Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
r3M3VGE5AG.elf

Overview

General Information

Sample name:r3M3VGE5AG.elf
renamed because original name is a hash value
Original sample name:62979e5406e5d1d1d1883b534f964ec9.elf
Analysis ID:1528650
MD5:62979e5406e5d1d1d1883b534f964ec9
SHA1:55453e91f5063de40c5862a4b99af1e71377cb57
SHA256:ca180cf3a3687214752f4522c903b620addcec6f84a9d5ad2d873b4984aaaa68
Tags:64elfmirai
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample tries to kill a massive number of system processes
Machine Learning detection for sample
Sample deletes itself
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Sends malformed DNS queries
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "ps" command used to list the status of processes
Executes the "rm" command used to delete files or directories
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1528650
Start date and time:2024-10-08 07:30:10 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 39s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:r3M3VGE5AG.elf
renamed because original name is a hash value
Original Sample Name:62979e5406e5d1d1d1883b534f964ec9.elf
Detection:MAL
Classification:mal88.spre.troj.evad.linELF@0/15@5/0

Warnings

  • Report size exceeded maximum capacity and may have missing behavior information.

Runtime Messages

Command:/tmp/r3M3VGE5AG.elf
PID:6244
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Hello, World!
Standard Error:

Process Tree

  • system is lnxubuntu20
  • r3M3VGE5AG.elf (PID: 6244, Parent: 6165, MD5: 62979e5406e5d1d1d1883b534f964ec9) Arguments: /tmp/r3M3VGE5AG.elf
    • r3M3VGE5AG.elf New Fork (PID: 6245, Parent: 6244)
      • r3M3VGE5AG.elf New Fork (PID: 6247, Parent: 6245)
        • sh (PID: 6397, Parent: 6247, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
          • sh New Fork (PID: 6398, Parent: 6397)
          • ps (PID: 6398, Parent: 6397, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
        • sh (PID: 6522, Parent: 6247, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
          • sh New Fork (PID: 6523, Parent: 6522)
          • ps (PID: 6523, Parent: 6522, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
        • sh (PID: 6617, Parent: 6247, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
          • sh New Fork (PID: 6618, Parent: 6617)
          • ps (PID: 6618, Parent: 6617, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
        • sh (PID: 6662, Parent: 6247, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
          • sh New Fork (PID: 6664, Parent: 6662)
          • ps (PID: 6664, Parent: 6662, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
  • sh (PID: 6271, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 6271, Parent: 1477, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • sh (PID: 6275, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • gsd-keyboard (PID: 6275, Parent: 1477, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
  • sh (PID: 6277, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • systemd New Fork (PID: 6280, Parent: 1)
  • upowerd (PID: 6280, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • gdm3 New Fork (PID: 6293, Parent: 1320)
  • Default (PID: 6293, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6310, Parent: 1320)
  • Default (PID: 6310, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • fusermount (PID: 6320, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • xfwm4 (PID: 6325, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • xfce4-panel (PID: 6338, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
  • rm (PID: 6348, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
  • xfdesktop (PID: 6354, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • xfwm4 (PID: 6358, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • systemd New Fork (PID: 6359, Parent: 1)
  • upowerd (PID: 6359, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • xfce4-panel (PID: 6399, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
  • xfdesktop (PID: 6400, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • systemd New Fork (PID: 6409, Parent: 1860)
  • gvfsd (PID: 6409, Parent: 1860, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 6422, Parent: 6409)
      • gvfsd New Fork (PID: 6423, Parent: 6422)
      • gvfsd-fuse (PID: 6423, Parent: 1860, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
        • fusermount (PID: 6424, Parent: 6423, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
        • fusermount (PID: 6516, Parent: 1860, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • xfconfd (PID: 6415, Parent: 6414, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 6436, Parent: 1)
  • journalctl (PID: 6436, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • xfwm4 (PID: 6453, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • xfdesktop (PID: 6457, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • systemd New Fork (PID: 6458, Parent: 1)
  • systemd-journald (PID: 6458, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • xfce4-panel (PID: 6465, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
  • systemd New Fork (PID: 6466, Parent: 1)
  • upowerd (PID: 6466, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • xfwm4 (PID: 6517, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • xfce4-panel (PID: 6524, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
    • wrapper-2.0 (PID: 6644, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
    • wrapper-2.0 (PID: 6645, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
    • wrapper-2.0 (PID: 6646, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
    • wrapper-2.0 (PID: 6648, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • wrapper-2.0 (PID: 6649, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 6291468 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
    • wrapper-2.0 (PID: 6650, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 6291469 actions "Action Buttons" "Log out, lock or other system actions"
    • wrapper-2.0 (PID: 6699, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
    • wrapper-2.0 (PID: 6700, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
    • wrapper-2.0 (PID: 6703, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
    • wrapper-2.0 (PID: 6704, Parent: 6524, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
      • xfpm-power-backlight-helper (PID: 6715, Parent: 6704, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • systemd New Fork (PID: 6530, Parent: 1)
  • upowerd (PID: 6530, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • xfdesktop (PID: 6568, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • systemd New Fork (PID: 6577, Parent: 1860)
  • gvfsd (PID: 6577, Parent: 1860, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 6590, Parent: 6577)
      • gvfsd New Fork (PID: 6591, Parent: 6590)
      • gvfsd-fuse (PID: 6591, Parent: 1860, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
        • fusermount (PID: 6592, Parent: 6591, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
        • fusermount (PID: 6616, Parent: 6591, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • xfconfd (PID: 6579, Parent: 6578, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • xfwm4 (PID: 6602, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • xfdesktop (PID: 6603, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • systemd New Fork (PID: 6607, Parent: 1)
  • journalctl (PID: 6607, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6626, Parent: 1860)
  • gvfsd (PID: 6626, Parent: 1860, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 6630, Parent: 6626)
      • gvfsd New Fork (PID: 6631, Parent: 6630)
      • gvfsd-fuse (PID: 6631, Parent: 1860, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
        • fusermount (PID: 6632, Parent: 6631, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
        • fusermount (PID: 6660, Parent: 6631, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • tumblerd (PID: 6654, Parent: 6653, MD5: 2ef099898845e9c5ec6f1a6fd3ad61af) Arguments: /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
  • systemd New Fork (PID: 6678, Parent: 1860)
  • gvfsd (PID: 6678, Parent: 1860, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 6682, Parent: 6678)
      • gvfsd New Fork (PID: 6683, Parent: 6682)
      • gvfsd-fuse (PID: 6683, Parent: 1860, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
        • fusermount (PID: 6688, Parent: 6683, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
  • systemd New Fork (PID: 6718, Parent: 1860)
  • xfce4-notifyd (PID: 6718, Parent: 1860, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6246.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0xb09c:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
6246.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0xb90b:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
6246.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x8532:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0x86bc:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
6246.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0xfb06:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
6246.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0xb4cb:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 16 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: r3M3VGE5AG.elfReversingLabs: Detection: 27%
Source: r3M3VGE5AG.elfVirustotal: Detection: 20%Perma Link
Machine Learning detection for sample
Source: r3M3VGE5AG.elfJoe Sandbox ML: detected
Source: /usr/bin/ps (PID: 6398)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/ps (PID: 6523)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/ps (PID: 6618)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/ps (PID: 6664)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

