Loading ...

Play interactive tourEdit tour

Linux Analysis Report iKuUJ0F8Du

Overview

General Information

Sample Name:iKuUJ0F8Du
Analysis ID:519722
MD5:5d0d54974ca6c1262372b7292ff1eb70
SHA1:00bdfd4f35dd30e1c049648cf5d8cffaf70cddd0
SHA256:8126a9a1a562576157434656d620574ce14b6db55b8c37bc6341c0bf1664820e
Tags:32elfmirairenesas
Infos:

Detection

Mirai
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample tries to kill many processes (SIGKILL)
Reads system files that contain records of logged in users
Uses known network protocols on non-standard ports
Sample reads /proc/mounts (often used for finding a writable filesystem)
Reads CPU information from /sys indicative of miner or evasive malware
Executes the "grep" command used to find patterns in files or piped streams
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample has stripped symbol table
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:519722
Start date:11.11.2021
Start time:04:36:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 11s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:iKuUJ0F8Du
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal80.spre.troj.lin@0/51@3/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • iKuUJ0F8Du (PID: 5234, Parent: 5117, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/iKuUJ0F8Du
  • systemd New Fork (PID: 5286, Parent: 1)
  • whoopsie (PID: 5286, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5293, Parent: 1)
  • sshd (PID: 5293, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5294, Parent: 1)
  • sshd (PID: 5294, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • gdm3 New Fork (PID: 5303, Parent: 1320)
  • Default (PID: 5303, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5306, Parent: 1320)
  • Default (PID: 5306, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5307, Parent: 1)
  • accounts-daemon (PID: 5307, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5322, Parent: 5307, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5323, Parent: 5322, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5324, Parent: 5323, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5325, Parent: 5324)
          • locale (PID: 5325, Parent: 5324, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5326, Parent: 5324)
          • grep (PID: 5326, Parent: 5324, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • gdm3 New Fork (PID: 5327, Parent: 1320)
  • gdm-session-worker (PID: 5327, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-wayland-session (PID: 5333, Parent: 5327, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • dbus-run-session (PID: 5336, Parent: 5333, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5337, Parent: 5336, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5341, Parent: 5337)
            • false (PID: 5342, Parent: 5341, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5344, Parent: 5337)
            • false (PID: 5345, Parent: 5344, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5346, Parent: 5337)
            • false (PID: 5347, Parent: 5346, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5348, Parent: 5337)
            • false (PID: 5349, Parent: 5348, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5350, Parent: 5337)
            • false (PID: 5351, Parent: 5350, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5352, Parent: 5337)
            • false (PID: 5353, Parent: 5352, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5355, Parent: 5337)
            • false (PID: 5356, Parent: 5355, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5338, Parent: 5336, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5338, Parent: 5336, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5357, Parent: 5338, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5358, Parent: 5338, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5358, Parent: 5338, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • gdm3 New Fork (PID: 5386, Parent: 1320)
  • gdm-session-worker (PID: 5386, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-x-session (PID: 5391, Parent: 5386, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • Xorg (PID: 5393, Parent: 5391, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg.wrap (PID: 5393, Parent: 5391, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg (PID: 5393, Parent: 5391, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
        • Xorg New Fork (PID: 5427, Parent: 5393)
        • sh (PID: 5427, Parent: 5393, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5428, Parent: 5427)
          • xkbcomp (PID: 5428, Parent: 5427, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
        • Xorg New Fork (PID: 5849, Parent: 5393)
        • sh (PID: 5849, Parent: 5393, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5850, Parent: 5849)
          • xkbcomp (PID: 5850, Parent: 5849, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
      • Default (PID: 5437, Parent: 5391, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/Prime/Default
      • dbus-run-session (PID: 5438, Parent: 5391, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5439, Parent: 5438, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5495, Parent: 5439)
            • at-spi-bus-launcher (PID: 5496, Parent: 5495, MD5: 1563f274acd4e7ba530a55bdc4c95682) Arguments: /usr/libexec/at-spi-bus-launcher
              • dbus-daemon (PID: 5501, Parent: 5496, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
                • dbus-daemon New Fork (PID: 5879, Parent: 5501)
                  • at-spi2-registryd (PID: 5883, Parent: 5879, MD5: 1d904c2693452edebc7ede3a9e24d440) Arguments: /usr/libexec/at-spi2-registryd --use-gnome-session
          • dbus-daemon New Fork (PID: 5525, Parent: 5439)
            • false (PID: 5526, Parent: 5525, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5528, Parent: 5439)
            • false (PID: 5529, Parent: 5528, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5530, Parent: 5439)
            • false (PID: 5531, Parent: 5530, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5532, Parent: 5439)
            • false (PID: 5533, Parent: 5532, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5534, Parent: 5439)
            • false (PID: 5535, Parent: 5534, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5536, Parent: 5439)
            • false (PID: 5537, Parent: 5536, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5539, Parent: 5439)
            • false (PID: 5540, Parent: 5539, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5845, Parent: 5439)
            • ibus-portal (PID: 5846, Parent: 5845, MD5: 562ad55bd9a4d54bd7b76746b01e37d3) Arguments: /usr/libexec/ibus-portal
          • dbus-daemon New Fork (PID: 6079, Parent: 5439)
            • gjs (PID: 6080, Parent: 6079, MD5: 5f3eceb792bb65c22f23d1efb4fde3ad) Arguments: /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
          • dbus-daemon New Fork (PID: 6142, Parent: 5439)
            • false (PID: 6143, Parent: 6142, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5440, Parent: 5438, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5440, Parent: 5438, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5541, Parent: 5440, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5542, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5542, Parent: 5440, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
            • ibus-daemon (PID: 5797, Parent: 5542, MD5: 1e00fb9860b198c73f6e364e3ff16f31) Arguments: ibus-daemon --panel disable --xim
              • ibus-memconf (PID: 5841, Parent: 5797, MD5: 523e939905910d06598e66385761a822) Arguments: /usr/libexec/ibus-memconf
              • ibus-daemon New Fork (PID: 5843, Parent: 5797)
                • ibus-x11 (PID: 5844, Parent: 1, MD5: 2aa1e54666191243814c2733d6992dbd) Arguments: /usr/libexec/ibus-x11 --kill-daemon
              • ibus-engine-simple (PID: 6114, Parent: 5797, MD5: 0238866d5e8802a0ce1b1b9af8cb1376) Arguments: /usr/libexec/ibus-engine-simple
          • sh (PID: 6098, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
          • gsd-sharing (PID: 6098, Parent: 5440, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
          • sh (PID: 6100, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
          • gsd-wacom (PID: 6100, Parent: 5440, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
          • sh (PID: 6102, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
          • gsd-color (PID: 6102, Parent: 5440, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
          • sh (PID: 6103, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
          • gsd-keyboard (PID: 6103, Parent: 5440, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
          • sh (PID: 6105, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
          • sh (PID: 6106, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
          • gsd-rfkill (PID: 6106, Parent: 5440, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
          • sh (PID: 6108, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
          • gsd-smartcard (PID: 6108, Parent: 5440, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
          • sh (PID: 6111, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
          • gsd-datetime (PID: 6111, Parent: 5440, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
          • sh (PID: 6112, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
          • gsd-media-keys (PID: 6112, Parent: 5440, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
          • sh (PID: 6113, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
          • gsd-screensaver-proxy (PID: 6113, Parent: 5440, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
          • sh (PID: 6117, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
          • gsd-sound (PID: 6117, Parent: 5440, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
          • sh (PID: 6118, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
          • gsd-a11y-settings (PID: 6118, Parent: 5440, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
          • sh (PID: 6120, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
          • gsd-housekeeping (PID: 6120, Parent: 5440, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
          • sh (PID: 6123, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
          • gsd-power (PID: 6123, Parent: 5440, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
          • sh (PID: 6964, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
          • spice-vdagent (PID: 6964, Parent: 5440, MD5: 80fb7f613aa78d1b8a229dbcf4577a9d) Arguments: /usr/bin/spice-vdagent
          • sh (PID: 6971, Parent: 5440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
          • xbrlapi (PID: 6971, Parent: 5440, MD5: 0cfe25df39d38af32d6265ed947ca5b9) Arguments: xbrlapi -q
  • gdm3 New Fork (PID: 5387, Parent: 1320)
  • Default (PID: 5387, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5388, Parent: 1320)
  • Default (PID: 5388, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5396, Parent: 1320)
  • Default (PID: 5396, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5422, Parent: 1860)
  • pulseaudio (PID: 5422, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • fusermount (PID: 5443, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5458, Parent: 1)
  • systemd-user-runtime-dir (PID: 5458, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 1000
  • systemd New Fork (PID: 5567, Parent: 1)
  • systemd-localed (PID: 5567, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • systemd New Fork (PID: 5856, Parent: 1334)
  • pulseaudio (PID: 5856, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5859, Parent: 1)
  • geoclue (PID: 5859, Parent: 1, MD5: 30ac5455f3c598dde91dc87477fb19f7) Arguments: /usr/libexec/geoclue
  • systemd New Fork (PID: 6148, Parent: 1)
  • systemd-hostnamed (PID: 6148, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • systemd New Fork (PID: 6484, Parent: 1)
  • systemd-localed (PID: 6484, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • systemd New Fork (PID: 6753, Parent: 1)
  • fprintd (PID: 6753, Parent: 1, MD5: b0d8829f05cd028529b84b061b660e84) Arguments: /usr/libexec/fprintd
  • cleanup

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: iKuUJ0F8DuVirustotal: Detection: 37%Perma Link
    Source: iKuUJ0F8DuReversingLabs: Detection: 25%
    Source: /usr/lib/xorg/Xorg (PID: 5393)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5441)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5502)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5512)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5542)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5422)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5856)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:37342 version: TLS 1.2

