86_64Get hashmaliciousBrowse
                • 181.35.94.106
                dYgJ72oG4fGet hashmaliciousBrowse
                • 181.17.48.151
                lYmYPlzghQGet hashmaliciousBrowse
                • 181.17.48.157
                arm7Get hashmaliciousBrowse
                • 181.17.223.27
                wRmHCEnowIGet hashmaliciousBrowse
                • 181.17.48.154
                5BfhgIXvAyGet hashmaliciousBrowse
                • 181.18.62.52
                SecuriteInfo.com.Linux.Mirai.1429.15365.3177Get hashmaliciousBrowse
                • 181.18.62.54
                R9kV5GcwPzGet hashmaliciousBrowse
                • 181.17.147.100
                DPJPYxGxfIGet hashmaliciousBrowse
                • 181.18.37.41
                g22kPe2LIcGet hashmaliciousBrowse
                • 181.18.62.60
                b3astmode.armGet hashmaliciousBrowse
                • 181.35.46.235
                8g3tc5SWwBGet hashmaliciousBrowse
                • 181.17.147.111
                5VgU7cIQmKGet hashmaliciousBrowse
                • 181.17.147.125
                666.arm7Get hashmaliciousBrowse
                • 181.19.238.201
                SYyxBAju45Get hashmaliciousBrowse
                • 181.19.238.215
                5NKkJ6URW0Get hashmaliciousBrowse
                • 181.17.223.22
                b3astmode.armGet hashmaliciousBrowse
                • 181.35.7.3
                mFKC2tSCJXGet hashmaliciousBrowse
                • 181.34.254.116
                b3astmode.x86-20211011-1850Get hashmaliciousBrowse
                • 181.19.236.90
                ntpclientGet hashmaliciousBrowse
                • 181.18.0.84
                CKL1-ASNKEmF0MqdkjfzGet hashmaliciousBrowse
                • 102.195.48.38
                sora.mipsGet hashmaliciousBrowse
                • 154.154.144.106
                s36oh8I6I0Get hashmaliciousBrowse
                • 102.196.108.94
                trynagetmybinsufucker98575.arm7Get hashmaliciousBrowse
                • 154.156.195.131
                Yoshi.arm7-20211110-0350Get hashmaliciousBrowse
                • 102.194.241.208
                Yoshi.x86-20211110-0350Get hashmaliciousBrowse
                • 102.2.61.4
                sora.armGet hashmaliciousBrowse
                • 102.217.46.201
                KKveTTgaAAsecNNaaaa.armGet hashmaliciousBrowse
                • 154.159.3.7
                mipsGet hashmaliciousBrowse
                • 102.4.9.25
                qgxgn5fQU1Get hashmaliciousBrowse
                • 102.238.238.5
                GB0O1NUtmJGet hashmaliciousBrowse
                • 102.209.153.234
                byxEpar5ZmGet hashmaliciousBrowse
                • 102.241.140.246
                kkr4DrMz5LGet hashmaliciousBrowse
                • 102.236.129.90
                62G7F4Mgt0Get hashmaliciousBrowse
                • 102.242.129.241
                R7PQ7Hmwq8Get hashmaliciousBrowse
                • 102.194.241.203
                wuyZAnkXB9Get hashmaliciousBrowse
                • 102.203.57.206
                QISwaj96QZGet hashmaliciousBrowse
                • 102.5.127.220
                bZ3EzTJKiDGet hashmaliciousBrowse
                • 102.220.88.189
                v7Tqrjux9IGet hashmaliciousBrowse
                • 154.154.7.241
                sora.armGet hashmaliciousBrowse
                • 105.230.56.170
                PROXADFRz0x3n.x86-20211110-2150Get hashmaliciousBrowse
                • 78.244.4.30
                sora.arm7Get hashmaliciousBrowse
                • 88.169.195.134
                z0x3n.arm-20211110-2150Get hashmaliciousBrowse
                • 88.176.250.4
                Recharge150x3-uploadgpj.gpj..exeGet hashmaliciousBrowse
                • 83.159.194.96
                QXFOZ3CshcGet hashmaliciousBrowse
                • 82.65.147.204
                lDawzTbABcGet hashmaliciousBrowse
                • 78.227.140.91
                eGH4d5FDoUGet hashmaliciousBrowse
                • 82.67.203.184
                Yoshi.x86-20211110-0350Get hashmaliciousBrowse
                • 78.200.7.192
                zD1jpTbFQqGet hashmaliciousBrowse
                • 88.189.112.244
                fNrSUTMJ8OGet hashmaliciousBrowse
                • 83.157.120.104
                2tdWqgPQPcGet hashmaliciousBrowse
                • 91.167.86.199
                8wdtrqd3z0Get hashmaliciousBrowse
                • 91.163.170.206
                x86-20211110-0150Get hashmaliciousBrowse
                • 91.163.145.21
                sora.x86Get hashmaliciousBrowse
                • 88.190.10.49
                x86Get hashmaliciousBrowse
                • 78.212.162.138
                fZ9Y8XVXDHGet hashmaliciousBrowse
                • 78.211.212.24
                QaCRsRGMybGet hashmaliciousBrowse
                • 91.163.145.53
                QSjpGBd7GvGet hashmaliciousBrowse
                • 91.169.219.64
                fbXTgwatuJGet hashmaliciousBrowse
                • 91.169.219.34
                mipsGet hashmaliciousBrowse
                • 88.174.249.35
                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                8662467bc96db2d387755570446a7946Filecoder.Hive_linux.binGet hashmaliciousBrowse
                • 162.213.33.132
                mirai.armGet hashmaliciousBrowse
                • 162.213.33.132
                2j7dEG022bGet hashmaliciousBrowse
                • 162.213.33.132
                sora.arm7Get hashmaliciousBrowse
                • 162.213.33.132
                sora.x86Get hashmaliciousBrowse
                • 162.213.33.132
                sora.armGet hashmaliciousBrowse
                • 162.213.33.132
                EHqBakwhNUGet hashmaliciousBrowse
                • 162.213.33.132
                vq0sPlNJDKGet hashmaliciousBrowse
                • 162.213.33.132
                w07UCYGzBeGet hashmaliciousBrowse
                • 162.213.33.132
                Rry5mHEWuHGet hashmaliciousBrowse
                • 162.213.33.132
                ofgE8wetW4Get hashmaliciousBrowse
                • 162.213.33.132
                0bqzNIp9PVGet hashmaliciousBrowse
                • 162.213.33.132
                yjJXz4a3u6Get hashmaliciousBrowse
                • 162.213.33.132
                g3wyMOTecEGet hashmaliciousBrowse
                • 162.213.33.132
                7k6FKvDl0xGet hashmaliciousBrowse
                • 162.213.33.132
                KSzA1ujvlVGet hashmaliciousBrowse
                • 162.213.33.132
                y66dLhUn0GGet hashmaliciousBrowse
                • 162.213.33.132
                5j9ZIHs8fDGet hashmaliciousBrowse
                • 162.213.33.132
                1isequal9.arm7Get hashmaliciousBrowse
                • 162.213.33.132
                1isequal9.x86Get hashmaliciousBrowse
                • 162.213.33.132
                No context
                /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
                Process:/usr/bin/pulseaudio
                File Type:ASCII text
                Category:dropped
                Size (bytes):10
                Entropy (8bit):2.9219280948873623