Networking

barindex
Sends malformed DNS queries
Source: global trafficDNS traffic detected: malformed DNS query: cnc.merisprivate.net. [malformed]
Source: global trafficTCP traffic: 192.168.2.23:35112 -> 194.120.230.54:57899
Source: /tmp/r3M3VGE5AG.elf (PID: 6244)Socket: 127.0.0.1:18129Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)Socket: unknown address familyJump to behavior
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
Source: global trafficDNS traffic detected: DNS query: cnc.merisprivate.net. [malformed]
Source: r3M3VGE5AG.elfString found in binary or memory: http://upx.sf.net
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Sample tries to kill a massive number of system processes
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 658, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 720, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 721, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 772, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 774, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 785, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 788, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 796, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 799, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 800, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 847, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 884, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 904, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 912, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 3, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 4, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 9, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 11, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 21, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 22, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 23, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 24, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 25, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 27, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 28, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 77, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 78, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 79, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 80, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 81, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 82, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 83, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 84, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 85, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 89, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 91, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 124, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 125, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 126, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 127, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 128, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 132, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 141, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 157, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 202, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 203, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 204, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 205, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 206, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 207, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 208, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 209, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 210, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 211, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 212, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 213, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 214, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 215, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 216, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 217, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 218, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 219, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 220, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 221, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 222, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 223, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 224, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 225, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 226, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 227, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 228, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 229, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 230, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 231, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 233, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 234, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 235, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 236, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 237, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 243, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 248, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 249, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 250, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 251, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 252, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 253, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 254, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 255, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 256, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 257, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 258, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 259, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 260, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 261, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 262, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 263, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 264, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 265, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 266, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 267, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 269, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 270, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 272, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 274, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 278, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 281, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 286, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 326, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 327, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 346, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 379, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 419, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 420, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 491, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 654, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 655, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 656, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 657, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 667, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 674, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 675, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 676, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 677, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 759, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 761, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 797, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 918, result: successfulJump to behavior
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 658, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 720, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 721, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 772, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 774, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 785, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 788, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 796, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 799, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 800, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 847, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 884, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1320, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1349, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1389, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1463, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1465, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1475, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1477, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1489, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1599, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1601, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1612, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1639, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1642, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1654, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1656, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1661, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1664, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1668, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1698, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1699, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1809, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1877, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1888, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1890, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1900, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2009, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2018, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2028, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2033, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2038, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2048, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2050, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2062, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2063, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2069, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2074, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2080, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2096, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2097, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2114, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2123, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2126, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2128, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2129, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2156, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2180, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2195, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2208, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2226, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2235, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2242, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2275, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2281, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2285, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2289, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2294, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2307, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2637, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 3236, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6229, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6230, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6280, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6325, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6338, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6354, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 3, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 9, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 11, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 21, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 22, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 23, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 24, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 25, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 27, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 28, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 77, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 78, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 79, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 80, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 81, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 82, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 83, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 84, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 85, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 89, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 91, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 124, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 125, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 126, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 127, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 128, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 132, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 141, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 157, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 202, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 203, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 204, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 205, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 206, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 207, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 208, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 209, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 210, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 211, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 212, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 213, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 214, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 215, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 216, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 217, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 218, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 219, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 220, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 221, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 222, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 223, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 224, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 225, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 226, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 227, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 228, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 229, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 230, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 231, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 233, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 234, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 235, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 236, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 237, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 243, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 248, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 249, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 250, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 251, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 252, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 253, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 254, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 255, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 256, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 257, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 258, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 259, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 260, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 261, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 262, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 263, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 264, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 265, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 266, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 267, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 269, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 270, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 272, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 274, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 278, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 281, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 286, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 326, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 327, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 346, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 379, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 419, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 420, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 491, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 654, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 655, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 656, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 657, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 667, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 674, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 675, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 676, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 677, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 759, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 761, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 797, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1207, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1334, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1335, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2102, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2882, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 3088, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4442, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4443, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4444, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4445, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4531, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6069, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6187, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6358, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6359, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6397, result: no such processJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6398, result: no such processJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6399, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6400, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6409, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6415, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6423, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6453, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6457, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6465, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6466, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6517, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6568, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6577, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6602, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6603, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6626, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6644, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6654, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6645, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6646, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6648, result: successfulJump to behavior
Source: LOAD without section mappingsProgram segment: 0x100000
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 658, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 720, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 721, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 772, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 774, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 785, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 788, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 796, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 799, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 800, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 847, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 884, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1320, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1349, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1389, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1463, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1465, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1475, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1477, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1489, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1599, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1601, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1612, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1639, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1642, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1654, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1656, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1661, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1664, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1668, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1698, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1699, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1809, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1877, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1888, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1890, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1900, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2009, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2018, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2028, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2033, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2038, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2048, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2050, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2062, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2063, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2069, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2074, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2080, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2096, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2097, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2114, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2123, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2126, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2128, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2129, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2156, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2180, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2195, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2208, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2226, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2235, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2242, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2275, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2281, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2285, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2289, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2294, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2307, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2637, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 3236, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6229, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6230, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6280, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6325, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6338, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6354, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 3, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 9, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 11, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 21, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 22, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 23, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 24, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 25, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 27, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 28, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 77, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 78, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 79, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 80, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 81, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 82, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 83, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 84, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 85, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 89, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 91, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 124, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 125, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 126, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 127, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 128, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 132, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 141, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 157, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 202, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 203, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 204, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 205, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 206, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 207, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 208, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 209, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 210, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 211, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 212, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 213, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 214, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 215, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 216, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 217, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 218, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 219, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 220, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 221, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 222, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 223, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 224, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 225, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 226, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 227, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 228, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 229, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 230, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 231, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 233, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 234, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 235, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 236, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 237, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 243, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 248, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 249, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 250, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 251, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 252, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 253, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 254, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 255, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 256, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 257, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 258, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 259, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 260, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 261, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 262, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 263, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 264, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 265, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 266, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 267, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 269, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 270, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 272, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 274, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 278, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 281, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 286, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 326, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 327, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 346, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 379, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 419, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 420, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 491, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 654, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 655, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 656, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 657, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 667, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 674, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 675, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 676, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 677, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 759, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 761, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 797, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1207, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1334, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 1335, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2102, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 2882, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 3088, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4442, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4443, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4444, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4445, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 4531, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6069, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6187, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6358, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6359, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6397, result: no such processJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6398, result: no such processJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6399, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6400, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6409, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6415, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6423, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6453, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6457, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6465, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6466, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6517, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6568, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6577, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6602, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6603, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6626, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6644, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6654, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6645, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6646, result: successfulJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6247)SIGKILL sent: pid: 6648, result: successfulJump to behavior
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6246.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6247.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: classification engineClassification label: mal88.spre.troj.evad.linELF@0/15@5/0