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.252.187.30:23 -> 192.168.2.23:37590
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.252.187.30:23 -> 192.168.2.23:37590
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:50990
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:50990
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51010
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51010
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51032
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51032
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51080
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51080
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51118
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51118
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51138
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51138
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.235.162.242:23 -> 192.168.2.23:51578
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51146
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51146
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51162
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51162
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51176
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51176
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51196
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51196
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.217.174.74:23 -> 192.168.2.23:35172
    Source: TrafficSnort IDS: 716 INFO TELNET access 45.226.126.212:23 -> 192.168.2.23:39786
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51242
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51242
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51308
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51308
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.235.162.242:23 -> 192.168.2.23:51760
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 116.50.205.58:23 -> 192.168.2.23:49738
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 116.50.205.58:23 -> 192.168.2.23:49738
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51392
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51392
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 185.139.182.130:23 -> 192.168.2.23:48178
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 185.139.182.130:23 -> 192.168.2.23:48178
    Source: TrafficSnort IDS: 716 INFO TELNET access 45.226.126.212:23 -> 192.168.2.23:40012
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51490
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51490
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51556
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51556
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51622
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51622
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.252.187.30:23 -> 192.168.2.23:38616
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.252.187.30:23 -> 192.168.2.23:38616
    Source: TrafficSnort IDS: 716 INFO TELNET access 45.226.126.212:23 -> 192.168.2.23:40236
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.235.162.242:23 -> 192.168.2.23:52088
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51680
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.247.39.69:23 -> 192.168.2.23:43366
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.247.39.69:23 -> 192.168.2.23:43366
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51680
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51714
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51714
    Source: TrafficSnort IDS: 716 INFO TELNET access 1.181.80.102:23 -> 192.168.2.23:48134
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51740
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.28.158.153:23 -> 192.168.2.23:33022
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 5.28.158.153:23 -> 192.168.2.23:33022
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51740
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 185.139.182.130:23 -> 192.168.2.23:48606
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 185.139.182.130:23 -> 192.168.2.23:48606
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51762
    Source: TrafficSnort IDS: 716 INFO TELNET access 45.226.126.212:23 -> 192.168.2.23:40332
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51762
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 1.181.80.102:23 -> 192.168.2.23:48134
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51782
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51782
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 116.50.205.58:23 -> 192.168.2.23:50268
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 116.50.205.58:23 -> 192.168.2.23:50268
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51800
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51800
    Source: TrafficSnort IDS: 716 INFO TELNET access 1.181.80.102:23 -> 192.168.2.23:48214
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 114.98.62.185:23 -> 192.168.2.23:37096
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51812
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51812
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51830
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51830
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 1.181.80.102:23 -> 192.168.2.23:48214
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51842
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.235.162.242:23 -> 192.168.2.23:52290
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51842
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 185.139.182.130:23 -> 192.168.2.23:48734
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 185.139.182.130:23 -> 192.168.2.23:48734
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.28.158.153:23 -> 192.168.2.23:33156
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 5.28.158.153:23 -> 192.168.2.23:33156
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51860
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51860
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 114.98.62.185:23 -> 192.168.2.23:37160
    Source: TrafficSnort IDS: 716 INFO TELNET access 1.181.80.102:23 -> 192.168.2.23:48284
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51886
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 1.181.80.102:23 -> 192.168.2.23:48284
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.217.174.74:23 -> 192.168.2.23:35884
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51886
    Source: TrafficSnort IDS: 716 INFO TELNET access 83.12.207.50:23 -> 192.168.2.23:51940
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.12.207.50:23 -> 192.168.2.23:51940
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 116.50.205.58:23 -> 192.168.2.23:50444
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 116.50.205.58:23 -> 192.168.2.23:50444
    Source: TrafficSnort IDS: 716 INFO TELNET access 1.181.80.102:23 -> 192.168.2.23:48366
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 89.21.217.221:23 -> 192.168.2.23:51464
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 89.21.217.221:23 -> 192.168.2.23:51464
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 185.139.182.130:23 -> 192.168.2.23:48846
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 185.139.182.130:23 -> 192.168.2.23:48846
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.28.158.153:23 -> 192.168.2.23:33282
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 5.28.158.153:23 -> 192.168.2.23:33282
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:52414 -> 124.235.162.242:23
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.235.162.242:23 -> 192.168.2.23:52414
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 114.98.62.185:23 -> 192.168.2.23:37276
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 1.181.80.102:23 -> 192.168.2.23:48366
    Source: TrafficSnort IDS: 716 INFO TELNET access 1.181.80.102:23 -> 192.168.2.23:48450
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 114.98.62.185:23 -> 192.168.2.23:37348
    Source: TrafficSnort IDS: 716 INFO TELNET access 42.112.23.219:23 -> 192.168.2.23:42172
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 1.181.80.102:23 -> 192.168.2.23:48450
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 185.139.182.130:23 -> 192.168.2.23:48964
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 185.139.182.130:23 -> 192.168.2.23:48964
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.28.158.153:23 -> 192.168.2.23:33402
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 5.28.158.153:23 -> 192.168.2.23:33402
    Source: TrafficSnort IDS: 716 INFO TELNET access 45.226.126.212:23 -> 192.168.2.23:40678
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.235.162.242:23 -> 192.168.2.23:52550
    Source: TrafficSnort IDS: 716 INFO TELNET access 1.181.80.102:23 -> 192.168.2.23:48528
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58492
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58518
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58542
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58544
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58546
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58550
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58552
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58562
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58576
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58592
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58614
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58634
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58654
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58664
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58676
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58728
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58738
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58746
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58760
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58770
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58760
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58788
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58802
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58812
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58824
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58840
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58850
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58856
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58864
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33326
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33336
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33342
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33356
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33368
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33382
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33396
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33404
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33420
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33440
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33454
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33474
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33498
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33518
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33534
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33554
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33576
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33598
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33618
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33634
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33646
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33660
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33674
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33688
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33704
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33716
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33728
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33744
    Source: global trafficTCP traffic: 192.168.2.23:48594 -> 144.172.71.18:40485
    Source: /tmp/iKuUJ0F8Du (PID: 5240)Socket: 0.0.0.0::23
    Source: /usr/sbin/sshd (PID: 5294)Socket: 0.0.0.0::22
    Source: /usr/sbin/sshd (PID: 5294)Socket: [::]::22
    Source: /usr/bin/dbus-daemon (PID: 5337)Socket: <unknown socket type>:unknown
    Source: /usr/libexec/gnome-session-binary (PID: 5338)Socket: <unknown socket type>:unknown
    Source: /usr/lib/xorg/Xorg (PID: 5393)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 5439)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 5501)Socket: <unknown socket type>:unknown
    Source: /usr/libexec/gnome-session-binary (PID: 5440)Socket: <unknown socket type>:unknown
    Source: /usr/bin/ibus-daemon (PID: 5797)Socket: <unknown socket type>:unknown
    Source: unknownNetwork traffic detected: HTTP traffic on port 37342 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37342
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 174.89.72.56
    Source: unknownTCP traffic detected without corresponding DNS query: 149.86.186.166
    Source: unknownTCP traffic detected without corresponding DNS query: 47.93.131.56
    Source: unknownTCP traffic detected without corresponding DNS query: 222.162.189.165
    Source: unknownTCP traffic detected without corresponding DNS query: 181.233.194.143
    Source: unknownTCP traffic detected without corresponding DNS query: 79.225.197.57
    Source: unknownTCP traffic detected without corresponding DNS query: 19.153.60.212
    Source: unknownTCP traffic detected without corresponding DNS query: 217.68.165.104
    Source: unknownTCP traffic detected without corresponding DNS query: 122.1.8.220
    Source: unknownTCP traffic detected without corresponding DNS query: 145.88.187.20
    Source: unknownTCP traffic detected without corresponding DNS query: 39.131.192.57
    Source: unknownTCP traffic detected without corresponding DNS query: 68.182.107.90
    Source: unknownTCP traffic detected without corresponding DNS query: 139.101.34.94
    Source: unknownTCP traffic detected without corresponding DNS query: 39.171.8.54
    Source: unknownTCP traffic detected without corresponding DNS query: 204.211.193.128
    Source: unknownTCP traffic detected without corresponding DNS query: 47.129.59.188
    Source: unknownTCP traffic detected without corresponding DNS query: 203.235.112.140
    Source: unknownTCP traffic detected without corresponding DNS query: 8.32.204.136
    Source: unknownTCP traffic detected without corresponding DNS query: 119.26.140.105
    Source: unknownTCP traffic detected without corresponding DNS query: 168.2.60.189
    Source: unknownTCP traffic detected without corresponding DNS query: 204.245.58.135
    Source: unknownTCP traffic detected without corresponding DNS query: 79.99.54.155
    Source: unknownTCP traffic detected without corresponding DNS query: 70.84.6.13
    Source: unknownTCP traffic detected without corresponding DNS query: 38.128.235.150
    Source: unknownTCP traffic detected without corresponding DNS query: 91.9.8.196
    Source: unknownTCP traffic detected without corresponding DNS query: 185.145.196.5
    Source: unknownTCP traffic detected without corresponding DNS query: 31.83.16.4
    Source: unknownTCP traffic detected without corresponding DNS query: 130.130.3.105
    Source: unknownTCP traffic detected without corresponding DNS query: 135.43.119.37
    Source: unknownTCP traffic detected without corresponding DNS query: 130.140.189.113
    Source: unknownTCP traffic detected without corresponding DNS query: 120.229.202.123
    Source: unknownTCP traffic detected without corresponding DNS query: 174.154.191.221
    Source: unknownTCP traffic detected without corresponding DNS query: 45.11.237.188
    Source: unknownTCP traffic detected without corresponding DNS query: 195.63.65.9
    Source: unknownTCP traffic detected without corresponding DNS query: 132.239.155.245
    Source: unknownTCP traffic detected without corresponding DNS query: 112.245.99.73
    Source: unknownTCP traffic detected without corresponding DNS query: 160.108.198.216
    Source: unknownTCP traffic detected without corresponding DNS query: 211.49.175.121
    Source: unknownTCP traffic detected without corresponding DNS query: 120.178.136.178
    Source: unknownTCP traffic detected without corresponding DNS query: 220.94.27.254
    Source: unknownTCP traffic detected without corresponding DNS query: 113.81.101.237
    Source: unknownTCP traffic detected without corresponding DNS query: 212.131.174.251
    Source: unknownTCP traffic detected without corresponding DNS query: 97.80.128.84
    Source: unknownTCP traffic detected without corresponding DNS query: 17.89.244.78
    Source: unknownTCP traffic detected without corresponding DNS query: 12.147.182.29
    Source: unknownTCP traffic detected without corresponding DNS query: 13.165.74.106
    Source: unknownTCP traffic detected without corresponding DNS query: 182.166.187.219
    Source: unknownTCP traffic detected without corresponding DNS query: 221.119.150.172
    Source: unknownTCP traffic detected without corresponding DNS query: 206.101.173.175
    Source: unknownTCP traffic detected without corresponding DNS query: 164.160.248.135
    Source: Xorg.0.log.86.drString found in binary or memory: http://wiki.x.org
    Source: Xorg.0.log.86.drString found in binary or memory: http://www.ubuntu.com/support)
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
    Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:37342 version: TLS 1.2

    System Summary:

    barindex
    Sample tries to kill many processes (SIGKILL)Show sources
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1888, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5439)SIGKILL sent: pid: 5495, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5439)SIGKILL sent: pid: 5845, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5439)SIGKILL sent: pid: 6079, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5501)SIGKILL sent: pid: 5879, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/iKuUJ0F8Du (PID: 5240)SIGKILL sent: pid: 1888, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5439)SIGKILL sent: pid: 5495, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5439)SIGKILL sent: pid: 5845, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5439)SIGKILL sent: pid: 6079, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5501)SIGKILL sent: pid: 5879, result: successful
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: iKuUJ0F8DuJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
    Source: classification engineClassification label: mal80.spre.troj.lin@0/51@3/0

    Persistence and Installation Behavior:

    barindex
    Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
    Source: /usr/bin/dbus-daemon (PID: 5337)File: /proc/5337/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 5439)File: /proc/5439/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 5501)File: /proc/5501/mountsJump to behavior
    Source: /usr/bin/gjs (PID: 6080)File: /proc/6080/mountsJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5542)File: /proc/5542/mountsJump to behavior
    Source: /bin/fusermount (PID: 5443)File: /proc/5443/mounts
    Source: /bin/sh (PID: 5326)Grep executable: /usr/bin/grep -> grep -F .utf8
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1582/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/2033/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/670/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/793/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1579/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1699/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/674/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1335/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/2028/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/675/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/796/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1334/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1532/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1576/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/797/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/676/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/677/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/2025/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/799/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/910/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/912/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/517/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/759/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/918/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1594/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1349/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/761/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/840/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/884/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1389/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1983/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/2038/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/720/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1344/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1465/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1586/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/721/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1463/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/800/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/801/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/847/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1900/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/491/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1877/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/2009/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/772/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1599/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/774/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1477/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/654/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/896/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1476/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1872/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/655/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1475/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/656/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/777/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/657/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/658/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/419/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/936/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1809/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1494/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1890/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1888/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1601/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/420/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1886/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/2018/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1489/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/785/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/2014/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1320/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/788/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/667/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/789/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/904/exe
    Source: /tmp/iKuUJ0F8Du (PID: 5240)File opened: /proc/1207/exe
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/6100/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/5441/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/6102/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/6112/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/6123/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/5542/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/5883/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/6103/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/5501/status
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/5501/attr/current
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/5512/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5501)File opened: /proc/5844/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/6098/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/6111/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/5440/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/5440/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/6113/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/5441/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/6112/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/5542/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/5883/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/6106/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/5797/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/6105/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/6108/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/5439/status
    Source: /usr/bin/dbus-daemon (PID: 5439)File opened: /proc/5439/attr/current
    Source: /usr/bin/whoopsie (PID: 5286)Directory: /nonexistent/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5307)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5307)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5307)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /usr/share/language-tools/language-options (PID: 5324)Shell command executed: sh -c "locale -a | grep -F .utf8 "
    Source: /usr/lib/xorg/Xorg (PID: 5427)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/lib/xorg/Xorg (PID: 5849)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/lib/xorg/Xorg (PID: 5393)Log file created: /var/log/Xorg.0.logJump to dropped file