                Encrypted:false
                SSDEEP:3:5bkPn:pkP
                MD5:FF001A15CE15CF062A3704CEA2991B5F
                SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: auto_null.
                /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
                Process:/usr/bin/pulseaudio
                File Type:ASCII text
                Category:dropped
                Size (bytes):18
                Entropy (8bit):3.4613201402110088
                Encrypted:false
                SSDEEP:3:5bkrIZsXvn:pkckv
                MD5:28FE6435F34B3367707BB1C5D5F6B430
                SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: auto_null.monitor.
                /proc/5317/oom_score_adj
                Process:/usr/sbin/sshd
                File Type:ASCII text
                Category:dropped
                Size (bytes):6
                Entropy (8bit):1.7924812503605778
                Encrypted:false
                SSDEEP:3:ptn:Dn
                MD5:CBF282CC55ED0792C33D10003D1F760A
                SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
                SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
                SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
                Malicious:false
                Reputation:high, very likely benign file
                Preview: -1000.
                /proc/5368/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: 0
                /proc/5371/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: 0
                /proc/5373/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: 0
                /proc/5375/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: 0
                /proc/5377/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5379/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5382/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5474/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5540/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5543/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5545/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5547/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5549/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5551/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5554/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5860/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/6091/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/6095/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/6434/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /run/sshd.pid
                Process:/usr/sbin/sshd
                File Type:ASCII text
                Category:dropped
                Size (bytes):5
                Entropy (8bit):2.321928094887362
                Encrypted:false
                SSDEEP:3:DUc:3
                MD5:3464AA45932E8B6C43906DD27DECD892
                SHA1:3DBF53863A9D9308DA2250E2CF1931F1E6D21F96
                SHA-256:3C1DACA8B1C7BBA79E5E56D3033A58521BEC1DB1731F8DEC527760165F7483DF
                SHA-512:2F9054AE0D74F5ADB703FC78500CF17A024D8EE5C7692B8BFFF50B5D810E2D0448A1781485109F62A03D9C11F4846096F56CE70BD82A553D40C626C75331AD7C
                Malicious:false
                Preview: 5317.
                /run/user/1000/pulse/pid
                Process:/usr/bin/pulseaudio
                File Type:ASCII text
                Category:dropped
                Size (bytes):5
                Entropy (8bit):2.321928094887362
                Encrypted:false
                SSDEEP:3:EF:EF
                MD5:63883F6ED7AEC27C7A8F3582E33DE117
                SHA1:30C48B516C7B1CCE1BE137AF0E429A5E3B52A645
                SHA-256:4763150DA21E6EED9EDF287DC4B99DCAA83C53510D3ACC76B993B08932B1E7B9
                SHA-512:71B9F090DE8F460A407A9D594327B4104C6EE1933EAF84C8BF1AD2A4D1EE98C60FEC6AC4E1311A4D5849F8E4EA18FE3A20343C1AC46DB58477857CF888DC12EF
                Malicious:false
                Preview: 5437.
                /run/user/127/ICEauthority
                Process:/usr/libexec/gnome-session-binary
                File Type:data
                Category:dropped
                Size (bytes):1304
                Entropy (8bit):5.999713966875013
                Encrypted:false
                SSDEEP:12:OxPDCXMkveY+Dil2xPWVS2xRveY+WU/xP5mhijveY+5tWmxPwWoveY+wcZVveY+B:jJHS2mwqrxwmYwAg
                MD5:193B96241DFAC0CAFE5289C44B6D51F1
                SHA1:76D24499816DD12A7EC4BB8845DF1EED23EACFCE
                SHA-256:1181A7908D420333A2D08257202625D02CAC246F55531A63394D22ECB47751E0
                SHA-512:47F202B97F3684D2E6BA89FF3A780FA1FB40D9B38700ADF041821EDA8978A9578EF27C0516E2E8CC45F4A462A621C634B9D78EFB6D849EA5453AC71CAD58F45C
                Malicious:false
                Preview: ..XSMP...!unix/galassia:/tmp/.ICE-unix/5457..MIT-MAGIC-COOKIE-1.. v.<.W..H.:.".O...XSMP...#local/galassia:@/tmp/.ICE-unix/5457..MIT-MAGIC-COOKIE-1... ..`....G&N....ICE...!unix/galassia:/tmp/.ICE-unix/5364..MIT-MAGIC-COOKIE-1....I....S....E.Q..ICE...#local/galassia:@/tmp/.ICE-unix/5364..MIT-MAGIC-COOKIE-1..F.#.d/ ./>.Te.}..XSMP...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1...p.......A.9%..XSMP...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....o.(R...}.9...ICE...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...w$....^.'fI..1..ICE...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...^f........E..c..XSMP...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1... ......Y...@.t...XSMP...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...#...,.:B.o......ICE...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1..N..yte|4yXJ...Mf..ICE...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....cN.....N+..$..XSMP...#local/galass
                /run/user/127/dconf/user
                Process:/usr/libexec/gsd-power
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3::
                MD5:93B885ADFE0DA089CDF634904FD59F71
                SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                Malicious:false
                Preview: .
                /run/user/127/gdm/Xauthority
                Process:/usr/lib/gdm3/gdm-x-session
                File Type:X11 Xauthority data
                Category:dropped
                Size (bytes):104
                Entropy (8bit):4.8653653400210795
                Encrypted:false
                SSDEEP:3:rg/WFllasO93FzHWFllasO93F3:rg/WFl2VDWFl2V3
                MD5:A08B6F53539A6267E8D5238823FEEBED
                SHA1:7335AB1348D6976A4E4FFC3D1B34B4E207645C3B
                SHA-256:EE9CE52BC989F64FCA9C4C4766C9D8577CC9D09DF29F88373F0A91A92FCB37AC
                SHA-512:53C4B1AD3A2A8CD9EB83484CF4C8119AFBA9540E60E87AC8E9BE2075E2DB99A46D4BFCB0B219A8325B9FC766675A89385243ED18B52A2B78AD2527DA6500F82F
                Malicious:false
                Preview: ....galassia....MIT-MAGIC-COOKIE-1...X. ...]>gvO.6T....galassia....MIT-MAGIC-COOKIE-1...X. ...]>gvO.6T
                /run/user/127/pulse/pid
                Process:/usr/bin/pulseaudio
                File Type:ASCII text
                Category:dropped
                Size (bytes):5