Data Obfuscation

barindex
Sample is packed with UPX
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior

barindex
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /bin/fusermount (PID: 6320)File: /proc/6320/mountsJump to behavior
Source: /bin/fusermount (PID: 6424)File: /proc/6424/mountsJump to behavior
Source: /bin/fusermount (PID: 6516)File: /proc/6516/mountsJump to behavior
Source: /bin/fusermount (PID: 6592)File: /proc/6592/mounts
Source: /bin/fusermount (PID: 6616)File: /proc/6616/mounts
Source: /bin/fusermount (PID: 6632)File: /proc/6632/mounts
Source: /bin/fusermount (PID: 6660)File: /proc/6660/mounts
Source: /bin/fusermount (PID: 6688)File: /proc/6688/mounts
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/upower/upowerd (PID: 6359)Directory: <invalid fd (12)>/..Jump to behavior
Source: /usr/lib/upower/upowerd (PID: 6359)Directory: <invalid fd (11)>/..Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 6399)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfdesktop (PID: 6400)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /bin/fusermount (PID: 6424)Directory: /gvfs/.Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6415)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6415)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6415)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6415)Directory: /home/saturnino/.configJump to behavior
Source: /usr/bin/xfwm4 (PID: 6453)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfdesktop (PID: 6457)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77547ikht4xJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77552Cn2iivJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77562OHT9wuJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77565Rd54ExJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:775669uAHUuJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77567gWMeFxJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77569LfhtovJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77654kiPujvJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77757BpZ7CuJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77758FtS4tuJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77869vzNguwJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:77904sKKbvvJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)File: /run/systemd/journal/streams/.#9:78111bxrX4uJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6465)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/upower/upowerd (PID: 6466)Directory: <invalid fd (12)>/..Jump to behavior
Source: /usr/lib/upower/upowerd (PID: 6466)Directory: <invalid fd (11)>/..Jump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Directory: /home/saturnino/.configJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6644)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6645)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6646)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6648)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6649)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6649)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6649)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6649)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6650)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6699)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6700)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6703)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6704)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/upower/upowerd (PID: 6530)Directory: <invalid fd (12)>/..Jump to behavior
Source: /usr/lib/upower/upowerd (PID: 6530)Directory: <invalid fd (11)>/..Jump to behavior
Source: /usr/bin/xfdesktop (PID: 6568)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /bin/fusermount (PID: 6592)Directory: /gvfs/.
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6579)Directory: /home/saturnino/.cache
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6579)Directory: /home/saturnino/.local
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6579)Directory: /home/saturnino/.config
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6579)Directory: /home/saturnino/.config
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /home/saturnino/.Xdefaults-galassia
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/local/share/fonts/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /home/saturnino/.local/share/fonts/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /home/saturnino/.fonts/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/X11/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/cMap/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/cmap/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/opentype/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/type1/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/X11/Type1/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/X11/encodings/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/X11/misc/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/X11/util/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/opentype/malayalam/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/opentype/mathjax/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/opentype/noto/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/opentype/urw-base35/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/Gargi/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/Gubbi/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/Nakula/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/Navilu/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/Sahadeva/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/Sarai/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/abyssinica/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/dejavu/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/droid/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/freefont/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/kacst/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/kacst-one/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lao/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lato/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/liberation/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/liberation2/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/malayalam/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/noto/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/openoffice/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/padauk/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/pagul/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/samyak/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/sinhala/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/tlwg/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/truetype/ubuntu/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/type1/urw-base35/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /usr/share/fonts/X11/encodings/large/.uuid
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /home/saturnino/.cache
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /home/saturnino/.local
Source: /usr/bin/xfwm4 (PID: 6602)Directory: /home/saturnino/.config
Source: /usr/bin/xfdesktop (PID: 6603)Directory: /home/saturnino/.Xdefaults-galassia
Source: /bin/fusermount (PID: 6632)Directory: /gvfs/.
Source: /bin/fusermount (PID: 6688)Directory: /gvfs/.
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6718)Directory: /home/saturnino/.Xdefaults-galassia
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6718)Directory: /home/saturnino/.cache
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6718)Directory: /home/saturnino/.local
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6718)Directory: /home/saturnino/.config