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58492
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58518
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58542
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58544
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58546
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58550
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58552
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58562
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58576
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58592
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58614
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58634
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58654
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58664
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58676
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58728
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58738
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58746
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58760
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58770
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58760
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58788
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58802
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58812
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58824
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58840
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58850
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58856
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58864
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33326
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33336
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33342
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33356
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33368
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33382
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33396
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33404
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33420
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33440
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33454
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33474
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33498
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33518
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33534
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33554
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33576
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33598
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33618
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33634
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33646
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33660
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33674
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33688
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33704
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33716
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33728
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33744
    Source: /usr/lib/xorg/Xorg (PID: 5393)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5441)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5502)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5512)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5542)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5422)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5856)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /tmp/iKuUJ0F8Du (PID: 5234)Queries kernel information via 'uname':
    Source: /usr/bin/whoopsie (PID: 5286)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 5327)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-binary (PID: 5338)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 5386)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-x-session (PID: 5391)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5393)Queries kernel information via 'uname':
    Source: /usr/libexec/at-spi-bus-launcher (PID: 5496)Queries kernel information via 'uname':
    Source: /usr/libexec/at-spi2-registryd (PID: 5883)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-binary (PID: 5440)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5441)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5502)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5512)Queries kernel information via 'uname':
    Source: /usr/bin/gnome-shell (PID: 5542)Queries kernel information via 'uname':
    Source: /usr/libexec/ibus-x11 (PID: 5844)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-wacom (PID: 6100)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-color (PID: 6102)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-keyboard (PID: 6103)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-smartcard (PID: 6108)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-media-keys (PID: 6112)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-power (PID: 6123)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5422)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5856)Queries kernel information via 'uname':
    Source: /lib/systemd/systemd-hostnamed (PID: 6148)Queries kernel information via 'uname':
    Source: /usr/libexec/fprintd (PID: 6753)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5393)Truncated file: /var/log/Xorg.pid-5393.log
    Source: Xorg.0.log.86.drBinary or memory string: [ 482.289] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.380] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.574] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.837] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.246] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.088] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.271] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.502] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.968] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.945] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.704] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.169] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.257] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.063] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.100] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.007] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.101] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.971] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.146] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
    Source: iKuUJ0F8Du, 5240.1.0000000069bb2f5e.00000000525e272c.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.710] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.746] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.825] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.449] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.832] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.790] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.073] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.252] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.766] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
    Source: iKuUJ0F8Du, 5234.1.00000000e3ab1f20.0000000018b0d825.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.247] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.866] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.897] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.207] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.004] (--) vmware(0): depth: 24
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.814] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.105] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.357] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.411] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.427] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.949] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.901] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.395] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.464] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.475] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.320] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.505] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.116] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.266] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.461] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.649] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.376] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.098] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.826] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.950] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.261] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.191] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.080] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.965] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.297] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.199] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.939] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.053] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.964] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.879] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.411] (II) vmware(0): Initialized VMware Xv extension successfully.
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.041] (==) vmware(0): Default visual is TrueColor
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.128] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.513] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.823] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.336] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.996] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.945] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.084] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.315] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.735] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.054] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.179] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.845] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.228] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.045] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.425] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.589] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.487] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.527] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.692] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.521] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.465] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.133] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.414] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.279] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.518] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.406] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.407] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.424] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.430] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.310] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.524] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.699] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.457] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.212] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: iKuUJ0F8Du, 5234.1.00000000e3ab1f20.0000000018b0d825.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sh4/tmp/iKuUJ0F8DuSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/iKuUJ0F8Du
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.722] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.991] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.937] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.941] (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.152] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.011] (--) vmware(0): w.red: 8
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.918] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.794] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.739] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.045] (==) vmware(0): Using HW cursor
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.137] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.469] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.450] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.325] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.301] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.442] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.887] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.906] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.045] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.800] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.211] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.392] (==) vmware(0): Backing store enabled
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.839] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.222] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: iKuUJ0F8Du, 5234.1.000000009ae5eebd.0000000069bb2f5e.rw-.sdmpBinary or memory string: U5!/etc/qemu-binfmt/sh4
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.647] (WW) vmware(0): Disabling RandR12+ support.
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.537] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.952] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.862] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
    Source: iKuUJ0F8Du, 5240.1.000000009ae5eebd.0000000069bb2f5e.rw-.sdmpBinary or memory string: U!/usr/bin/vmtoolsd
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.020] (--) vmware(0): w.blu: 8
    Source: Xorg.0.log.86.drBinary or memory string: [ 482.265] (II) LoadModule: "vmware"
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.371] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.441] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.438] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.743] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.933] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.453] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.831] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.829] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.748] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.028] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 494.001] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.688] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.753] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.842] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.843] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.395] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.774] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.989] (--) vmware(0): vram: 4194304
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.494] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.922] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.336] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.234] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.279] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.577] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.685] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.223] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.350] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.331] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.977] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.347] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: iKuUJ0F8Du, 5240.1.000000009ae5eebd.0000000069bb2f5e.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.141] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.240] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.955] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.852] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.600] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.015] (--) vmware(0): w.grn: 8
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.399] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.783] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.856] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.548] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.749] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.129] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.547] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.653] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.407] (II) vmware(0): Creating default Display subsection in Screen section
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.940] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.283] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.125] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.951] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.990] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.757] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.424] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.793] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.742] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.292] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.262] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.810] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.106] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.640] (WW) vmware(0): Disabling Render Acceleration.
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.591] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.112] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.120] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.094] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.300] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.483] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.870] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.055] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.084] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.687] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.880] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.629] (WW) vmware(0): Disabling 3D support.
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.721] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.985] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.534] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.186] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.883] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.434] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.707] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.717] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.059] (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.724] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.544] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.567] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.773] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.415] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.098] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.807] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.074] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.531] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.036] (==) vmware(0): RGB weight 888
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.700] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.390] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.820] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.836] (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.776] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.731] (II) vmware(0): Virtual size is 800x600 (pitch 1176)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.796] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.342] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.313] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.926] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.540] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.154] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.545] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.929] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.170] (II) vmware(0): Initialized VMware Xinerama extension.
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.288] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.981] (--) vmware(0): depth: 24
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.515] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.803] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.367] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.165] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.183] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.385] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.498] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.551] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.680] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: iKuUJ0F8Du, 5234.1.000000009ae5eebd.0000000069bb2f5e.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.305] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.884] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.352] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.433] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.817] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.512] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.203] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.175] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.696] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.910] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.779] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.612] (EE) vmware(0): Failed to open drm.
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.786] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.187] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.216] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.420] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.752] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.714] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.972] (==) vmware(0): DPI set to (96, 96)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.779] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.195] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.892] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 482.233] (==) Matched vmware as autoconfigured driver 0
    Source: Xorg.0.log.86.drBinary or memory string: [ 482.592] (II) Module vmware: vendor="X.Org Foundation"
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.000] (--) vmware(0): mheig: 885
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.562] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.024] (--) vmware(0): vis: 4
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.160] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.292] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.621] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.693] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.996] (--) vmware(0): mwidt: 1176
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.490] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.728] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.972] (--) vmware(0): caps: 0xFDFF83E2
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.108] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.672] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.050] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.663] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.874] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.234] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 483.993] (--) vmware(0): pbase: 0xe8000000
    Source: Xorg.0.log.86.drBinary or memory string: [ 493.451] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.029] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.150] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.136] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.467] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.362] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.999] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.067] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.849] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.763] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.037] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.445] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.020] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.326] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.914] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
    Source: Xorg.0.log.86.drBinary or memory string: [ 486.403] (==) vmware(0): Silken mouse enabled
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.403] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.555] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.118] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.156] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.524] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.769] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
    Source: Xorg.0.log.86.drBinary or memory string: [ 484.509] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.86.drBinary or memory string: [ 485.677] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)

    Language, Device and Operating System Detection:

    barindex
    Reads system files that contain records of logged in usersShow sources
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5307)Logged in records file read: /var/log/wtmpJump to behavior

    Stealing of Sensitive Information:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting1Path InterceptionPath InterceptionFile and Directory Permissions Modification1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting1LSASS MemorySystem Owner/User Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Hidden Files and Directories1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Indicator Removal on Host1NTDSSystem Information Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 519722 Sample: iKuUJ0F8Du Startdate: 11/11/2021 Architecture: LINUX Score: 80 120 87.248.96.208 YAHOO-IRDGB United Kingdom 2->120 122 157.182.220.56 WVUUS United States 2->122 124 99 other IPs or domains 2->124 134 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->134 136 Multi AV Scanner detection for submitted file 2->136 138 Yara detected Mirai 2->138 140 Uses known network protocols on non-standard ports 2->140 14 gdm3 gdm-session-worker 2->14         started        16 gdm3 gdm-session-worker 2->16         started        18 systemd accounts-daemon 2->18         started        21 18 other processes 2->21 signatures3 process4 signatures5 23 gdm-session-worker gdm-x-session 14->23         started        25 gdm-session-worker gdm-wayland-session 16->25         started        130 Reads system files that contain records of logged in users 18->130 27 accounts-daemon language-validate 18->27         started        132 Sample reads /proc/mounts (often used for finding a writable filesystem) 21->132 29 iKuUJ0F8Du 21->29         started        31 iKuUJ0F8Du 21->31         started        process6 process7 33 gdm-x-session dbus-run-session 23->33         started        35 gdm-x-session Xorg Xorg.wrap Xorg 23->35         started        37 gdm-x-session Default 23->37         started        39 gdm-wayland-session dbus-run-session 25->39         started        41 language-validate language-options 27->41         started        43 iKuUJ0F8Du 29->43         started        46 iKuUJ0F8Du 29->46         started        signatures8 48 dbus-run-session dbus-daemon 33->48         started        51 dbus-run-session gnome-session gnome-session-binary 1 33->51         started        53 Xorg sh 35->53         started        55 Xorg sh 35->55         started        57 dbus-run-session dbus-daemon 39->57         started        59 dbus-run-session gnome-session gnome-session-binary 1 39->59         started        61 language-options sh 41->61         started        148 Sample tries to kill many processes (SIGKILL) 43->148 63 iKuUJ0F8Du 46->63         started        process9 signatures10 126 Sample tries to kill many processes (SIGKILL) 48->126 128 Sample reads /proc/mounts (often used for finding a writable filesystem) 48->128 65 dbus-daemon 48->65         started        67 dbus-daemon 48->67         started        73 9 other processes 48->73 75 19 other processes 51->75 69 sh xkbcomp 53->69         started        71 sh xkbcomp 55->71         started        78 7 other processes 57->78 80 2 other processes 59->80 82 2 other processes 61->82 process11 signatures12 84 dbus-daemon at-spi-bus-launcher 65->84         started        86 dbus-daemon gjs 67->86         started        99 9 other processes 73->99 150 Sample reads /proc/mounts (often used for finding a writable filesystem) 75->150 89 gnome-shell ibus-daemon 75->89         started        91 gsd-print-notifications 75->91         started        93 gnome-session-check-accelerated gnome-session-check-accelerated-gl-helper 75->93         started        95 gnome-session-check-accelerated gnome-session-check-accelerated-gles-helper 75->95         started        97 dbus-daemon false 78->97         started        101 6 other processes 78->101 process13 signatures14 103 at-spi-bus-launcher dbus-daemon 84->103         started        142 Sample reads /proc/mounts (often used for finding a writable filesystem) 86->142 106 ibus-daemon 89->106         started        108 ibus-daemon ibus-memconf 89->108         started        110 ibus-daemon ibus-engine-simple 89->110         started        112 gsd-print-notifications gsd-printer 91->112         started        process15 signatures16 144 Sample tries to kill many processes (SIGKILL) 103->144 146 Sample reads /proc/mounts (often used for finding a writable filesystem) 103->146 114 dbus-daemon 103->114         started        116 ibus-daemon ibus-x11 106->116         started        process17 process18 118 dbus-daemon at-spi2-registryd 114->118         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    iKuUJ0F8Du37%VirustotalBrowse
    iKuUJ0F8Du25%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    162.213.33.132
    truefalse
      high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://wiki.x.orgXorg.0.log.86.drfalse
        high
        http://www.ubuntu.com/support)Xorg.0.log.86.drfalse
          high

          Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public

          IPDomainCountryFlagASNASN NameMalicious
          113.20.79.14
          unknownFiji
          9241FINTEL-FJFijiInternationalTelecomunicationsLtdFJfalse
          114.19.7.216
          unknownJapan2516KDDIKDDICORPORATIONJPfalse
          95.56.132.187
          unknownKazakhstan
          9198KAZTELECOM-ASKZfalse
          101.83.192.210
          unknownChina
          4812CHINANET-SH-APChinaTelecomGroupCNfalse
          132.118.40.110
          unknownUnited States
          306DNIC-ASBLK-00306-00371USfalse
          178.244.63.176
          unknownTurkey
          16135TURKCELL-ASTurkcellASTRfalse
          186.178.15.149
          unknownEcuador
          28006CORPORACIONNACIONALDETELECOMUNICACIONES-CNTEPECfalse
          4.250.17.37
          unknownUnited States
          3356LEVEL3USfalse
          220.142.93.152
          unknownTaiwan; Republic of China (ROC)
          3462HINETDataCommunicationBusinessGroupTWfalse
          20.167.89.117
          unknownUnited States
          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          5.144.113.94
          unknownRussian Federation
          8359MTSRUfalse
          103.203.177.190
          unknownBangladesh
          64074ABS-AS-APAlphaBroadwaySystemBDfalse
          93.1.71.253
          unknownFrance
          15557LDCOMNETFRfalse
          155.106.187.199
          unknownUnited States
          7018ATT-INTERNET4USfalse
          2.202.212.208
          unknownGermany
          3209VODANETInternationalIP-BackboneofVodafoneDEfalse
          125.70.125.254
          unknownChina
          38283CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetDatafalse
          27.231.70.48
          unknownJapan9605DOCOMONTTDOCOMOINCJPfalse
          172.175.150.76
          unknownUnited States
          7018ATT-INTERNET4USfalse
          163.199.10.38
          unknownSouth Africa
          62355NETWORKDEDICATEDCHfalse
          212.70.88.189
          unknownUnited Kingdom
          16174INTUITIV-ASIntuitivAutonomousSystemGBfalse
          203.220.124.122
          unknownAustralia
          7545TPG-INTERNET-APTPGTelecomLimitedAUfalse
          211.92.196.254
          unknownChina
          4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
          150.94.230.212
          unknownJapan6400CompaniaDominicanadeTelefonosSADOfalse
          35.87.63.27
          unknownUnited States
          237MERIT-AS-14USfalse
          34.217.111.207
          unknownUnited States
          16509AMAZON-02USfalse
          79.117.211.246
          unknownRomania
          8708RCS-RDS73-75DrStaicoviciROfalse
          138.106.222.182
          unknownSweden
          202116SCANIA-ASSEfalse
          162.177.80.187
          unknownUnited States
          21928T-MOBILE-AS21928USfalse
          73.208.247.16
          unknownUnited States
          7922COMCAST-7922USfalse
          14.122.106.86
          unknownChina
          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          102.73.57.244
          unknownMorocco
          6713IAM-ASMAfalse
          94.99.157.11
          unknownSaudi Arabia
          25019SAUDINETSTC-ASSAfalse
          217.156.238.227
          unknownUnited Kingdom
          3549LVLT-3549USfalse
          43.188.171.218
          unknownJapan4249LILLY-ASUSfalse
          95.218.217.74
          unknownSaudi Arabia
          25019SAUDINETSTC-ASSAfalse
          27.126.160.205
          unknownJapan18136CTAJupiterTelecommunicationsCoLtdJPfalse
          77.183.61.140
          unknownGermany
          6805TDDE-ASN1DEfalse
          1.252.254.88
          unknownKorea Republic of
          9318SKB-ASSKBroadbandCoLtdKRfalse
          167.33.111.196
          unknownCanada
          2665CDAGOVNCAfalse
          107.210.249.239
          unknownUnited States
          7018ATT-INTERNET4USfalse
          148.185.5.243
          unknownEuropean Union
          3423ATTIS-ASN3423USfalse
          65.171.81.59
          unknownUnited States
          14574RTCCOMUSfalse
          118.31.165.102
          unknownChina
          37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
          109.102.110.68
          unknownRomania
          9050RTDBucharestRomaniaROfalse
          77.137.149.132
          unknownFrance
          12849HOTNET-ILAMS-IXAdminLANILfalse
          87.160.4.220
          unknownGermany
          3320DTAGInternetserviceprovideroperationsDEfalse
          46.220.227.113
          unknownAustria
          25255H3G-AUSTRIA-ASTELE2AUSTRIAATfalse
          92.233.183.87
          unknownUnited Kingdom
          5089NTLGBfalse
          203.251.232.156
          unknownKorea Republic of
          4670HYUNDAI-KRShinbiroKRfalse
          168.54.241.222
          unknownUnited States
          1761TDIR-CAPNETUSfalse
          176.213.216.154
          unknownRussian Federation
          51645IRKUTSK-ASRUfalse
          87.248.96.208
          unknownUnited Kingdom
          34010YAHOO-IRDGBfalse
          186.148.170.212
          unknownColombia
          262186TVAZTECASUCURSALCOLOMBIACOfalse
          95.42.34.111
          unknownBulgaria
          8866BTC-ASBULGARIABGfalse
          34.137.212.25
          unknownUnited States
          2686ATGS-MMD-ASUSfalse
          133.74.84.34
          unknownJapan3488JAXANETInformationSystemsDepartmentJapanAerospaceExplfalse
          151.156.34.66
          unknownSweden
          205664VATTENFALL-ABSEfalse
          187.4.255.134
          unknownBrazil
          8167BrasilTelecomSA-FilialDistritoFederalBRfalse
          36.25.171.111
          unknownChina
          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          34.63.62.104
          unknownUnited States
          2686ATGS-MMD-ASUSfalse
          64.122.113.225
          unknownUnited States
          7385ALLSTREAMUSfalse
          194.144.206.241
          unknownIceland
          12969VODAFONE_ICELANDISfalse
          116.23.217.123
          unknownChina
          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          40.158.39.96
          unknownUnited States
          4249LILLY-ASUSfalse
          84.50.189.177
          unknownEstonia
          3249ESTPAKEEfalse
          189.35.34.46
          unknownBrazil
          28573CLAROSABRfalse
          97.206.178.30
          unknownUnited States
          6167CELLCO-PARTUSfalse
          76.233.154.253
          unknownUnited States
          7018ATT-INTERNET4USfalse
          69.222.238.0
          unknownUnited States
          7018ATT-INTERNET4USfalse
          71.107.114.137
          unknownUnited States
          701UUNETUSfalse
          211.76.83.31
          unknownTaiwan; Republic of China (ROC)
          9676SAVECOM-TWSaveComInternationIncTWfalse
          173.72.114.191
          unknownUnited States
          701UUNETUSfalse
          88.116.83.42
          unknownAustria
          8447TELEKOM-ATA1TelekomAustriaAGATfalse
          148.38.9.227
          unknownUnited States
          6400CompaniaDominicanadeTelefonosSADOfalse
          208.41.137.87
          unknownUnited States
          4565MEGAPATH2-USfalse
          32.149.172.222
          unknownUnited States
          2686ATGS-MMD-ASUSfalse
          45.12.142.175
          unknownLatvia
          35913DEDIPATH-LLCUSfalse
          192.63.149.28
          unknownUnited States
          unknownunknownfalse
          40.128.249.36
          unknownUnited States
          7029WINDSTREAMUSfalse
          157.182.220.56
          unknownUnited States
          12118WVUUSfalse
          103.183.119.94
          unknownunknown
          7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
          161.12.105.187
          unknownUnited Kingdom
          61231SSE-TELECOMSGBfalse
          38.123.47.200
          unknownUnited States
          40166DAEMEN-COLLEGEUSfalse
          157.77.88.7
          unknownJapan4678FINECanonITSolutionsIncJPfalse
          64.37.144.131
          unknownUnited States
          13720SONYONLINEUSfalse
          105.10.82.96
          unknownSouth Africa
          37168CELL-CZAfalse
          113.161.130.102
          unknownViet Nam
          45899VNPT-AS-VNVNPTCorpVNfalse
          48.49.138.120
          unknownUnited States
          2686ATGS-MMD-ASUSfalse
          86.44.104.208
          unknownIreland
          5466EIRCOMInternetHouseIEfalse
          19.161.5.47
          unknownUnited States
          3MIT-GATEWAYSUSfalse
          117.12.214.166
          unknownChina
          4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
          196.241.209.180
          unknownSeychelles
          37518FIBERGRIDSCfalse
          164.9.224.4
          unknownSweden
          29217WM-DATASEfalse
          58.81.27.74
          unknownJapan17506UCOMARTERIANetworksCorporationJPfalse
          77.182.11.56
          unknownGermany
          6805TDDE-ASN1DEfalse
          37.24.114.121
          unknownGermany
          6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
          213.83.85.152
          unknownUnited Kingdom
          8586OBSL-ASTalkTalk-BusinessdivisionGBfalse
          177.72.156.107
          unknownBrazil
          52821TorreseAnselmiLtdaBRfalse
          204.140.211.89
          unknownUnited States
          226LOS-NETTOS-ASUSfalse
          105.11.128.173
          unknownSouth Africa
          37168CELL-CZAfalse

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          daisy.ubuntu.comarm7Get hashmaliciousBrowse
          • 162.213.33.108
          armGet hashmaliciousBrowse
          • 162.213.33.108
          arm7Get hashmaliciousBrowse
          • 162.213.33.108
          x86Get hashmaliciousBrowse
          • 162.213.33.108
          armGet hashmaliciousBrowse
          • 162.213.33.108
          arm7Get hashmaliciousBrowse
          • 162.213.33.132
          x86Get hashmaliciousBrowse
          • 162.213.33.132
          armGet hashmaliciousBrowse
          • 162.213.33.108
          armGet hashmaliciousBrowse
          • 162.213.33.132
          x86Get hashmaliciousBrowse
          • 162.213.33.108
          arm7Get hashmaliciousBrowse
          • 162.213.33.132
          Filecoder.Hive_linux.binGet hashmaliciousBrowse
          • 162.213.33.108
          yFbmGHoONEGet hashmaliciousBrowse
          • 162.213.33.108
          zju8TB277lGet hashmaliciousBrowse
          • 162.213.33.108
          JYWllP5wHPGet hashmaliciousBrowse
          • 162.213.33.108
          uwgXkY20gBGet hashmaliciousBrowse
          • 162.213.33.108
          arm7Get hashmaliciousBrowse
          • 162.213.33.108
          armGet hashmaliciousBrowse
          • 162.213.33.132
          x86Get hashmaliciousBrowse
          • 162.213.33.132
          FWsCarsq8QGet hashmaliciousBrowse
          • 162.213.33.108

          ASN

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          KAZTELECOM-ASKZz0x3n.arm-20211110-2150Get hashmaliciousBrowse
          • 2.133.122.113
          DVHEnaPp2dGet hashmaliciousBrowse
          • 95.58.131.4
          qgxgn5fQU1Get hashmaliciousBrowse
          • 37.150.27.46
          jyTZMJKPD2Get hashmaliciousBrowse
          • 5.76.170.94
          P8NtIPe7f0Get hashmaliciousBrowse
          • 2.135.7.136
          FAuA0G2obMGet hashmaliciousBrowse
          • 92.47.16.107
          7L38cWaJpWGet hashmaliciousBrowse
          • 2.134.69.178
          nY0UOuOPzIGet hashmaliciousBrowse
          • 5.63.77.104
          arm7-20211103-0152Get hashmaliciousBrowse
          • 31.169.197.101
          sora.armGet hashmaliciousBrowse
          • 178.91.19.34
          zJk9UEOnQ7Get hashmaliciousBrowse
          • 2.135.247.91
          wt5i2fAcF0Get hashmaliciousBrowse
          • 95.57.233.60
          izTs48VpFZGet hashmaliciousBrowse
          • 178.91.19.33
          Yoshi.x86Get hashmaliciousBrowse
          • 37.151.123.198
          Antisocial.x86Get hashmaliciousBrowse
          • 5.251.149.225
          QtNnZoNz75Get hashmaliciousBrowse
          • 95.58.131.8
          S13B4aCa4EGet hashmaliciousBrowse
          • 95.56.47.28
          Tsunami.x86Get hashmaliciousBrowse
          • 5.251.149.212
          9QPGr9LMaqGet hashmaliciousBrowse
          • 95.56.23.109
          32UX3eB2m0Get hashmaliciousBrowse
          • 95.57.49.132
          KDDIKDDICORPORATIONJParm7Get hashmaliciousBrowse
          • 106.141.201.52
          TFiqcmldz5Get hashmaliciousBrowse
          • 175.128.122.198
          mF0MqdkjfzGet hashmaliciousBrowse
          • 59.239.123.55
          sora.arm7Get hashmaliciousBrowse
          • 106.148.78.193
          z0x3n.arm7-20211110-2150Get hashmaliciousBrowse
          • 118.152.120.101
          sora.mpslGet hashmaliciousBrowse
          • 222.226.56.23
          l0vNaPgd6fGet hashmaliciousBrowse
          • 111.98.134.48
          8fVDxGRR8SGet hashmaliciousBrowse
          • 106.191.145.9
          63BjZ1IcIhGet hashmaliciousBrowse
          • 210.199.228.130
          QXFOZ3CshcGet hashmaliciousBrowse
          • 59.228.127.121
          sora.x86Get hashmaliciousBrowse
          • 113.155.217.53
          sora.armGet hashmaliciousBrowse
          • 118.157.14.103
          HwcNrhNfZgGet hashmaliciousBrowse
          • 59.250.167.249
          e9e6i5D2gKGet hashmaliciousBrowse
          • 106.142.62.27
          ecuuS2WNmQGet hashmaliciousBrowse
          • 106.132.156.115
          0LuSWzDmJGGet hashmaliciousBrowse
          • 163.48.92.243
          Yoshi.arm-20211110-0350Get hashmaliciousBrowse
          • 111.106.90.136
          pt7DJSPfnaGet hashmaliciousBrowse
          • 106.176.104.203
          sora.x86Get hashmaliciousBrowse
          • 106.158.254.0
          KKveTTgaAAsecNNaaaa.armGet hashmaliciousBrowse
          • 210.168.192.200
          FINTEL-FJFijiInternationalTelecomunicationsLtdFJsora.armGet hashmaliciousBrowse
          • 113.20.79.29
          TJpN4pn0l7Get hashmaliciousBrowse
          • 202.62.5.149