                Entropy (8bit):2.321928094887362
                Encrypted:false
                SSDEEP:3:Imv:IY
                MD5:2EFD183BB3613F61BFE201210AD7B770
                SHA1:7DE336CBB23FC55CD74D8AE8F24AAA956CB6B741
                SHA-256:87BAEE03B7CB5C0123998D60AFE6169E2887C6039FA13DE276412340B43E6748
                SHA-512:A401CDFAA882359BCFBD2F13C39043366AF4F12E366C3DAD197B3E0DAD1C1D1E95079229265C5E6F2EC7A518BC5A3265F47292C930AB98F2E942C9D0230DC1CD
                Malicious:false
                Preview: 5870.
                /tmp/server-0.xkm
                Process:/usr/bin/xkbcomp
                File Type:Compiled XKB Keymap: lsb, version 15
                Category:dropped
                Size (bytes):12060
                Entropy (8bit):4.8492493153178975
                Encrypted:false
                SSDEEP:192:tDyb2zOmnECQmwTVFfLaSLus4UVcqLkjoqdD//HJeCQ1+JdDx0s2T:tDyAxvYhFf+S6tUzmp7/1MJ
                MD5:B4E3EB0B8B6B0FC1F46740C573E18D86
                SHA1:7D35426357695EBA77850757E8939A62DCEFF2D1
                SHA-256:7951135CC89A6E89493E3A9997C3D9054439459F8BFCE3DDEC76B943DA79FA91
                SHA-512:8196A23E2B5E525A5581562A2D7F2EE4FF5B694FEF3E218206D52EA9BFE80600BB0C6AA8968CA58E93E1AAD478FA05E157D08DB6D4D1224DDEA6754E377BE001
                Malicious:false
                Preview: .mkx..............D.......................h.......<.....P.@%.......&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18
                /var/lib/AccountsService/users/gdm.9M46B1
                Process:/usr/lib/accountsservice/accounts-daemon
                File Type:ASCII text
                Category:dropped
                Size (bytes):61
                Entropy (8bit):4.66214589518167
                Encrypted:false
                SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                MD5:542BA3FB41206AE43928AF1C5E61FEBC
                SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                Malicious:false
                Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
                /var/lib/AccountsService/users/gdm.L5X6B1
                Process:/usr/lib/accountsservice/accounts-daemon
                File Type:ASCII text
                Category:dropped
                Size (bytes):61
                Entropy (8bit):4.66214589518167
                Encrypted:false
                SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                MD5:542BA3FB41206AE43928AF1C5E61FEBC
                SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                Malicious:false
                Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
                /var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
                Process:/usr/bin/ibus-daemon
                File Type:ASCII text
                Category:dropped
                Size (bytes):381
                Entropy (8bit):5.176230767677719
                Encrypted:false
                SSDEEP:6:SbF4b2sONeZVkSoQ65EfqFFAU+qmnQT23msRvkTFacecf8h/zKLGWWAhFdq5719W:q5sU3LWfLUDmQymqSFbfomSEg57fW
                MD5:896E3BF9ACDB896DF930102F76C10C5A
                SHA1:C7018BD0E86DCC1DBA5E78F3D76B90846832C056
                SHA-256:0E4354A7770E3D632847765D32DDC00BDA08FA2921D968FEB282B4B2BF22F267
                SHA-512:03205DC4BDDF2405ADECB701D96C0483AED4005035EC86A5477921378FDF7B477458296692F5A38C026FD575FB5DF740A085FF9ED321F2A58623B94E70D02BBB
                Malicious:false
                Preview: # This file is created by ibus-daemon, please do not modify it..# This file allows processes on the machine to find the.# ibus session bus with the below address..# If the IBUS_ADDRESS environment variable is set, it will.# be used rather than this file..IBUS_ADDRESS=unix:abstract=/var/lib/gdm3/.cache/ibus/dbus-upIQODLF,guid=f60882bb5f5622c8277d4ec4618c9b39.IBUS_DAEMON_PID=5736.
                /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
                Process:/usr/bin/pulseaudio
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:v:v
                MD5:68B329DA9893E34099C7D8AD5CB9C940
                SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                Malicious:false
                Preview: .
                /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
                Process:/usr/bin/pulseaudio
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:v:v
                MD5:68B329DA9893E34099C7D8AD5CB9C940
                SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                Malicious:false
                Preview: .
                /var/lib/whoopsie/whoopsie-id.FINAC1
                Process:/usr/bin/whoopsie
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):128
                Entropy (8bit):3.9410969045919657
                Encrypted:false
                SSDEEP:3:19y6UTAvBTdDVEQcNgAT0XUQhd3tjCZccCKcsVQWQ7JW:3y6BlVEfQXU8djCZd40
                MD5:D2B5AAF22916F8D6665CF9E835EAD5E7
                SHA1:AAEF3CE527B8F1E3733BCD03EF7A6C0F30881E15
                SHA-256:FEB925D4465BF6D30A42B19112406AD1B59BA90673DC4F91B25005A90FEFEB36
                SHA-512:B55A45FA0DECE5A3B0348BC3F3031A7329590E57BAD5013690AFEAA9825C0DE4B75D27057A56C33800F1626935840DA2262AAF14E795C75F39362B728D95F18A
                Malicious:false
                Preview: 9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e
                /var/log/Xorg.0.log
                Process:/usr/lib/xorg/Xorg
                File Type:ASCII text
                Category:dropped
                Size (bytes):41347
                Entropy (8bit):5.287748169225308
                Encrypted:false
                SSDEEP:384:E7zxuQaUogMCdhdRd1dJdFdPdmdMdbdZdtdEdid8didedVdKdidcdeTd/JdqVdro:8zxuTbpit7tkBI4WVD/EaO
                MD5:862924DE94D6832285BB9F5759E2AEB9
                SHA1:74EDDAC63E786EEFE7D97F60DFD5D50BE8D2ADD0
                SHA-256:4FC0EEAA67578ACA019E1FDC077B5B0AACB526A00504F58C584B1589F169E9A4
                SHA-512:EA358A5407AB336E9B4D94DDF15AF8A601BAD095B5BF137D47ECB474D0F4A132CE82837F3F3D616222B95C0BD836D6F95BB7B53E79B240A27AF5D2D9B4FD411C
                Malicious:false
                Preview: [ 479.915] (--) Log file renamed from "/var/log/Xorg.pid-5421.log" to "/var/log/Xorg.0.log".[ 479.928] .X.Org X Server 1.20.11.X Protocol Version 11, Revision 0.[ 479.934] Build Operating System: linux Ubuntu.[ 479.938] Current Operating System: Linux galassia 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64.[ 479.943] Kernel command line: Patched by Joe: BOOT_IMAGE=/vmlinuz-5.4.0-72-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro maybe-ubiquity.[ 479.953] Build Date: 06 July 2021 10:17:51AM.[ 479.957] xorg-server 2:1.20.11-1ubuntu1~20.04.2 (For technical support please see http://www.ubuntu.com/support) .[ 479.961] Current version of pixman: 0.38.4.[ 479.967] .Before reporting problems, check http://wiki.x.org..to make sure that you have the latest version..[ 479.973] Markers: (--) probed, (**) from config file, (==) default setting,..(++) from command line, (!!) notice, (II) informational,..(WW) warning, (EE) error, (NI) not implemented, (??)