Source: /usr/bin/ps (PID: 6398)File opened: /proc/6110/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/6110/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/6110/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/3088/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/3088/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/3088/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/230/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/230/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/230/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/110/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/110/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/110/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/231/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/231/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/231/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/111/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/111/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/111/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/232/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/232/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/232/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/112/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/112/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/112/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/233/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/233/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/233/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/113/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/113/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/113/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/234/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/234/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/234/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/1335/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/1335/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/1335/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/114/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/114/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/114/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/235/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/235/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/235/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/1334/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/1334/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/1334/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/115/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/115/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/115/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/236/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/236/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/236/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/116/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/116/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/116/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/237/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/237/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/237/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/117/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/117/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/117/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/118/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/118/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/118/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/910/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/910/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/910/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/119/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/119/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/119/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/10/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/10/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/10/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/11/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/11/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/11/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/918/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/918/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/918/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/12/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/12/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/12/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/13/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/13/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/13/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/14/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/14/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/14/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/15/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/15/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/15/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/6245/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/6245/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/6245/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/16/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/16/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/16/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/17/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/17/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/17/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/6247/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/6247/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/6247/cmdlineJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/18/statJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/18/statusJump to behavior
Source: /usr/bin/ps (PID: 6398)File opened: /proc/18/cmdlineJump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6397)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6522)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6617)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
Source: /tmp/r3M3VGE5AG.elf (PID: 6662)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
Source: /bin/sh (PID: 6398)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
Source: /bin/sh (PID: 6523)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
Source: /bin/sh (PID: 6618)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
Source: /bin/sh (PID: 6664)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
Source: /usr/bin/xfce4-session (PID: 6348)Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51Jump to behavior
Source: /usr/bin/ps (PID: 6398)Reads from proc file: /proc/meminfoJump to behavior
Source: /usr/bin/ps (PID: 6523)Reads from proc file: /proc/meminfoJump to behavior
Source: /usr/bin/ps (PID: 6618)Reads from proc file: /proc/meminfoJump to behavior
Source: /usr/bin/ps (PID: 6664)Reads from proc file: /proc/meminfoJump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)Reads from proc file: /proc/meminfoJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Sample deletes itself
Source: /tmp/r3M3VGE5AG.elf (PID: 6244)File: /tmp/r3M3VGE5AG.elfJump to behavior
Source: r3M3VGE5AG.elfSubmission file: segment LOAD with 7.965 entropy (max. 8.0)
Source: /usr/bin/ps (PID: 6398)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/ps (PID: 6523)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/ps (PID: 6618)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/ps (PID: 6664)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/xfwm4 (PID: 6358)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 6399)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfdesktop (PID: 6400)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 6453)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfdesktop (PID: 6457)Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6458)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 6465)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 6517)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 6524)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6644)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6645)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6646)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6648)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6649)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6650)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6699)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6700)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6703)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6704)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfdesktop (PID: 6568)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 6602)Queries kernel information via 'uname':
Source: /usr/bin/xfdesktop (PID: 6603)Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6718)Queries kernel information via 'uname':
Source: r3M3VGE5AG.elf, 6247.1.00000000011e9000.00000000011ea000.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsdrvicemd-journald`
Source: r3M3VGE5AG.elf, 6247.1.00000000011e9000.00000000011ea000.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsdrvicemd-journald
Source: r3M3VGE5AG.elf, 6247.1.0000000000512000.0000000000516000.rw-.sdmpBinary or memory string: [DEBUG] Checking process: PID=721, Path=/usr/bin/vmtoolsdrvicemd-journald
Source: r3M3VGE5AG.elf, 6247.1.0000000000512000.0000000000516000.rw-.sdmpBinary or memory string: [DEBUG] Killing process: PID=721, Path=/usr/bin/vmtoolsdrvicemd-journald