          JA3 Fingerprints

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          8662467bc96db2d387755570446a7946Filecoder.Hive_linux.binGet hashmaliciousBrowse
          • 162.213.33.108
          mirai.armGet hashmaliciousBrowse
          • 162.213.33.108
          2j7dEG022bGet hashmaliciousBrowse
          • 162.213.33.108
          sora.arm7Get hashmaliciousBrowse
          • 162.213.33.108
          sora.x86Get hashmaliciousBrowse
          • 162.213.33.108
          sora.armGet hashmaliciousBrowse
          • 162.213.33.108
          EHqBakwhNUGet hashmaliciousBrowse
          • 162.213.33.108
          vq0sPlNJDKGet hashmaliciousBrowse
          • 162.213.33.108
          w07UCYGzBeGet hashmaliciousBrowse
          • 162.213.33.108
          Rry5mHEWuHGet hashmaliciousBrowse
          • 162.213.33.108
          ofgE8wetW4Get hashmaliciousBrowse
          • 162.213.33.108
          0bqzNIp9PVGet hashmaliciousBrowse
          • 162.213.33.108
          yjJXz4a3u6Get hashmaliciousBrowse
          • 162.213.33.108
          g3wyMOTecEGet hashmaliciousBrowse
          • 162.213.33.108
          7k6FKvDl0xGet hashmaliciousBrowse
          • 162.213.33.108
          KSzA1ujvlVGet hashmaliciousBrowse
          • 162.213.33.108
          y66dLhUn0GGet hashmaliciousBrowse
          • 162.213.33.108
          5j9ZIHs8fDGet hashmaliciousBrowse
          • 162.213.33.108
          1isequal9.arm7Get hashmaliciousBrowse
          • 162.213.33.108
          1isequal9.x86Get hashmaliciousBrowse
          • 162.213.33.108

          Dropped Files

          No context

          Created / dropped Files

          /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
          Process:/usr/bin/pulseaudio
          File Type:ASCII text
          Category:dropped
          Size (bytes):10
          Entropy (8bit):2.9219280948873623
          Encrypted:false
          SSDEEP:3:5bkPn:pkP
          MD5:FF001A15CE15CF062A3704CEA2991B5F
          SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
          SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
          SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview: auto_null.
          /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
          Process:/usr/bin/pulseaudio
          File Type:ASCII text
          Category:dropped
          Size (bytes):18
          Entropy (8bit):3.4613201402110088
          Encrypted:false
          SSDEEP:3:5bkrIZsXvn:pkckv
          MD5:28FE6435F34B3367707BB1C5D5F6B430
          SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
          SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
          SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview: auto_null.monitor.
          /proc/5294/oom_score_adj
          Process:/usr/sbin/sshd
          File Type:ASCII text
          Category:dropped
          Size (bytes):6
          Entropy (8bit):1.7924812503605778
          Encrypted:false
          SSDEEP:3:ptn:Dn
          MD5:CBF282CC55ED0792C33D10003D1F760A
          SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
          SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
          SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
          Malicious:false
          Reputation:high, very likely benign file
          Preview: -1000.
          /proc/5342/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview: 0
          /proc/5345/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview: 0
          /proc/5347/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview: 0
          /proc/5349/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview: 0
          /proc/5351/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5353/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5356/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5496/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5526/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5529/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5531/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5533/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5535/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5537/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5540/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5846/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/5883/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/6080/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /proc/6143/oom_score_adj
          Process:/usr/bin/dbus-daemon
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:V:V
          MD5:CFCD208495D565EF66E7DFF9F98764DA
          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
          Malicious:false
          Preview: 0
          /run/sshd.pid
          Process:/usr/sbin/sshd
          File Type:ASCII text
          Category:dropped
          Size (bytes):5
          Entropy (8bit):2.321928094887362
          Encrypted:false
          SSDEEP:3:Cgvn:Cq
          MD5:6241802DCBEB7C5908456B924444BB89
          SHA1:6A5ACBBE3C16030790F8986FC4D3F260C54D6F85
          SHA-256:C20721BC2D0E1AC3B2DE5B79934895327A12A807206D6A5B1DA934930039491F
          SHA-512:2586333D03E5C8D84816CBD9E22AF84F9249F0725A4FEA77BF0F0594DAE407A83FEFF40B2C7BF9C6DE29595A358190763AF0B4EC1F0506232D33D9056E53CA9F
          Malicious:false
          Preview: 5294.
          /run/user/1000/pulse/pid
          Process:/usr/bin/pulseaudio
          File Type:ASCII text
          Category:dropped
          Size (bytes):5
          Entropy (8bit):1.9219280948873623
          Encrypted:false
          SSDEEP:3:EHvn:EHv
          MD5:4516DC9CF0F93B2D127A8649FA91487F
          SHA1:39DFD4ADAB3BAFFC730B164AE3B95F434A716DBE
          SHA-256:4A9FF2D3B76A3A6E1E4487B909539E14D55E3265E0678B582C5976846C42C1E9
          SHA-512:79804BAFCA62C90DE63FA2C0CB8494C4EC1F3F8DB4F722B35ADCE0F25282F303913ACA63B180AFE2D671A6AD31909876077D49400BAADCDBAC881C8A07D558CB
          Malicious:false
          Preview: 5422.
          /run/user/127/ICEauthority
          Process:/usr/libexec/gnome-session-binary
          File Type:data
          Category:dropped
          Size (bytes):1304
          Entropy (8bit):6.00103512134652
          Encrypted:false
          SSDEEP:12:OxPG3+DfKUf2veY+G3+Q2xPNwveY+NqxP5mhijveY+5tWmxPwWoveY+wcZVveY+S:SyG8wqrccBzK
          MD5:2FA0FBCE75C1D6701C9E2039A853071A
          SHA1:EB3CB5C8A550AD7F9803F35D807ADA6CF2DFF05C
          SHA-256:B04B4DBE3ED80C87D45A47D0BCDC6215D44B74D56756D3E3DDCBD7B4B4AC1C9F
          SHA-512:7CADA7637EBCE8F10CF8CA8B0235DE11D96002B27E7F019FCFCA93A3B326F4A3F09CB3DC04F757D35145362115947AF93B24E67A810D64BB1F1BFEE106668C7C
          Malicious:false
          Preview: ..XSMP...!unix/galassia:/tmp/.ICE-unix/5440..MIT-MAGIC-COOKIE-1..!<.. .d..w.....z..XSMP...#local/galassia:@/tmp/.ICE-unix/5440..MIT-MAGIC-COOKIE-1...i....]7.....K}...ICE...!unix/galassia:/tmp/.ICE-unix/5338..MIT-MAGIC-COOKIE-1...=.S.B.M.d....'...ICE...#local/galassia:@/tmp/.ICE-unix/5338..MIT-MAGIC-COOKIE-1..K.....B.0.9\!....XSMP...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1...p.......A.9%..XSMP...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....o.(R...}.9...ICE...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...w$....^.'fI..1..ICE...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...^f........E..c..XSMP...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1... ......Y...@.t...XSMP...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...#...,.:B.o......ICE...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1..N..yte|4yXJ...Mf..ICE...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....cN.....N+..$..XSMP...#local/galass
          /run/user/127/dconf/user
          Process:/usr/libexec/gsd-power
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3::
          MD5:93B885ADFE0DA089CDF634904FD59F71
          SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
          SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
          SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
          Malicious:false
          Preview: .
          /run/user/127/gdm/Xauthority
          Process:/usr/lib/gdm3/gdm-x-session
          File Type:X11 Xauthority data
          Category:dropped
          Size (bytes):104
          Entropy (8bit):4.903826878482618
          Encrypted:false
          SSDEEP:3:rg/WFllasO93JSm5qoTwgWFllasO93JSm5qoX:rg/WFl21TTHWFl21TX
          MD5:04ACDFC76BC762CBD5D80806B686A14D
          SHA1:B70D3DCAE8B5C8C0BD338938D876E4994C5BEAA6
          SHA-256:DA9EEA71445CE097F87A13F4EC0705652B012C44524EA788E8AE9FB5C65F4E2E
          SHA-512:59AFBC7E4EF881369E3081B7D76C46E6776E1DDD277107D3A58230EE857380740DE6D45B4513CD8E791B1BEFB0D14D51B008186A0FBE55F6338A8B2BB42BADDC
          Malicious:false
          Preview: ....galassia....MIT-MAGIC-COOKIE-1..$^o..|C..!..(.|.....galassia....MIT-MAGIC-COOKIE-1..$^o..|C..!..(.|.
          /run/user/127/pulse/pid
          Process:/usr/bin/pulseaudio
          File Type:ASCII text
          Category:dropped
          Size (bytes):5
          Entropy (8bit):1.9219280948873623
          Encrypted:false
          SSDEEP:3:IGv:I4
          MD5:7230424E7D3E372FC3B7652A32CA23EA
          SHA1:ACE4182875EF90D5C3E88BDAE9FD0ACB22565BF2
          SHA-256:2BCD075A0755DD77FC0D81B5AEDB64D33F5E81AF6938603334559F7F07271213
          SHA-512:F14D19C686155140C8912CD3E080713DCD4646CF04B33F42ED37222479D38D455988E61CE58238F1EBE6EFF9481C3A6ABB4FFF3C7036AFB9396AC138F6C9AAFE
          Malicious:false
          Preview: 5856.
          /tmp/server-0.xkm
          Process:/usr/bin/xkbcomp
          File Type:Compiled XKB Keymap: lsb, version 15
          Category:dropped
          Size (bytes):12060
          Entropy (8bit):4.8492493153178975
          Encrypted:false
          SSDEEP:192:tDyb2zOmnECQmwTVFfLaSLus4UVcqLkjoqdD//HJeCQ1+JdDx0s2T:tDyAxvYhFf+S6tUzmp7/1MJ
          MD5:B4E3EB0B8B6B0FC1F46740C573E18D86
          SHA1:7D35426357695EBA77850757E8939A62DCEFF2D1
          SHA-256:7951135CC89A6E89493E3A9997C3D9054439459F8BFCE3DDEC76B943DA79FA91
          SHA-512:8196A23E2B5E525A5581562A2D7F2EE4FF5B694FEF3E218206D52EA9BFE80600BB0C6AA8968CA58E93E1AAD478FA05E157D08DB6D4D1224DDEA6754E377BE001
          Malicious:false
          Preview: .mkx..............D.......................h.......<.....P.@%.......&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18
          /var/lib/AccountsService/users/gdm.G1IGC1
          Process:/usr/lib/accountsservice/accounts-daemon
          File Type:ASCII text
          Category:dropped
          Size (bytes):61
          Entropy (8bit):4.66214589518167
          Encrypted:false
          SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
          MD5:542BA3FB41206AE43928AF1C5E61FEBC
          SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
          SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
          SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
          Malicious:false
          Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
          /var/lib/AccountsService/users/gdm.W1YOC1
          Process:/usr/lib/accountsservice/accounts-daemon
          File Type:ASCII text
          Category:dropped
          Size (bytes):61
          Entropy (8bit):4.66214589518167
          Encrypted:false
          SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
          MD5:542BA3FB41206AE43928AF1C5E61FEBC
          SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
          SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
          SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
          Malicious:false
          Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
          /var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
          Process:/usr/bin/ibus-daemon
          File Type:ASCII text
          Category:dropped
          Size (bytes):381
          Entropy (8bit):5.133298357510428
          Encrypted:false
          SSDEEP:6:SbF4b2sONeZVkSoQ65EfqFFAU+qmnQT23msRvkTFacecf8h/zKLGWWvTXHtBSAem:q5sU3LWfLUDmQymqSFbfomSRTLZZ1fzn
          MD5:9A1A12B1FB2DC1E55780138634D3EB76
          SHA1:D80BC27D0C0037419A0FB18746B9FDC44D248DA6
          SHA-256:855CF73D95E573A3175EF919B082CDF8151653DCED564B6F84447548DF92A1CD
          SHA-512:2BD1C113438D84A2C9721164CA9C92421C0008255FB9BBB6D899DAC4B8E57312FCFB1A18D7711966B3434402B44638D0850E09C06068A2EB867F789078615DC7
          Malicious:false
          Preview: # This file is created by ibus-daemon, please do not modify it..# This file allows processes on the machine to find the.# ibus session bus with the below address..# If the IBUS_ADDRESS environment variable is set, it will.# be used rather than this file..IBUS_ADDRESS=unix:abstract=/var/lib/gdm3/.cache/ibus/dbus-t5L6Rr9i,guid=f419f9dc2281b89c1781a9d3618c9e44.IBUS_DAEMON_PID=5797.
          /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
          Process:/usr/bin/pulseaudio
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:v:v
          MD5:68B329DA9893E34099C7D8AD5CB9C940
          SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
          SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
          SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
          Malicious:false
          Preview: .
          /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
          Process:/usr/bin/pulseaudio
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:v:v
          MD5:68B329DA9893E34099C7D8AD5CB9C940
          SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
          SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
          SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
          Malicious:false
          Preview: .
          /var/lib/whoopsie/whoopsie-id.2ZXHC1
          Process:/usr/bin/whoopsie
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):128
          Entropy (8bit):3.9410969045919657
          Encrypted:false
          SSDEEP:3:19y6UTAvBTdDVEQcNgAT0XUQhd3tjCZccCKcsVQWQ7JW:3y6BlVEfQXU8djCZd40
          MD5:D2B5AAF22916F8D6665CF9E835EAD5E7
          SHA1:AAEF3CE527B8F1E3733BCD03EF7A6C0F30881E15
          SHA-256:FEB925D4465BF6D30A42B19112406AD1B59BA90673DC4F91B25005A90FEFEB36
          SHA-512:B55A45FA0DECE5A3B0348BC3F3031A7329590E57BAD5013690AFEAA9825C0DE4B75D27057A56C33800F1626935840DA2262AAF14E795C75F39362B728D95F18A
          Malicious:false
          Preview: 9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e
          /var/log/Xorg.0.log
          Process:/usr/lib/xorg/Xorg
          File Type:ASCII text
          Category:dropped
          Size (bytes):41347
          Entropy (8bit):5.28868875123975
          Encrypted:false
          SSDEEP:384:yGOLNc9JMRdkdsdXdDdfdedOdXdzdYdjdVd3dddhdydGd1dpdldC7d7jdWod+dKq:POLO8echQY5pQBBfqZsyJlY0C
          MD5:FD693E30205B537968E11D507E598149
          SHA1:94705675CFB3ED098C26F12F06B86BF9465CC8B7
          SHA-256:F9CB2A2D3802FCF116E135CEF588F7108DD351F3AB6614DAB285FE9170D06EE7
          SHA-512:B52F201D34AFB862CB859DE1AC723477346C675475CA3BC405631830987D67D10BF55320F7D76A015AC08D67A6BF13FCCAFF19D6B5F8CC91E1D80BF1565E746F
          Malicious:false
          Preview: [ 479.631] (--) Log file renamed from "/var/log/Xorg.pid-5393.log" to "/var/log/Xorg.0.log".[ 479.655] .X.Org X Server 1.20.11.X Protocol Version 11, Revision 0.[ 479.674] Build Operating System: linux Ubuntu.[ 479.689] Current Operating System: Linux galassia 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64.[ 479.699] Kernel command line: Patched by Joe: BOOT_IMAGE=/vmlinuz-5.4.0-72-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro maybe-ubiquity.[ 479.714] Build Date: 06 July 2021 10:17:51AM.[ 479.719] xorg-server 2:1.20.11-1ubuntu1~20.04.2 (For technical support please see http://www.ubuntu.com/support) .[ 479.724] Current version of pixman: 0.38.4.[ 479.730] .Before reporting problems, check http://wiki.x.org..to make sure that you have the latest version..[ 479.734] Markers: (--) probed, (**) from config file, (==) default setting,..(++) from command line, (!!) notice, (II) informational,..(WW) warning, (EE) error, (NI) not implemented, (??)