                Static File Info

                General

                File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, stripped
                Entropy (8bit):7.985627004831107
                TrID:
                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                File name:arm7
                File size:64544
                MD5:3ac52d54aa555033f5095b063a2ea628
                SHA1:bc1a24e602b2f4201bbfaec9f7e0495bdeddb45f
                SHA256:2a53b47394e367a0d4285aa9609938380cf048acbd57d8a18bfb218a0e34c566
                SHA512:d27904d81cd1a94173db1800000ad2ca37e40d09809fd469cdd09862a32856908ea8534c4c0eedfa36cb4b2bbee3cec44922151a4089b0c798e3f76e3f21ec52
                SSDEEP:1536:BB/JzJMY5wBolMP2KSNA5H5GT684wYX6agptUTD0nWJEEkfHW7iLVayMQtJ8hBjn:jcMTKSusiwy6tGBJELf27iL3Oh9
                File Content Preview:.ELF..............(......$..4...........4. ...(.........................................x...x...x...................Q.td...............................aUPX!....................l..........?.E.h;....#..$...o.....b..~B.*...5N&"a....#R.a..a..,..C....g...k.'..

                ELF header

                Class:ELF32
                Data:2's complement, little endian
                Version:1 (current)
                Machine:ARM
                Version Number:0x1
                Type:EXEC (Executable file)
                OS/ABI:UNIX - Linux
                ABI Version:0
                Entry Point Address:0x124c8
                Flags:0x4000002
                ELF Header Size:52
                Program Header Offset:52
                Program Header Size:32
                Number of Program Headers:3
                Section Header Offset:0
                Section Header Size:40
                Number of Section Headers:0
                Header String Table Index:0
                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x80000x80000xb6b50xb6b54.02490x5R E0x8000
                LOAD0x8780x308780x308780x00x00.00000x6RW 0x8000
                GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                Network Behavior