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path Interception1
Hidden Files and Directories		1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network Medium2
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
Obfuscated Files or Information		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
File Deletion		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS2
System Information Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528650 Sample: r3M3VGE5AG.elf Startdate: 08/10/2024 Architecture: LINUX Score: 88 75 cnc.merisprivate.net. [malformed] 2->75 77 109.202.202.202, 80 INIT7CH Switzerland 2->77 79 3 other IPs or domains 2->79 87 Malicious sample detected (through community Yara rule) 2->87 89 Multi AV Scanner detection for submitted file 2->89 91 Machine Learning detection for sample 2->91 93 Sample is packed with UPX 2->93 10 systemd gvfsd 2->10         started        12 systemd gvfsd 2->12         started        14 systemd gvfsd 2->14         started        16 34 other processes 2->16 signatures3 95 Sends malformed DNS queries 75->95 process4 signatures5 19 gvfsd 10->19         started        21 gvfsd 12->21         started        23 gvfsd 14->23         started        81 Sample deletes itself 16->81 83 Sample reads /proc/mounts (often used for finding a writable filesystem) 16->83 25 r3M3VGE5AG.elf 16->25         started        27 gvfsd 16->27         started        29 xfce4-panel wrapper-2.0 16->29         started        31 9 other processes 16->31 process6 process7 33 gvfsd gvfsd-fuse 19->33         started        35 gvfsd gvfsd-fuse 21->35         started        37 gvfsd gvfsd-fuse 23->37         started        39 r3M3VGE5AG.elf 25->39         started        42 r3M3VGE5AG.elf 25->42         started        44 gvfsd gvfsd-fuse 27->44         started        46 wrapper-2.0 xfpm-power-backlight-helper 29->46         started        signatures8 48 gvfsd-fuse fusermount 33->48         started        51 gvfsd-fuse fusermount 33->51         started        53 gvfsd-fuse fusermount 35->53         started        55 gvfsd-fuse fusermount 35->55         started        57 gvfsd-fuse fusermount 37->57         started        59 gvfsd-fuse fusermount 37->59         started        97 Sample tries to kill a massive number of system processes 39->97 99 Sample tries to kill multiple processes (SIGKILL) 39->99 61 r3M3VGE5AG.elf sh 39->61         started        65 3 other processes 39->65 63 gvfsd-fuse fusermount 44->63         started        process9 signatures10 85 Sample reads /proc/mounts (often used for finding a writable filesystem) 48->85 67 sh ps 61->67         started        69 sh ps 65->69         started        71 sh ps 65->71         started        73 sh ps 65->73         started        process11