          Static File Info

          General

          File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
          Entropy (8bit):6.827240147591348
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:iKuUJ0F8Du
          File size:71832
          MD5:5d0d54974ca6c1262372b7292ff1eb70
          SHA1:00bdfd4f35dd30e1c049648cf5d8cffaf70cddd0
          SHA256:8126a9a1a562576157434656d620574ce14b6db55b8c37bc6341c0bf1664820e
          SHA512:201ec2de315e35cadb68a0f45cf95490d68d76e9d7f4ef6ace49b83841241e750fb94dfaf7ad7d9803a257ab7c325e38076b00c5e76e644ae3273f98caa2b1ac
          SSDEEP:1536:ZR2ni8I7eNtxLcyTd4DR3mNZi3K/feul5YcCsRoqtfK:PRiNtqyTd48Nt/F5YcTC
          File Content Preview:.ELF..............*.......@.4...........4. ...(...............@...@...........................B...B......h..........Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, little endian
          Version:1 (current)
          Machine:<unknown>
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x4001a0
          Flags:0x9
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:71432
          Section Header Size:40
          Number of Section Headers:10
          Header String Table Index:9

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x4000940x940x300x00x6AX004
          .textPROGBITS0x4000e00xe00xee000x00x6AX0032
          .finiPROGBITS0x40eee00xeee00x240x00x6AX004
          .rodataPROGBITS0x40ef040xef040x23f80x00x2A004
          .ctorsPROGBITS0x4213000x113000x80x00x3WA004
          .dtorsPROGBITS0x4213080x113080x80x00x3WA004
          .dataPROGBITS0x4213140x113140x3b40x00x3WA004
          .bssNOBITS0x4216c80x116c80x64e00x00x3WA004
          .shstrtabSTRTAB0x00x116c80x3e0x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x4000000x4000000x112fc0x112fc4.69220x5R E0x10000.init .text .fini .rodata
          LOAD0x113000x4213000x4213000x3c80x68a81.84350x6RW 0x10000.ctors .dtors .data .bss
          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Nov 11, 2021 04:36:41.712081909 CET3359923192.168.2.23174.89.72.56
          Nov 11, 2021 04:36:41.712218046 CET3359923192.168.2.23149.86.186.166
          Nov 11, 2021 04:36:41.712227106 CET3359923192.168.2.2347.93.131.56
          Nov 11, 2021 04:36:41.712245941 CET3359923192.168.2.23222.162.189.165
          Nov 11, 2021 04:36:41.712253094 CET3359923192.168.2.23181.233.194.143
          Nov 11, 2021 04:36:41.712255001 CET3359923192.168.2.2379.225.197.57
          Nov 11, 2021 04:36:41.712272882 CET3359923192.168.2.2319.153.60.212
          Nov 11, 2021 04:36:41.712276936 CET3359923192.168.2.23217.68.165.104
          Nov 11, 2021 04:36:41.712300062 CET3359923192.168.2.23122.1.8.220
          Nov 11, 2021 04:36:41.712300062 CET3359923192.168.2.23145.88.187.20
          Nov 11, 2021 04:36:41.712348938 CET3359923192.168.2.2339.131.192.57
          Nov 11, 2021 04:36:41.712352991 CET3359923192.168.2.2368.182.107.90
          Nov 11, 2021 04:36:41.712376118 CET3359923192.168.2.23139.101.34.94
          Nov 11, 2021 04:36:41.712378025 CET3359923192.168.2.2339.171.8.54
          Nov 11, 2021 04:36:41.712384939 CET3359923192.168.2.23204.211.193.128
          Nov 11, 2021 04:36:41.712387085 CET3359923192.168.2.2347.129.59.188
          Nov 11, 2021 04:36:41.712388039 CET3359923192.168.2.23203.235.112.140
          Nov 11, 2021 04:36:41.712389946 CET3359923192.168.2.238.32.204.136
          Nov 11, 2021 04:36:41.712399960 CET3359923192.168.2.23119.26.140.105
          Nov 11, 2021 04:36:41.712403059 CET3359923192.168.2.23168.2.60.189
          Nov 11, 2021 04:36:41.712410927 CET3359923192.168.2.23204.245.58.135
          Nov 11, 2021 04:36:41.712413073 CET3359923192.168.2.2379.99.54.155
          Nov 11, 2021 04:36:41.712414980 CET3359923192.168.2.2370.84.6.13
          Nov 11, 2021 04:36:41.712423086 CET3359923192.168.2.2338.128.235.150
          Nov 11, 2021 04:36:41.712423086 CET3359923192.168.2.2391.9.8.196
          Nov 11, 2021 04:36:41.712424994 CET3359923192.168.2.23185.145.196.5
          Nov 11, 2021 04:36:41.712436914 CET3359923192.168.2.2331.83.16.4
          Nov 11, 2021 04:36:41.712441921 CET3359923192.168.2.23130.130.3.105
          Nov 11, 2021 04:36:41.712447882 CET3359923192.168.2.23135.43.119.37
          Nov 11, 2021 04:36:41.712457895 CET3359923192.168.2.23130.140.189.113
          Nov 11, 2021 04:36:41.712459087 CET3359923192.168.2.23120.229.202.123
          Nov 11, 2021 04:36:41.712461948 CET3359923192.168.2.23174.154.191.221
          Nov 11, 2021 04:36:41.712472916 CET3359923192.168.2.2345.11.237.188
          Nov 11, 2021 04:36:41.712481022 CET3359923192.168.2.23195.63.65.9
          Nov 11, 2021 04:36:41.712511063 CET3359923192.168.2.23132.239.155.245
          Nov 11, 2021 04:36:41.712573051 CET3359923192.168.2.23112.245.99.73
          Nov 11, 2021 04:36:41.712584972 CET3359923192.168.2.23160.108.198.216
          Nov 11, 2021 04:36:41.712595940 CET3359923192.168.2.23211.49.175.121
          Nov 11, 2021 04:36:41.712608099 CET3359923192.168.2.23120.178.136.178
          Nov 11, 2021 04:36:41.712627888 CET3359923192.168.2.23220.94.27.254
          Nov 11, 2021 04:36:41.712682962 CET3359923192.168.2.23113.81.101.237
          Nov 11, 2021 04:36:41.712690115 CET3359923192.168.2.23212.131.174.251
          Nov 11, 2021 04:36:41.712692976 CET3359923192.168.2.2397.80.128.84
          Nov 11, 2021 04:36:41.712694883 CET3359923192.168.2.2317.89.244.78
          Nov 11, 2021 04:36:41.712696075 CET3359923192.168.2.2312.147.182.29
          Nov 11, 2021 04:36:41.712697983 CET3359923192.168.2.2313.165.74.106
          Nov 11, 2021 04:36:41.712697983 CET3359923192.168.2.23182.166.187.219
          Nov 11, 2021 04:36:41.712711096 CET3359923192.168.2.23221.119.150.172
          Nov 11, 2021 04:36:41.712713003 CET3359923192.168.2.23206.101.173.175
          Nov 11, 2021 04:36:41.712718010 CET3359923192.168.2.23164.160.248.135
          Nov 11, 2021 04:36:41.712728977 CET3359923192.168.2.23135.75.245.250
          Nov 11, 2021 04:36:41.712737083 CET3359923192.168.2.23212.75.40.114
          Nov 11, 2021 04:36:41.712738991 CET3359923192.168.2.2347.95.215.66
          Nov 11, 2021 04:36:41.712743998 CET3359923192.168.2.23203.172.238.212
          Nov 11, 2021 04:36:41.712749958 CET3359923192.168.2.23122.10.141.129
          Nov 11, 2021 04:36:41.712750912 CET3359923192.168.2.2313.162.248.228
          Nov 11, 2021 04:36:41.712754011 CET3359923192.168.2.23119.33.166.193
          Nov 11, 2021 04:36:41.712762117 CET3359923192.168.2.23223.75.138.99
          Nov 11, 2021 04:36:41.712766886 CET3359923192.168.2.23155.33.191.230
          Nov 11, 2021 04:36:41.712768078 CET3359923192.168.2.23170.231.204.220
          Nov 11, 2021 04:36:41.712770939 CET3359923192.168.2.23114.129.101.144
          Nov 11, 2021 04:36:41.712781906 CET3359923192.168.2.2369.208.181.86
          Nov 11, 2021 04:36:41.712786913 CET3359923192.168.2.2357.18.83.243
          Nov 11, 2021 04:36:41.712790012 CET3359923192.168.2.2341.184.215.164
          Nov 11, 2021 04:36:41.712798119 CET3359923192.168.2.2399.223.63.10
          Nov 11, 2021 04:36:41.712804079 CET3359923192.168.2.23156.41.134.109
          Nov 11, 2021 04:36:41.712805033 CET3359923192.168.2.23104.63.23.146
          Nov 11, 2021 04:36:41.712814093 CET3359923192.168.2.23200.174.13.54
          Nov 11, 2021 04:36:41.712814093 CET3359923192.168.2.2339.40.124.4
          Nov 11, 2021 04:36:41.712817907 CET3359923192.168.2.23141.157.44.171
          Nov 11, 2021 04:36:41.712819099 CET3359923192.168.2.2312.218.248.244
          Nov 11, 2021 04:36:41.712824106 CET3359923192.168.2.2317.127.231.42
          Nov 11, 2021 04:36:41.712826014 CET3359923192.168.2.2340.166.132.98
          Nov 11, 2021 04:36:41.712831020 CET3359923192.168.2.2358.115.255.200
          Nov 11, 2021 04:36:41.712832928 CET3359923192.168.2.23120.129.208.71
          Nov 11, 2021 04:36:41.712832928 CET3359923192.168.2.2386.56.141.239
          Nov 11, 2021 04:36:41.712841034 CET3359923192.168.2.2353.210.7.98
          Nov 11, 2021 04:36:41.712841988 CET3359923192.168.2.231.41.34.175
          Nov 11, 2021 04:36:41.712850094 CET3359923192.168.2.23159.136.209.5
          Nov 11, 2021 04:36:41.712851048 CET3359923192.168.2.2340.186.190.31
          Nov 11, 2021 04:36:41.712852955 CET3359923192.168.2.23178.91.98.60
          Nov 11, 2021 04:36:41.712857008 CET3359923192.168.2.2376.17.190.34
          Nov 11, 2021 04:36:41.712863922 CET3359923192.168.2.23191.14.242.98
          Nov 11, 2021 04:36:41.712872028 CET3359923192.168.2.23174.188.41.192
          Nov 11, 2021 04:36:41.712878942 CET3359923192.168.2.23218.56.11.130
          Nov 11, 2021 04:36:41.712886095 CET3359923192.168.2.2380.58.76.59
          Nov 11, 2021 04:36:41.712899923 CET3359923192.168.2.2367.177.124.206
          Nov 11, 2021 04:36:41.713085890 CET3359923192.168.2.23188.228.72.236
          Nov 11, 2021 04:36:41.713088989 CET3359923192.168.2.23109.65.162.185
          Nov 11, 2021 04:36:41.713092089 CET3359923192.168.2.239.8.63.62
          Nov 11, 2021 04:36:41.713093996 CET3359923192.168.2.23209.83.23.2
          Nov 11, 2021 04:36:41.713099003 CET3359923192.168.2.2363.212.61.161
          Nov 11, 2021 04:36:41.713102102 CET3359923192.168.2.23188.128.66.97
          Nov 11, 2021 04:36:41.713110924 CET3359923192.168.2.23143.224.177.50
          Nov 11, 2021 04:36:41.713116884 CET3359923192.168.2.23131.67.209.125
          Nov 11, 2021 04:36:41.713133097 CET3359923192.168.2.2392.72.87.130
          Nov 11, 2021 04:36:41.713145971 CET3359923192.168.2.2348.141.34.69
          Nov 11, 2021 04:36:41.713263035 CET3359923192.168.2.23177.125.194.113
          Nov 11, 2021 04:36:41.713263988 CET3359923192.168.2.23218.178.5.154
          Nov 11, 2021 04:36:41.713263035 CET3359923192.168.2.23109.114.42.189