                TimestampSource PortDest PortSource IPDest IP
                Nov 11, 2021 04:23:40.845705986 CET296823192.168.2.23192.199.57.252
                Nov 11, 2021 04:23:40.845745087 CET296823192.168.2.23176.152.95.5
                Nov 11, 2021 04:23:40.845771074 CET296823192.168.2.2336.225.204.31
                Nov 11, 2021 04:23:40.845808029 CET296823192.168.2.2319.158.28.134
                Nov 11, 2021 04:23:40.845813990 CET296823192.168.2.23121.88.200.84
                Nov 11, 2021 04:23:40.845829010 CET296823192.168.2.2379.181.225.135
                Nov 11, 2021 04:23:40.845837116 CET296823192.168.2.23174.225.180.228
                Nov 11, 2021 04:23:40.845841885 CET296823192.168.2.23209.125.28.100
                Nov 11, 2021 04:23:40.845851898 CET296823192.168.2.23140.4.56.25
                Nov 11, 2021 04:23:40.845855951 CET296823192.168.2.2366.195.28.149
                Nov 11, 2021 04:23:40.845877886 CET296823192.168.2.23157.117.128.224
                Nov 11, 2021 04:23:40.845879078 CET296823192.168.2.23161.30.117.79
                Nov 11, 2021 04:23:40.845880985 CET296823192.168.2.23189.7.67.184
                Nov 11, 2021 04:23:40.845890045 CET296823192.168.2.2395.244.81.146
                Nov 11, 2021 04:23:40.845896006 CET296823192.168.2.23188.12.130.208
                Nov 11, 2021 04:23:40.845904112 CET296823192.168.2.23212.64.62.167
                Nov 11, 2021 04:23:40.845921040 CET296823192.168.2.2376.107.79.99
                Nov 11, 2021 04:23:40.845925093 CET296823192.168.2.23176.221.17.131
                Nov 11, 2021 04:23:40.845926046 CET296823192.168.2.23165.122.137.37
                Nov 11, 2021 04:23:40.845926046 CET296823192.168.2.23130.147.198.147
                Nov 11, 2021 04:23:40.845930099 CET296823192.168.2.23112.55.0.34
                Nov 11, 2021 04:23:40.845936060 CET296823192.168.2.2392.163.185.163
                Nov 11, 2021 04:23:40.845941067 CET296823192.168.2.2379.133.204.182
                Nov 11, 2021 04:23:40.845944881 CET296823192.168.2.2366.140.111.130
                Nov 11, 2021 04:23:40.845952988 CET296823192.168.2.2332.71.34.229
                Nov 11, 2021 04:23:40.845961094 CET296823192.168.2.23186.67.192.29
                Nov 11, 2021 04:23:40.845963001 CET296823192.168.2.2391.217.82.124
                Nov 11, 2021 04:23:40.845968962 CET296823192.168.2.23128.108.131.154
                Nov 11, 2021 04:23:40.845974922 CET296823192.168.2.23173.212.208.70
                Nov 11, 2021 04:23:40.845978022 CET296823192.168.2.2344.122.121.93
                Nov 11, 2021 04:23:40.845979929 CET296823192.168.2.2351.14.9.58
                Nov 11, 2021 04:23:40.845987082 CET296823192.168.2.2342.55.184.30
                Nov 11, 2021 04:23:40.846000910 CET296823192.168.2.23152.74.247.14
                Nov 11, 2021 04:23:40.846007109 CET296823192.168.2.2344.94.224.198
                Nov 11, 2021 04:23:40.846007109 CET296823192.168.2.23119.53.254.131
                Nov 11, 2021 04:23:40.846009016 CET296823192.168.2.23109.102.2.232
                Nov 11, 2021 04:23:40.846009970 CET296823192.168.2.2339.35.170.77
                Nov 11, 2021 04:23:40.846009970 CET296823192.168.2.23213.223.111.27
                Nov 11, 2021 04:23:40.846013069 CET296823192.168.2.23163.130.106.69
                Nov 11, 2021 04:23:40.846015930 CET296823192.168.2.2320.140.155.61
                Nov 11, 2021 04:23:40.846019030 CET296823192.168.2.2359.2.171.77
                Nov 11, 2021 04:23:40.846023083 CET296823192.168.2.23157.251.47.109
                Nov 11, 2021 04:23:40.846024036 CET296823192.168.2.23131.96.70.127
                Nov 11, 2021 04:23:40.846029043 CET296823192.168.2.23181.148.185.52
                Nov 11, 2021 04:23:40.846031904 CET296823192.168.2.2337.252.145.43
                Nov 11, 2021 04:23:40.846036911 CET296823192.168.2.23220.212.79.248
                Nov 11, 2021 04:23:40.846043110 CET296823192.168.2.2364.129.206.237
                Nov 11, 2021 04:23:40.846044064 CET296823192.168.2.23151.242.252.90
                Nov 11, 2021 04:23:40.846044064 CET296823192.168.2.23147.92.30.27
                Nov 11, 2021 04:23:40.846048117 CET296823192.168.2.23105.49.136.22
                Nov 11, 2021 04:23:40.846049070 CET296823192.168.2.23139.216.29.107
                Nov 11, 2021 04:23:40.846052885 CET296823192.168.2.23203.227.211.32
                Nov 11, 2021 04:23:40.846055031 CET296823192.168.2.23167.9.56.14
                Nov 11, 2021 04:23:40.846059084 CET296823192.168.2.23191.103.136.118
                Nov 11, 2021 04:23:40.846071959 CET296823192.168.2.2372.159.14.0
                Nov 11, 2021 04:23:40.846076012 CET296823192.168.2.23222.222.138.193
                Nov 11, 2021 04:23:40.846079111 CET296823192.168.2.23148.20.142.55
                Nov 11, 2021 04:23:40.846081018 CET296823192.168.2.23177.137.121.154
                Nov 11, 2021 04:23:40.846085072 CET296823192.168.2.2382.117.34.103
                Nov 11, 2021 04:23:40.846086979 CET296823192.168.2.23136.74.19.228
                Nov 11, 2021 04:23:40.846092939 CET296823192.168.2.23164.32.180.223
                Nov 11, 2021 04:23:40.846093893 CET296823192.168.2.2392.52.234.107
                Nov 11, 2021 04:23:40.846097946 CET296823192.168.2.2375.131.26.125
                Nov 11, 2021 04:23:40.846105099 CET296823192.168.2.23218.81.210.234
                Nov 11, 2021 04:23:40.846107960 CET296823192.168.2.23108.138.184.193
                Nov 11, 2021 04:23:40.846107006 CET296823192.168.2.2364.232.35.10
                Nov 11, 2021 04:23:40.846107960 CET296823192.168.2.23166.6.142.211
                Nov 11, 2021 04:23:40.846111059 CET296823192.168.2.23144.38.147.21
                Nov 11, 2021 04:23:40.846117973 CET296823192.168.2.2323.157.229.23
                Nov 11, 2021 04:23:40.846122980 CET296823192.168.2.23163.69.128.216
                Nov 11, 2021 04:23:40.846123934 CET296823192.168.2.2346.141.0.20
                Nov 11, 2021 04:23:40.846127987 CET296823192.168.2.2377.206.168.218
                Nov 11, 2021 04:23:40.846129894 CET296823192.168.2.23129.219.185.12
                Nov 11, 2021 04:23:40.846131086 CET296823192.168.2.23108.75.239.159
                Nov 11, 2021 04:23:40.846132994 CET296823192.168.2.23117.55.101.144
                Nov 11, 2021 04:23:40.846138000 CET296823192.168.2.2392.131.105.137
                Nov 11, 2021 04:23:40.846157074 CET296823192.168.2.2375.64.191.102
                Nov 11, 2021 04:23:40.846162081 CET296823192.168.2.2394.249.227.112
                Nov 11, 2021 04:23:40.846163034 CET296823192.168.2.2384.198.236.12
                Nov 11, 2021 04:23:40.846164942 CET296823192.168.2.23189.106.214.74
                Nov 11, 2021 04:23:40.846165895 CET296823192.168.2.2372.49.76.235
                Nov 11, 2021 04:23:40.846168995 CET296823192.168.2.23204.236.64.121
                Nov 11, 2021 04:23:40.846169949 CET296823192.168.2.23195.164.116.213
                Nov 11, 2021 04:23:40.846180916 CET296823192.168.2.23154.127.55.166
                Nov 11, 2021 04:23:40.846184969 CET296823192.168.2.23210.36.184.82
                Nov 11, 2021 04:23:40.846193075 CET296823192.168.2.23161.126.18.104
                Nov 11, 2021 04:23:40.846200943 CET296823192.168.2.23211.162.214.238
                Nov 11, 2021 04:23:40.846209049 CET296823192.168.2.239.58.140.255
                Nov 11, 2021 04:23:40.846210003 CET296823192.168.2.23210.137.99.166
                Nov 11, 2021 04:23:40.846215010 CET296823192.168.2.2338.122.209.70
                Nov 11, 2021 04:23:40.846215963 CET296823192.168.2.239.40.115.107
                Nov 11, 2021 04:23:40.846220970 CET296823192.168.2.23185.178.120.134
                Nov 11, 2021 04:23:40.846223116 CET296823192.168.2.2385.195.182.99
                Nov 11, 2021 04:23:40.846226931 CET296823192.168.2.23221.59.218.137
                Nov 11, 2021 04:23:40.846226931 CET296823192.168.2.23134.163.122.230
                Nov 11, 2021 04:23:40.846230030 CET296823192.168.2.23182.103.249.103
                Nov 11, 2021 04:23:40.846244097 CET296823192.168.2.2395.72.137.105
                Nov 11, 2021 04:23:40.846246004 CET296823192.168.2.2323.57.20.147
                Nov 11, 2021 04:23:40.846251011 CET296823192.168.2.23112.143.134.162
                Nov 11, 2021 04:23:40.846254110 CET296823192.168.2.2392.71.219.212
                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                Nov 11, 2021 04:24:24.195579052 CET192.168.2.231.1.1.10x408eStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)
                Nov 11, 2021 04:24:24.195800066 CET192.168.2.231.1.1.10x3e7fStandard query (0)daisy.ubuntu.com28IN (0x0001)
                Nov 11, 2021 04:24:24.315257072 CET192.168.2.231.1.1.10xa0f9Standard query (0)daisy.ubuntu.com28IN (0x0001)
                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                Nov 11, 2021 04:24:24.213287115 CET1.1.1.1192.168.2.230x408eNo error (0)daisy.ubuntu.com162.213.33.108A (IP address)IN (0x0001)
                Nov 11, 2021 04:24:24.213287115 CET1.1.1.1192.168.2.230x408eNo error (0)daisy.ubuntu.com162.213.33.132A (IP address)IN (0x0001)