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
r3M3VGE5AG.elf27%ReversingLabsLinux.Backdoor.Mirai
r3M3VGE5AG.elf21%VirustotalBrowse
r3M3VGE5AG.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://upx.sf.net0%URL Reputationsafe
http://upx.sf.net0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cnc.merisprivate.net. [malformed]
unknown
unknowntrue
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://upx.sf.netr3M3VGE5AG.elftrue
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    194.120.230.54
    		unknownunknown
    		133115HKKFGL-AS-APHKKwaifongGroupLimitedHKfalse
    109.202.202.202
    		unknownSwitzerland
    		13030INIT7CHfalse
    91.189.91.43
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    91.189.91.42
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    194.120.230.54na.elfGet hashmaliciousUnknownBrowse
      109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
      • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
      91.189.91.43l8XbwyLvrK.elfGet hashmaliciousMirai, GafgytBrowse
        arm7.elfGet hashmaliciousMiraiBrowse
          SecuriteInfo.com.ELF.Mirai-CVD.31968.3467.elfGet hashmaliciousUnknownBrowse
            SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elfGet hashmaliciousUnknownBrowse
              SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elfGet hashmaliciousUnknownBrowse
                Mk4eUPwWIY.elfGet hashmaliciousMiraiBrowse
                  AzRiLxCGXJ.elfGet hashmaliciousMiraiBrowse
                    Cr8Dw4Ybgh.elfGet hashmaliciousMiraiBrowse
                      slSUX7klEH.elfGet hashmaliciousMiraiBrowse
                        boatnet.arm.elfGet hashmaliciousMiraiBrowse
                          91.189.91.42l8XbwyLvrK.elfGet hashmaliciousMirai, GafgytBrowse
                            arm7.elfGet hashmaliciousMiraiBrowse
                              SecuriteInfo.com.ELF.Mirai-CVD.31968.3467.elfGet hashmaliciousUnknownBrowse
                                SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elfGet hashmaliciousUnknownBrowse
                                  SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elfGet hashmaliciousUnknownBrowse
                                    Mk4eUPwWIY.elfGet hashmaliciousMiraiBrowse
                                      AzRiLxCGXJ.elfGet hashmaliciousMiraiBrowse
                                        Cr8Dw4Ybgh.elfGet hashmaliciousMiraiBrowse
                                          slSUX7klEH.elfGet hashmaliciousMiraiBrowse
                                            boatnet.arm.elfGet hashmaliciousMiraiBrowse