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
          Nov 11, 2021 04:37:25.751020908 CET192.168.2.231.1.1.10x62a6Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)
          Nov 11, 2021 04:37:25.751169920 CET192.168.2.231.1.1.10x4baStandard query (0)daisy.ubuntu.com28IN (0x0001)
          Nov 11, 2021 04:37:25.851524115 CET192.168.2.231.1.1.10x5a8eStandard query (0)daisy.ubuntu.com28IN (0x0001)

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
          Nov 11, 2021 04:37:25.767560005 CET1.1.1.1192.168.2.230x62a6No error (0)daisy.ubuntu.com162.213.33.132A (IP address)IN (0x0001)
          Nov 11, 2021 04:37:25.767560005 CET1.1.1.1192.168.2.230x62a6No error (0)daisy.ubuntu.com162.213.33.108A (IP address)IN (0x0001)

          System Behavior

          General

          Start time:04:36:40
          Start date:11/11/2021
          Path:/tmp/iKuUJ0F8Du
          Arguments:/tmp/iKuUJ0F8Du
          File size:4139976 bytes
          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

          General

          Start time:04:36:40
          Start date:11/11/2021
          Path:/tmp/iKuUJ0F8Du
          Arguments:n/a
          File size:4139976 bytes
          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

          General

          Start time:04:36:40
          Start date:11/11/2021
          Path:/tmp/iKuUJ0F8Du
          Arguments:n/a
          File size:4139976 bytes
          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

          General

          Start time:04:36:40
          Start date:11/11/2021
          Path:/tmp/iKuUJ0F8Du
          Arguments:n/a
          File size:4139976 bytes
          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

          General

          Start time:04:36:40
          Start date:11/11/2021
          Path:/tmp/iKuUJ0F8Du
          Arguments:n/a
          File size:4139976 bytes
          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

          General

          Start time:04:36:40
          Start date:11/11/2021
          Path:/tmp/iKuUJ0F8Du
          Arguments:n/a
          File size:4139976 bytes
          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

          General

          Start time:04:37:24
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:37:24
          Start date:11/11/2021
          Path:/usr/bin/whoopsie
          Arguments:/usr/bin/whoopsie -f
          File size:68592 bytes
          MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

          General

          Start time:04:37:28
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:37:28
          Start date:11/11/2021
          Path:/usr/sbin/sshd
          Arguments:/usr/sbin/sshd -t
          File size:876328 bytes
          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

          General

          Start time:04:37:28
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:37:28
          Start date:11/11/2021
          Path:/usr/sbin/sshd
          Arguments:/usr/sbin/sshd -D
          File size:876328 bytes
          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/usr/sbin/gdm3
          Arguments:n/a
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/etc/gdm3/PrimeOff/Default
          Arguments:/etc/gdm3/PrimeOff/Default
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/usr/sbin/gdm3
          Arguments:n/a
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/etc/gdm3/PrimeOff/Default
          Arguments:/etc/gdm3/PrimeOff/Default
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/usr/lib/accountsservice/accounts-daemon
          Arguments:/usr/lib/accountsservice/accounts-daemon
          File size:203192 bytes
          MD5 hash:01a899e3fb5e7e434bea1290255a1f30

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/usr/lib/accountsservice/accounts-daemon
          Arguments:n/a
          File size:203192 bytes
          MD5 hash:01a899e3fb5e7e434bea1290255a1f30

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/usr/share/language-tools/language-validate
          Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/usr/share/language-tools/language-validate
          Arguments:n/a
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:35
          Start date:11/11/2021
          Path:/usr/share/language-tools/language-options
          Arguments:/usr/share/language-tools/language-options
          File size:3478464 bytes
          MD5 hash:16a21f464119ea7fad1d3660de963637

          General

          Start time:04:37:36
          Start date:11/11/2021
          Path:/usr/share/language-tools/language-options
          Arguments:n/a
          File size:3478464 bytes
          MD5 hash:16a21f464119ea7fad1d3660de963637

          General

          Start time:04:37:36
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:sh -c "locale -a | grep -F .utf8 "
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:36
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:n/a
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:36
          Start date:11/11/2021
          Path:/usr/bin/locale
          Arguments:locale -a
          File size:58944 bytes
          MD5 hash:c72a78792469db86d91369c9057f20d2

          General

          Start time:04:37:36
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:n/a
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:36
          Start date:11/11/2021
          Path:/usr/bin/grep
          Arguments:grep -F .utf8
          File size:199136 bytes
          MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

          General

          Start time:04:37:37
          Start date:11/11/2021
          Path:/usr/sbin/gdm3
          Arguments:n/a
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          General

          Start time:04:37:37
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-session-worker
          Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
          File size:293360 bytes
          MD5 hash:692243754bd9f38fe9bd7e230b5c060a

          General

          Start time:04:37:39
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-session-worker
          Arguments:n/a
          File size:293360 bytes
          MD5 hash:692243754bd9f38fe9bd7e230b5c060a

          General

          Start time:04:37:39
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-wayland-session
          Arguments:/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
          File size:76368 bytes
          MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

          General

          Start time:04:37:39
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-wayland-session
          Arguments:n/a
          File size:76368 bytes
          MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

          General

          Start time:04:37:39
          Start date:11/11/2021
          Path:/usr/bin/dbus-run-session
          Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          File size:14480 bytes
          MD5 hash:245f3ef6a268850b33b0225a8753b7f4

          General

          Start time:04:37:39
          Start date:11/11/2021
          Path:/usr/bin/dbus-run-session
          Arguments:n/a
          File size:14480 bytes
          MD5 hash:245f3ef6a268850b33b0225a8753b7f4

          General

          Start time:04:37:39
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:dbus-daemon --nofork --print-address 4 --session
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:40
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:40
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:41
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:37:42
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:42
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:37:42
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:37:39
          Start date:11/11/2021
          Path:/usr/bin/dbus-run-session
          Arguments:n/a
          File size:14480 bytes
          MD5 hash:245f3ef6a268850b33b0225a8753b7f4

          General

          Start time:04:37:40
          Start date:11/11/2021
          Path:/usr/bin/gnome-session
          Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:40
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:37:43
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:37:43
          Start date:11/11/2021
          Path:/usr/bin/session-migration
          Arguments:session-migration
          File size:22680 bytes
          MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

          General

          Start time:04:37:43
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:37:43
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:43
          Start date:11/11/2021
          Path:/usr/bin/gnome-shell
          Arguments:/usr/bin/gnome-shell
          File size:23168 bytes
          MD5 hash:da7a257239677622fe4b3a65972c9e87

          General

          Start time:04:37:47
          Start date:11/11/2021
          Path:/usr/sbin/gdm3
          Arguments:n/a
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          General

          Start time:04:37:47
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-session-worker
          Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
          File size:293360 bytes
          MD5 hash:692243754bd9f38fe9bd7e230b5c060a

          General

          Start time:04:37:48
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-session-worker
          Arguments:n/a
          File size:293360 bytes
          MD5 hash:692243754bd9f38fe9bd7e230b5c060a

          General

          Start time:04:37:48
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-x-session
          Arguments:/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
          File size:96944 bytes
          MD5 hash:498a824333f1c1ec7767f4612d1887cc

          General

          Start time:04:37:48
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-x-session
          Arguments:n/a
          File size:96944 bytes
          MD5 hash:498a824333f1c1ec7767f4612d1887cc

          General

          Start time:04:37:48
          Start date:11/11/2021
          Path:/usr/bin/Xorg
          Arguments:/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:48
          Start date:11/11/2021
          Path:/usr/lib/xorg/Xorg.wrap
          Arguments:/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
          File size:14488 bytes
          MD5 hash:48993830888200ecf19dd7def0884dfd

          General

          Start time:04:37:48
          Start date:11/11/2021
          Path:/usr/lib/xorg/Xorg
          Arguments:/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
          File size:2448840 bytes
          MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

          General

          Start time:04:37:57
          Start date:11/11/2021
          Path:/usr/lib/xorg/Xorg
          Arguments:n/a
          File size:2448840 bytes
          MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

          General

          Start time:04:37:57
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:57
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:n/a
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:57
          Start date:11/11/2021
          Path:/usr/bin/xkbcomp
          Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
          File size:217184 bytes
          MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

          General

          Start time:04:38:30
          Start date:11/11/2021
          Path:/usr/lib/xorg/Xorg
          Arguments:n/a
          File size:2448840 bytes
          MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

          General

          Start time:04:38:30
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:30
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:n/a
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:30
          Start date:11/11/2021
          Path:/usr/bin/xkbcomp
          Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
          File size:217184 bytes
          MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

          General

          Start time:04:38:04
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-x-session
          Arguments:n/a
          File size:96944 bytes
          MD5 hash:498a824333f1c1ec7767f4612d1887cc

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/etc/gdm3/Prime/Default
          Arguments:/etc/gdm3/Prime/Default
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/usr/lib/gdm3/gdm-x-session
          Arguments:n/a
          File size:96944 bytes
          MD5 hash:498a824333f1c1ec7767f4612d1887cc

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/usr/bin/dbus-run-session
          Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          File size:14480 bytes
          MD5 hash:245f3ef6a268850b33b0225a8753b7f4

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/usr/bin/dbus-run-session
          Arguments:n/a
          File size:14480 bytes
          MD5 hash:245f3ef6a268850b33b0225a8753b7f4

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:dbus-daemon --nofork --print-address 4 --session
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:11
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:11
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:11
          Start date:11/11/2021
          Path:/usr/libexec/at-spi-bus-launcher
          Arguments:/usr/libexec/at-spi-bus-launcher
          File size:27008 bytes
          MD5 hash:1563f274acd4e7ba530a55bdc4c95682