                System Behavior

                Start time:04:23:39
                Start date:11/11/2021
                Path:/tmp/arm7
                Arguments:/tmp/arm7
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                File Activities

                Start time:04:23:39
                Start date:11/11/2021
                Path:/tmp/arm7
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
                Start time:04:23:39
                Start date:11/11/2021
                Path:/tmp/arm7
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
                Start time:04:23:39
                Start date:11/11/2021
                Path:/tmp/arm7
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
                Start time:04:23:39
                Start date:11/11/2021
                Path:/tmp/arm7
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
                Start time:04:23:39
                Start date:11/11/2021
                Path:/tmp/arm7
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
                Start time:04:24:22
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:24:22
                Start date:11/11/2021
                Path:/usr/bin/whoopsie
                Arguments:/usr/bin/whoopsie -f
                File size:68592 bytes
                MD5 hash:d3a6915d0e7398fb4c89a037c13959c8
                Start time:04:24:27
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:24:27
                Start date:11/11/2021
                Path:/usr/sbin/sshd
                Arguments:/usr/sbin/sshd -t
                File size:876328 bytes
                MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340
                Start time:04:24:27
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:24:27
                Start date:11/11/2021
                Path:/usr/sbin/sshd
                Arguments:/usr/sbin/sshd -D
                File size:876328 bytes
                MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340
                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f
                Start time:04:24:34
                Start date:11/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f
                Start time:04:24:34
                Start date:11/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/lib/accountsservice/accounts-daemon
                Arguments:/usr/lib/accountsservice/accounts-daemon
                File size:203192 bytes
                MD5 hash:01a899e3fb5e7e434bea1290255a1f30
                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/lib/accountsservice/accounts-daemon
                Arguments:n/a
                File size:203192 bytes
                MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                File Activities

                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/share/language-tools/language-validate
                Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/share/language-tools/language-validate
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/share/language-tools/language-options
                Arguments:/usr/share/language-tools/language-options
                File size:3478464 bytes
                MD5 hash:16a21f464119ea7fad1d3660de963637
                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/share/language-tools/language-options
                Arguments:n/a
                File size:3478464 bytes
                MD5 hash:16a21f464119ea7fad1d3660de963637
                Start time:04:24:34
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:sh -c "locale -a | grep -F .utf8 "
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:24:34
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/bin/locale
                Arguments:locale -a
                File size:58944 bytes
                MD5 hash:c72a78792469db86d91369c9057f20d2
                Start time:04:24:34
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:24:34
                Start date:11/11/2021
                Path:/usr/bin/grep
                Arguments:grep -F .utf8
                File size:199136 bytes
                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                File Activities

                Start time:04:24:35
                Start date:11/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f
                Start time:04:24:35
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-session-worker
                Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                File size:293360 bytes
                MD5 hash:692243754bd9f38fe9bd7e230b5c060a
                Start time:04:24:37
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-session-worker
                Arguments:n/a
                File size:293360 bytes
                MD5 hash:692243754bd9f38fe9bd7e230b5c060a
                Start time:04:24:37
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-wayland-session
                Arguments:/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                File size:76368 bytes
                MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                File Activities

                Start time:04:24:37
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-wayland-session
                Arguments:n/a
                File size:76368 bytes
                MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                File Activities

                Start time:04:24:37
                Start date:11/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                File Activities

                Start time:04:24:37
                Start date:11/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:n/a
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4
                Start time:04:24:37
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:dbus-daemon --nofork --print-address 4 --session
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:24:39
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:24:40
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:24:38
                Start date:11/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:n/a
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4
                Start time:04:24:38
                Start date:11/11/2021
                Path:/usr/bin/gnome-session
                Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:24:38
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb
                Start time:04:24:40
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:24:40
                Start date:11/11/2021
                Path:/usr/bin/session-migration
                Arguments:session-migration
                File size:22680 bytes
                MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

                File Activities

                Start time:04:24:41
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:24:41
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:24:41
                Start date:11/11/2021
                Path:/usr/bin/gnome-shell
                Arguments:/usr/bin/gnome-shell
                File size:23168 bytes
                MD5 hash:da7a257239677622fe4b3a65972c9e87
                Start time:04:24:44
                Start date:11/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f
                Start time:04:24:44
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-session-worker
                Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                File size:293360 bytes
                MD5 hash:692243754bd9f38fe9bd7e230b5c060a
                Start time:04:24:45
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-session-worker
                Arguments:n/a
                File size:293360 bytes
                MD5 hash:692243754bd9f38fe9bd7e230b5c060a
                Start time:04:24:45
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-x-session
                Arguments:/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                File size:96944 bytes
                MD5 hash:498a824333f1c1ec7767f4612d1887cc
                Start time:04:24:46
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-x-session
                Arguments:n/a
                File size:96944 bytes
                MD5 hash:498a824333f1c1ec7767f4612d1887cc

                File Activities

                Start time:04:24:46
                Start date:11/11/2021
                Path:/usr/bin/Xorg
                Arguments:/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:24:46
                Start date:11/11/2021
                Path:/usr/lib/xorg/Xorg.wrap
                Arguments:/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                File size:14488 bytes
                MD5 hash:48993830888200ecf19dd7def0884dfd

                File Activities

                Start time:04:24:46
                Start date:11/11/2021
                Path:/usr/lib/xorg/Xorg
                Arguments:/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                File size:2448840 bytes
                MD5 hash:730cf4c45a7ee8bea88abf165463b7f8
                Start time:04:24:56
                Start date:11/11/2021
                Path:/usr/lib/xorg/Xorg
                Arguments:n/a
                File size:2448840 bytes
                MD5 hash:730cf4c45a7ee8bea88abf165463b7f8
                Start time:04:24:56
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:24:56
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:24:56
                Start date:11/11/2021
                Path:/usr/bin/xkbcomp
                Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                File size:217184 bytes
                MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b
                Start time:04:25:30
                Start date:11/11/2021
                Path:/usr/lib/xorg/Xorg
                Arguments:n/a
                File size:2448840 bytes
                MD5 hash:730cf4c45a7ee8bea88abf165463b7f8
                Start time:04:25:30
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:30
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:25:30
                Start date:11/11/2021
                Path:/usr/bin/xkbcomp
                Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                File size:217184 bytes
                MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b
                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-x-session
                Arguments:n/a
                File size:96944 bytes
                MD5 hash:498a824333f1c1ec7767f4612d1887cc