                                              Domains

                                              No context

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              CANONICAL-ASGBl8XbwyLvrK.elfGet hashmaliciousMirai, GafgytBrowse
                                              • 91.189.91.42
                                              arm7.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              x86.elfGet hashmaliciousUnknownBrowse
                                              • 185.125.190.26
                                              SecuriteInfo.com.ELF.Mirai-CVD.31968.3467.elfGet hashmaliciousUnknownBrowse
                                              • 91.189.91.42
                                              SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elfGet hashmaliciousUnknownBrowse
                                              • 91.189.91.42
                                              SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elfGet hashmaliciousUnknownBrowse
                                              • 91.189.91.42
                                              Mk4eUPwWIY.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              AzRiLxCGXJ.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              Cr8Dw4Ybgh.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              slSUX7klEH.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              CANONICAL-ASGBl8XbwyLvrK.elfGet hashmaliciousMirai, GafgytBrowse
                                              • 91.189.91.42
                                              arm7.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              x86.elfGet hashmaliciousUnknownBrowse
                                              • 185.125.190.26
                                              SecuriteInfo.com.ELF.Mirai-CVD.31968.3467.elfGet hashmaliciousUnknownBrowse
                                              • 91.189.91.42
                                              SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elfGet hashmaliciousUnknownBrowse
                                              • 91.189.91.42
                                              SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elfGet hashmaliciousUnknownBrowse
                                              • 91.189.91.42
                                              Mk4eUPwWIY.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              AzRiLxCGXJ.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              Cr8Dw4Ybgh.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              slSUX7klEH.elfGet hashmaliciousMiraiBrowse
                                              • 91.189.91.42
                                              INIT7CHl8XbwyLvrK.elfGet hashmaliciousMirai, GafgytBrowse
                                              • 109.202.202.202
                                              arm7.elfGet hashmaliciousMiraiBrowse
                                              • 109.202.202.202
                                              SecuriteInfo.com.ELF.Mirai-CVD.31968.3467.elfGet hashmaliciousUnknownBrowse
                                              • 109.202.202.202
                                              SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elfGet hashmaliciousUnknownBrowse
                                              • 109.202.202.202
                                              SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elfGet hashmaliciousUnknownBrowse
                                              • 109.202.202.202
                                              Mk4eUPwWIY.elfGet hashmaliciousMiraiBrowse
                                              • 109.202.202.202
                                              AzRiLxCGXJ.elfGet hashmaliciousMiraiBrowse
                                              • 109.202.202.202
                                              Cr8Dw4Ybgh.elfGet hashmaliciousMiraiBrowse
                                              • 109.202.202.202
                                              slSUX7klEH.elfGet hashmaliciousMiraiBrowse
                                              • 109.202.202.202
                                              boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                              • 109.202.202.202
                                              HKKFGL-AS-APHKKwaifongGroupLimitedHKna.elfGet hashmaliciousGafgytBrowse
                                              • 103.218.208.171
                                              na.elfGet hashmaliciousGafgytBrowse
                                              • 103.218.19.2
                                              na.elfGet hashmaliciousGafgytBrowse
                                              • 103.218.19.0
                                              na.elfGet hashmaliciousGafgytBrowse
                                              • 103.218.208.182
                                              na.elfGet hashmaliciousGafgytBrowse
                                              • 103.218.89.105
                                              na.elfGet hashmaliciousGafgytBrowse
                                              • 103.218.208.188
                                              na.elfGet hashmaliciousUnknownBrowse
                                              • 194.120.230.54
                                              https://asbdjdas-asd.top/Get hashmaliciousUnknownBrowse
                                              • 39.109.126.218
                                              https://qwehikd-asdu.xyz/Get hashmaliciousUnknownBrowse
                                              • 39.109.126.218
                                              https://geminishdw-dws.top/Get hashmaliciousUnknownBrowse
                                              • 39.109.126.218

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              /run/systemd/journal/streams/.#9:77547ikht4x

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):223
                                              Entropy (8bit):5.506286166773042
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5yGhSDEBnAYuqjs77:SbFuFyLVIg1BG+f+M6EPuqji4s
                                              MD5:E43BC7686A84EE376CCEA20BB745ADF3
                                              SHA1:9D2669470A84076784A606CB37F9ECF7B47C1262
                                              SHA-256:AA3DC73249315C42F8D9AC28C5F97C5CFE01646E906FC2665C0897794EDB704D
                                              SHA-512:D035E57FCA095ED8645FBCA3ADE92C8FBDA8E4CDE5F5573D02285F5F4FD1075CACA49489BF4100241AD6227C82A6F2D36ED416AD0454EFAE2D2B8277729086FA
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=39e31ac777fa4b2dbe8b9dfbf8bf23ce.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

                                              /run/systemd/journal/streams/.#9:77552Cn2iiv

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):205
                                              Entropy (8bit):5.444898528688848
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmuLICBUgGgdJSx0ZjW:SbFuFyLVIg1BG+f+MukCBaajfGt
                                              MD5:DD73F03773DA0C5AF4FCF8D01BEE3A7E
                                              SHA1:4A0BB1FCC886AF31054DA9780828C2A7A66E691F
                                              SHA-256:D7C004785D9EAB240ABB537C8F9737D85DB2B643B7A5C42B82F19853A572F368
                                              SHA-512:701C821AC86414886B43AA499E3DA13425078E6D9758639F04B60356D4C75D9583134B9E11ECF8D378E96219997DBFFF9C8704ED622EC78C4F4A8E820A8DD8AD
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=d5335f14b1d9448095c168be64597224.IDENTIFIER=upowerd.UNIT=upower.service.

                                              /run/systemd/journal/streams/.#9:77562OHT9wu

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):205
                                              Entropy (8bit):5.359894031297528
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm+xR0XSTTiHyqATjsf:SbFuFyLVIg1BG+f+M+XjTGSqATjfGt
                                              MD5:619B0DBA6F970D0C0EC5008D34CE4E79
                                              SHA1:7BF5F587C787CCD6970B187F5BB080D49E797B03
                                              SHA-256:36A7C886F714FF0C25EB9A97F2088911080FFDCAF0E878BA2D68E2B227816799
                                              SHA-512:BA038C55EF097C2B106AD04617A65E16006BADD2C8928E0BDB94EDB81C5826EE2723A77D79104625ED04B25C0FEA6B81AFD11256138C0315772434E0F52AFFFF
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=471cca7440dc48b8b47664ac56bc774e.IDENTIFIER=upowerd.UNIT=upower.service.