          General

          Start time:04:38:11
          Start date:11/11/2021
          Path:/usr/libexec/at-spi-bus-launcher
          Arguments:n/a
          File size:27008 bytes
          MD5 hash:1563f274acd4e7ba530a55bdc4c95682

          General

          Start time:04:38:11
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:32
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:32
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:32
          Start date:11/11/2021
          Path:/usr/libexec/at-spi2-registryd
          Arguments:/usr/libexec/at-spi2-registryd --use-gnome-session
          File size:100224 bytes
          MD5 hash:1d904c2693452edebc7ede3a9e24d440

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:14
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:38:15
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:15
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:15
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:38:28
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:28
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:28
          Start date:11/11/2021
          Path:/usr/libexec/ibus-portal
          Arguments:/usr/libexec/ibus-portal
          File size:92536 bytes
          MD5 hash:562ad55bd9a4d54bd7b76746b01e37d3

          General

          Start time:04:38:33
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:33
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:34
          Start date:11/11/2021
          Path:/usr/bin/gjs
          Arguments:/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
          File size:23128 bytes
          MD5 hash:5f3eceb792bb65c22f23d1efb4fde3ad

          General

          Start time:04:38:46
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:46
          Start date:11/11/2021
          Path:/usr/bin/dbus-daemon
          Arguments:n/a
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          General

          Start time:04:38:46
          Start date:11/11/2021
          Path:/bin/false
          Arguments:/bin/false
          File size:39256 bytes
          MD5 hash:3177546c74e4f0062909eae43d948bfc

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/usr/bin/dbus-run-session
          Arguments:n/a
          File size:14480 bytes
          MD5 hash:245f3ef6a268850b33b0225a8753b7f4

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/usr/bin/gnome-session
          Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:05
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-check-accelerated
          Arguments:/usr/libexec/gnome-session-check-accelerated
          File size:18752 bytes
          MD5 hash:a64839518af85b2b9de31aca27646396

          General

          Start time:04:38:12
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-check-accelerated
          Arguments:n/a
          File size:18752 bytes
          MD5 hash:a64839518af85b2b9de31aca27646396

          General

          Start time:04:38:12
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-check-accelerated-gl-helper
          Arguments:/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
          File size:22920 bytes
          MD5 hash:b1ab9a384f9e98a39ae5c36037dd5e78

          General

          Start time:04:38:12
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-check-accelerated
          Arguments:n/a
          File size:18752 bytes
          MD5 hash:a64839518af85b2b9de31aca27646396

          General

          Start time:04:38:12
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-check-accelerated-gles-helper
          Arguments:/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
          File size:14728 bytes
          MD5 hash:1bd78885765a18e60c05ed1fb5fa3bf8

          General

          Start time:04:38:15
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:15
          Start date:11/11/2021
          Path:/usr/bin/session-migration
          Arguments:session-migration
          File size:22680 bytes
          MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

          General

          Start time:04:38:16
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:16
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:16
          Start date:11/11/2021
          Path:/usr/bin/gnome-shell
          Arguments:/usr/bin/gnome-shell
          File size:23168 bytes
          MD5 hash:da7a257239677622fe4b3a65972c9e87

          General

          Start time:04:38:27
          Start date:11/11/2021
          Path:/usr/bin/gnome-shell
          Arguments:n/a
          File size:23168 bytes
          MD5 hash:da7a257239677622fe4b3a65972c9e87

          General

          Start time:04:38:28
          Start date:11/11/2021
          Path:/usr/bin/ibus-daemon
          Arguments:ibus-daemon --panel disable --xim
          File size:199088 bytes
          MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

          General

          Start time:04:38:28
          Start date:11/11/2021
          Path:/usr/bin/ibus-daemon
          Arguments:n/a
          File size:199088 bytes
          MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

          General

          Start time:04:38:28
          Start date:11/11/2021
          Path:/usr/libexec/ibus-memconf
          Arguments:/usr/libexec/ibus-memconf
          File size:22904 bytes
          MD5 hash:523e939905910d06598e66385761a822

          General

          Start time:04:38:28
          Start date:11/11/2021
          Path:/usr/bin/ibus-daemon
          Arguments:n/a
          File size:199088 bytes
          MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

          General

          Start time:04:38:28
          Start date:11/11/2021
          Path:/usr/bin/ibus-daemon
          Arguments:n/a
          File size:199088 bytes
          MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

          General

          Start time:04:38:28
          Start date:11/11/2021
          Path:/usr/libexec/ibus-x11
          Arguments:/usr/libexec/ibus-x11 --kill-daemon
          File size:100352 bytes
          MD5 hash:2aa1e54666191243814c2733d6992dbd

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/usr/bin/ibus-daemon
          Arguments:n/a
          File size:199088 bytes
          MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/usr/libexec/ibus-engine-simple
          Arguments:/usr/libexec/ibus-engine-simple
          File size:14712 bytes
          MD5 hash:0238866d5e8802a0ce1b1b9af8cb1376

          General

          Start time:04:38:37
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:37
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:37
          Start date:11/11/2021
          Path:/usr/libexec/gsd-sharing
          Arguments:/usr/libexec/gsd-sharing
          File size:35424 bytes
          MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

          General

          Start time:04:38:37
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:37
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:37
          Start date:11/11/2021
          Path:/usr/libexec/gsd-wacom
          Arguments:/usr/libexec/gsd-wacom
          File size:39520 bytes
          MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

          General

          Start time:04:38:37
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:37
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/usr/libexec/gsd-color
          Arguments:/usr/libexec/gsd-color
          File size:92832 bytes
          MD5 hash:ac2861ad93ce047283e8e87cefef9a19

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/usr/libexec/gsd-keyboard
          Arguments:/usr/libexec/gsd-keyboard
          File size:39760 bytes
          MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/usr/libexec/gsd-print-notifications
          Arguments:/usr/libexec/gsd-print-notifications
          File size:51840 bytes
          MD5 hash:71539698aa691718cee775d6b9450ae2

          General

          Start time:04:38:48
          Start date:11/11/2021
          Path:/usr/libexec/gsd-print-notifications
          Arguments:n/a
          File size:51840 bytes
          MD5 hash:71539698aa691718cee775d6b9450ae2

          General

          Start time:04:38:48
          Start date:11/11/2021
          Path:/usr/libexec/gsd-print-notifications
          Arguments:n/a
          File size:51840 bytes
          MD5 hash:71539698aa691718cee775d6b9450ae2

          General

          Start time:04:38:49
          Start date:11/11/2021
          Path:/usr/libexec/gsd-printer
          Arguments:/usr/libexec/gsd-printer
          File size:31120 bytes
          MD5 hash:7995828cf98c315fd55f2ffb3b22384d

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:39
          Start date:11/11/2021
          Path:/usr/libexec/gsd-rfkill
          Arguments:/usr/libexec/gsd-rfkill
          File size:51808 bytes
          MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

          General

          Start time:04:38:38
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:39
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:39
          Start date:11/11/2021
          Path:/usr/libexec/gsd-smartcard
          Arguments:/usr/libexec/gsd-smartcard
          File size:109152 bytes
          MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

          General

          Start time:04:38:39
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:39
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/usr/libexec/gsd-datetime
          Arguments:/usr/libexec/gsd-datetime
          File size:76736 bytes
          MD5 hash:d80d39745740de37d6634d36e344d4bc

          General

          Start time:04:38:39
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/usr/libexec/gsd-media-keys
          Arguments:/usr/libexec/gsd-media-keys
          File size:232936 bytes
          MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/usr/libexec/gsd-screensaver-proxy
          Arguments:/usr/libexec/gsd-screensaver-proxy
          File size:27232 bytes
          MD5 hash:77e309450c87dceee43f1a9e50cc0d02

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:40
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:41
          Start date:11/11/2021
          Path:/usr/libexec/gsd-sound
          Arguments:/usr/libexec/gsd-sound
          File size:31248 bytes
          MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

          General

          Start time:04:38:41
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:41
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:41
          Start date:11/11/2021
          Path:/usr/libexec/gsd-a11y-settings
          Arguments:/usr/libexec/gsd-a11y-settings
          File size:23056 bytes
          MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

          General

          Start time:04:38:41
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:41
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:42
          Start date:11/11/2021
          Path:/usr/libexec/gsd-housekeeping
          Arguments:/usr/libexec/gsd-housekeeping
          File size:51840 bytes
          MD5 hash:b55f3394a84976ddb92a2915e5d76914

          General

          Start time:04:38:42
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:38:42
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:38:43
          Start date:11/11/2021
          Path:/usr/libexec/gsd-power
          Arguments:/usr/libexec/gsd-power
          File size:88672 bytes
          MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

          General

          Start time:04:39:05
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:39:05
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:39:05
          Start date:11/11/2021
          Path:/usr/bin/spice-vdagent
          Arguments:/usr/bin/spice-vdagent
          File size:80664 bytes
          MD5 hash:80fb7f613aa78d1b8a229dbcf4577a9d

          General

          Start time:04:39:07
          Start date:11/11/2021
          Path:/usr/libexec/gnome-session-binary
          Arguments:n/a
          File size:334664 bytes
          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

          General

          Start time:04:39:07
          Start date:11/11/2021
          Path:/bin/sh
          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:39:07
          Start date:11/11/2021
          Path:/usr/bin/xbrlapi
          Arguments:xbrlapi -q
          File size:166384 bytes
          MD5 hash:0cfe25df39d38af32d6265ed947ca5b9

          General

          Start time:04:37:47
          Start date:11/11/2021
          Path:/usr/sbin/gdm3
          Arguments:n/a
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          General

          Start time:04:37:47
          Start date:11/11/2021
          Path:/etc/gdm3/PrimeOff/Default
          Arguments:/etc/gdm3/PrimeOff/Default
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:47
          Start date:11/11/2021
          Path:/usr/sbin/gdm3
          Arguments:n/a
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          General

          Start time:04:37:47
          Start date:11/11/2021
          Path:/etc/gdm3/PrimeOff/Default
          Arguments:/etc/gdm3/PrimeOff/Default
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:52
          Start date:11/11/2021
          Path:/usr/sbin/gdm3
          Arguments:n/a
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          General

          Start time:04:37:52
          Start date:11/11/2021
          Path:/etc/gdm3/PrimeOff/Default
          Arguments:/etc/gdm3/PrimeOff/Default
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          General

          Start time:04:37:57
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:37:57
          Start date:11/11/2021
          Path:/usr/bin/pulseaudio
          Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
          File size:100832 bytes
          MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

          General

          Start time:04:38:07
          Start date:11/11/2021
          Path:/usr/libexec/gvfsd-fuse
          Arguments:n/a
          File size:47632 bytes
          MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

          General

          Start time:04:38:07
          Start date:11/11/2021
          Path:/bin/fusermount
          Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
          File size:39144 bytes
          MD5 hash:576a1b135c82bdcbc97a91acea900566

          General

          Start time:04:38:07
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:38:07
          Start date:11/11/2021
          Path:/lib/systemd/systemd-user-runtime-dir
          Arguments:/lib/systemd/systemd-user-runtime-dir stop 1000
          File size:22672 bytes
          MD5 hash:d55f4b0847f88131dbcfb07435178e54

          General

          Start time:04:38:27
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:38:27
          Start date:11/11/2021
          Path:/lib/systemd/systemd-localed
          Arguments:/lib/systemd/systemd-localed
          File size:43232 bytes
          MD5 hash:1244af9646256d49594f2a8203329aa9

          General

          Start time:04:38:31
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:38:31
          Start date:11/11/2021
          Path:/usr/bin/pulseaudio
          Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
          File size:100832 bytes
          MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

          General

          Start time:04:38:33
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:38:33
          Start date:11/11/2021
          Path:/usr/libexec/geoclue
          Arguments:/usr/libexec/geoclue
          File size:301544 bytes
          MD5 hash:30ac5455f3c598dde91dc87477fb19f7

          General

          Start time:04:38:48
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:38:48
          Start date:11/11/2021
          Path:/lib/systemd/systemd-hostnamed
          Arguments:/lib/systemd/systemd-hostnamed
          File size:35040 bytes
          MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

          General

          Start time:04:38:59
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:38:59
          Start date:11/11/2021
          Path:/lib/systemd/systemd-localed
          Arguments:/lib/systemd/systemd-localed
          File size:43232 bytes
          MD5 hash:1244af9646256d49594f2a8203329aa9

          General

          Start time:04:39:04
          Start date:11/11/2021
          Path:/usr/lib/systemd/systemd
          Arguments:n/a
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          General

          Start time:04:39:04
          Start date:11/11/2021
          Path:/usr/libexec/fprintd
          Arguments:/usr/libexec/fprintd
          File size:125312 bytes
          MD5 hash:b0d8829f05cd028529b84b061b660e84