                File Activities

                Start time:04:25:03
                Start date:11/11/2021
                Path:/etc/gdm3/Prime/Default
                Arguments:/etc/gdm3/Prime/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/lib/gdm3/gdm-x-session
                Arguments:n/a
                File size:96944 bytes
                MD5 hash:498a824333f1c1ec7767f4612d1887cc

                File Activities

                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                File Activities

                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:n/a
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4
                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:dbus-daemon --nofork --print-address 4 --session
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:09
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:09
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:09
                Start date:11/11/2021
                Path:/usr/libexec/at-spi-bus-launcher
                Arguments:/usr/libexec/at-spi-bus-launcher
                File size:27008 bytes
                MD5 hash:1563f274acd4e7ba530a55bdc4c95682
                Start time:04:25:11
                Start date:11/11/2021
                Path:/usr/libexec/at-spi-bus-launcher
                Arguments:n/a
                File size:27008 bytes
                MD5 hash:1563f274acd4e7ba530a55bdc4c95682

                File Activities

                Start time:04:25:11
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:33
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:33
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:33
                Start date:11/11/2021
                Path:/usr/libexec/at-spi2-registryd
                Arguments:/usr/libexec/at-spi2-registryd --use-gnome-session
                File size:100224 bytes
                MD5 hash:1d904c2693452edebc7ede3a9e24d440

                File Activities

                Start time:04:25:14
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:14
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:14
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:15
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:15
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:25:29
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:29
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:29
                Start date:11/11/2021
                Path:/usr/libexec/ibus-portal
                Arguments:/usr/libexec/ibus-portal
                File size:92536 bytes
                MD5 hash:562ad55bd9a4d54bd7b76746b01e37d3
                Start time:04:25:35
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:35
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:35
                Start date:11/11/2021
                Path:/usr/bin/gjs
                Arguments:/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
                File size:23128 bytes
                MD5 hash:5f3eceb792bb65c22f23d1efb4fde3ad
                Start time:04:25:50
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                Start time:04:25:50
                Start date:11/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                File Activities

                Start time:04:25:51
                Start date:11/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                File Activities

                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:n/a
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4
                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/bin/gnome-session
                Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb
                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:03
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated
                Arguments:/usr/libexec/gnome-session-check-accelerated
                File size:18752 bytes
                MD5 hash:a64839518af85b2b9de31aca27646396
                Start time:04:25:12
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated
                Arguments:n/a
                File size:18752 bytes
                MD5 hash:a64839518af85b2b9de31aca27646396

                File Activities

                Start time:04:25:12
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated-gl-helper
                Arguments:/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
                File size:22920 bytes
                MD5 hash:b1ab9a384f9e98a39ae5c36037dd5e78
                Start time:04:25:13
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated
                Arguments:n/a
                File size:18752 bytes
                MD5 hash:a64839518af85b2b9de31aca27646396

                File Activities

                Start time:04:25:13
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated-gles-helper
                Arguments:/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
                File size:14728 bytes
                MD5 hash:1bd78885765a18e60c05ed1fb5fa3bf8
                Start time:04:25:16
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:16
                Start date:11/11/2021
                Path:/usr/bin/session-migration
                Arguments:session-migration
                File size:22680 bytes
                MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

                File Activities

                Start time:04:25:17
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:17
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:17
                Start date:11/11/2021
                Path:/usr/bin/gnome-shell
                Arguments:/usr/bin/gnome-shell
                File size:23168 bytes
                MD5 hash:da7a257239677622fe4b3a65972c9e87
                Start time:04:25:28
                Start date:11/11/2021
                Path:/usr/bin/gnome-shell
                Arguments:n/a
                File size:23168 bytes
                MD5 hash:da7a257239677622fe4b3a65972c9e87

                File Activities

                Start time:04:25:28
                Start date:11/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:ibus-daemon --panel disable --xim
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31
                Start time:04:25:29
                Start date:11/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:n/a
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                File Activities

                Start time:04:25:29
                Start date:11/11/2021
                Path:/usr/libexec/ibus-memconf
                Arguments:/usr/libexec/ibus-memconf
                File size:22904 bytes
                MD5 hash:523e939905910d06598e66385761a822
                Start time:04:25:29
                Start date:11/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:n/a
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31
                Start time:04:25:29
                Start date:11/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:n/a
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                File Activities

                Start time:04:25:29
                Start date:11/11/2021
                Path:/usr/libexec/ibus-x11
                Arguments:/usr/libexec/ibus-x11 --kill-daemon
                File size:100352 bytes
                MD5 hash:2aa1e54666191243814c2733d6992dbd
                Start time:04:25:42
                Start date:11/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:n/a
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                File Activities

                Start time:04:25:42
                Start date:11/11/2021
                Path:/usr/libexec/ibus-engine-simple
                Arguments:/usr/libexec/ibus-engine-simple
                File size:14712 bytes
                MD5 hash:0238866d5e8802a0ce1b1b9af8cb1376
                Start time:04:25:39
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:39
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:39
                Start date:11/11/2021
                Path:/usr/libexec/gsd-sharing
                Arguments:/usr/libexec/gsd-sharing
                File size:35424 bytes
                MD5 hash:e29d9025d98590fbb69f89fdbd4438b3
                Start time:04:25:39
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:39
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:39
                Start date:11/11/2021
                Path:/usr/libexec/gsd-wacom
                Arguments:/usr/libexec/gsd-wacom
                File size:39520 bytes
                MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1
                Start time:04:25:39
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:39
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:40
                Start date:11/11/2021
                Path:/usr/libexec/gsd-color
                Arguments:/usr/libexec/gsd-color
                File size:92832 bytes
                MD5 hash:ac2861ad93ce047283e8e87cefef9a19
                Start time:04:25:40
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:40
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:41
                Start date:11/11/2021
                Path:/usr/libexec/gsd-keyboard
                Arguments:/usr/libexec/gsd-keyboard
                File size:39760 bytes
                MD5 hash:8e288fd17c80bb0a1148b964b2ac2279
                Start time:04:25:41
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:41
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:41
                Start date:11/11/2021
                Path:/usr/libexec/gsd-print-notifications
                Arguments:/usr/libexec/gsd-print-notifications
                File size:51840 bytes
                MD5 hash:71539698aa691718cee775d6b9450ae2

                File Activities

                Start time:04:25:49
                Start date:11/11/2021
                Path:/usr/libexec/gsd-print-notifications
                Arguments:n/a
                File size:51840 bytes
                MD5 hash:71539698aa691718cee775d6b9450ae2
                Start time:04:25:49
                Start date:11/11/2021
                Path:/usr/libexec/gsd-print-notifications
                Arguments:n/a
                File size:51840 bytes
                MD5 hash:71539698aa691718cee775d6b9450ae2

                File Activities

                Start time:04:25:50
                Start date:11/11/2021
                Path:/usr/libexec/gsd-printer
                Arguments:/usr/libexec/gsd-printer
                File size:31120 bytes
                MD5 hash:7995828cf98c315fd55f2ffb3b22384d

                File Activities

                Start time:04:25:41
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:41
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:41
                Start date:11/11/2021
                Path:/usr/libexec/gsd-rfkill
                Arguments:/usr/libexec/gsd-rfkill
                File size:51808 bytes
                MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

                File Activities

                Start time:04:25:41
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:41
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:42
                Start date:11/11/2021
                Path:/usr/libexec/gsd-smartcard
                Arguments:/usr/libexec/gsd-smartcard
                File size:109152 bytes
                MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605
                Start time:04:25:42
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:42
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:43
                Start date:11/11/2021
                Path:/usr/libexec/gsd-datetime
                Arguments:/usr/libexec/gsd-datetime
                File size:76736 bytes
                MD5 hash:d80d39745740de37d6634d36e344d4bc
                Start time:04:25:43
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:43
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:43
                Start date:11/11/2021
                Path:/usr/libexec/gsd-media-keys
                Arguments:/usr/libexec/gsd-media-keys
                File size:232936 bytes
                MD5 hash:a425448c135afb4b8bfd79cc0b6b74da
                Start time:04:25:43
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:43
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:44
                Start date:11/11/2021
                Path:/usr/libexec/gsd-screensaver-proxy
                Arguments:/usr/libexec/gsd-screensaver-proxy
                File size:27232 bytes
                MD5 hash:77e309450c87dceee43f1a9e50cc0d02

                File Activities

                Start time:04:25:43
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                File Activities

                Start time:04:25:44
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                File Activities

                Start time:04:25:45
                Start date:11/11/2021
                Path:/usr/libexec/gsd-sound
                Arguments:/usr/libexec/gsd-sound
                File size:31248 bytes
                MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

                File Activities

                Start time:04:25:44
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb
                Start time:04:25:45
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:25:45
                Start date:11/11/2021
                Path:/usr/libexec/gsd-a11y-settings
                Arguments:/usr/libexec/gsd-a11y-settings
                File size:23056 bytes
                MD5 hash:18e243d2cf30ecee7ea89d1462725c5c
                Start time:04:25:45
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb
                Start time:04:25:45
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:25:45
                Start date:11/11/2021
                Path:/usr/libexec/gsd-housekeeping
                Arguments:/usr/libexec/gsd-housekeeping
                File size:51840 bytes
                MD5 hash:b55f3394a84976ddb92a2915e5d76914
                Start time:04:25:45
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb
                Start time:04:25:46
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:25:46
                Start date:11/11/2021
                Path:/usr/libexec/gsd-power
                Arguments:/usr/libexec/gsd-power
                File size:88672 bytes
                MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7
                Start time:04:26:10
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb
                Start time:04:26:11
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:26:11
                Start date:11/11/2021
                Path:/usr/bin/spice-vdagent
                Arguments:/usr/bin/spice-vdagent
                File size:80664 bytes
                MD5 hash:80fb7f613aa78d1b8a229dbcf4577a9d
                Start time:04:26:12
                Start date:11/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb
                Start time:04:26:12
                Start date:11/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:26:13
                Start date:11/11/2021
                Path:/usr/bin/xbrlapi
                Arguments:xbrlapi -q
                File size:166384 bytes
                MD5 hash:0cfe25df39d38af32d6265ed947ca5b9
                Start time:04:24:44
                Start date:11/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f
                Start time:04:24:44
                Start date:11/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:24:44
                Start date:11/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f
                Start time:04:24:44
                Start date:11/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:24:52
                Start date:11/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f
                Start time:04:24:52
                Start date:11/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                Start time:04:24:57
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:24:57
                Start date:11/11/2021
                Path:/usr/bin/pulseaudio
                Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                File size:100832 bytes
                MD5 hash:0c3b4c789d8ffb12b25507f27e14c186
                Start time:04:25:10
                Start date:11/11/2021
                Path:/usr/libexec/gvfsd-fuse
                Arguments:n/a
                File size:47632 bytes
                MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933
                Start time:04:25:10
                Start date:11/11/2021
                Path:/bin/fusermount
                Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                File size:39144 bytes
                MD5 hash:576a1b135c82bdcbc97a91acea900566
                Start time:04:25:11
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:25:11
                Start date:11/11/2021
                Path:/lib/systemd/systemd-user-runtime-dir
                Arguments:/lib/systemd/systemd-user-runtime-dir stop 1000
                File size:22672 bytes
                MD5 hash:d55f4b0847f88131dbcfb07435178e54
                Start time:04:25:28
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:25:28
                Start date:11/11/2021
                Path:/lib/systemd/systemd-localed
                Arguments:/lib/systemd/systemd-localed
                File size:43232 bytes
                MD5 hash:1244af9646256d49594f2a8203329aa9
                Start time:04:25:32
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:25:32
                Start date:11/11/2021
                Path:/usr/bin/pulseaudio
                Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                File size:100832 bytes
                MD5 hash:0c3b4c789d8ffb12b25507f27e14c186
                Start time:04:25:33
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:25:33
                Start date:11/11/2021
                Path:/usr/libexec/geoclue
                Arguments:/usr/libexec/geoclue
                File size:301544 bytes
                MD5 hash:30ac5455f3c598dde91dc87477fb19f7
                Start time:04:25:50
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:25:50
                Start date:11/11/2021
                Path:/lib/systemd/systemd-hostnamed
                Arguments:/lib/systemd/systemd-hostnamed
                File size:35040 bytes
                MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65
                Start time:04:26:06
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:26:06
                Start date:11/11/2021
                Path:/lib/systemd/systemd-localed
                Arguments:/lib/systemd/systemd-localed
                File size:43232 bytes
                MD5 hash:1244af9646256d49594f2a8203329aa9
                Start time:04:26:07
                Start date:11/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75
                Start time:04:26:07
                Start date:11/11/2021
                Path:/usr/libexec/fprintd
                Arguments:/usr/libexec/fprintd
                File size:125312 bytes
                MD5 hash:b0d8829f05cd028529b84b061b660e84