                                              /run/systemd/journal/streams/.#9:77565Rd54Ex

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):183
                                              Entropy (8bit):5.3196210627546305
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm90VB/tihsZjs2TKBv:SbFuFyLVIg1BG+f+MCVKhsZjNA
                                              MD5:850070C981F8853FD13FC7B6E10E4E5A
                                              SHA1:7EBBDAD669C5BE60BC085ACD756FE703E4EA9DEB
                                              SHA-256:6CE466A2A5A7BA33F397EC78E96ADE252EDD154E08A39146F4405158A943F7F2
                                              SHA-512:D81567268125AFA28CA4F6F79895C127143D190AC41331872A0356F037CAFDCE86F3CC4B1698A482DFC14DDEEF83F4705ACB39B8F26EBD891EBFF7CD1790FC56
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7e7a0d647a94438c9af445383283a559.IDENTIFIER=gvfsd.

                                              /run/systemd/journal/streams/.#9:775669uAHUu

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):192
                                              Entropy (8bit):5.3609946288427945
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmomaMQwdiRKT14Fb:SbFuFyLVK6g7/+BG+f+MomaMQwdv14Fb
                                              MD5:6D038CB8DD31E5E986875B3F5DFDC86D
                                              SHA1:FCA81190BF16F488BEFD2DE96096EAD95E5B5EA5
                                              SHA-256:E1A54ED9170192348D0327C3E9BC0BFE471DECC986384F0F5B34DD50FB898EF2
                                              SHA-512:B8F901254E019B5E804AB1A195251FE3DA2F7DF76A434C6D5DF91F2823056F26A6206881B38AC24B0EECFC2955E74A0DEEEEC36D16C07D53CBAC84E4475C0B07
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b4e91e105e584c1ab653f4546c6dfc44.IDENTIFIER=org.xfce.Xfconf.

                                              /run/systemd/journal/streams/.#9:77567gWMeFx

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):192
                                              Entropy (8bit):5.376685461824703
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm90VdcUZRFJ2Vxs8:SbFuFyLVI6g7/+BG+f+MeVzZNdjF2NNv
                                              MD5:7754A7293BA5DDB7D18D793D2EC1928E
                                              SHA1:1B20FAD03BDD9FB867BEED5F912FD0689126192D
                                              SHA-256:97E0D1D79F9208F7BC353F1AB8A5257053B8AE740E72142461D866A5066786FA
                                              SHA-512:25A6A881AD2ACD0BAE5D1ACD2AA7D30444767D1816A833F7672C9974DC7C2B549510E071F462C28201A2E627B0C585F87EA1F483E78CD9D73AF1498999D555F5
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7eb2378fe11e487f8d32f0c0d26bb03c.IDENTIFIER=org.xfce.Xfconf.

                                              /run/systemd/journal/streams/.#9:77569Lfhtov

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):223
                                              Entropy (8bit):5.537400991936178
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmvzoaGRR+1B7wsjs77:SbFuFyLVIg1BG+f+MMNO1NZji4s
                                              MD5:165A01CA74F724958DB4086B8BE0155C
                                              SHA1:8826708C36248091866FCD0F466429B2B5341CF6
                                              SHA-256:0F71CF01FCB4C122966767626A7E5F41A6F23BCB13ED44ADE307D427E1B42548
                                              SHA-512:A7267DA947833A13AA4EBE71D370947EDE4F628A17DFC4FCE562EDA2FFF56A2DE54B4C36D1A5316FABEBF8125411F139CBFF753E628EB15363ED1B1E8BAFA4A3
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ee3438fc127c447686eab665c9200321.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

                                              /run/systemd/journal/streams/.#9:77654kiPujv

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):183
                                              Entropy (8bit):5.273543447970315
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmu2klcoQAcY9NTjs2A:SbFuFyLVIg1BG+f+MuqoQarjNA
                                              MD5:C037F1964F2DA1C570284CE4BD028848
                                              SHA1:B61BB794A2ADA1FF4D25949DFA0D4F328B19DBCD
                                              SHA-256:B438726561B7A6CBEB516CE04DDDC4F787EB02FCB4C9B7F9CD2CA903576B77EF
                                              SHA-512:7D8CF713758E81046F12F8C69DB6A9166FFE36D9A75D767846ABB89B2BCDCB0B479C65F1B0FD6B7E3D3A25876BFA75D9F651D2FCF1566E4C289354FEAF4E6058
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=deb02111fee949fcb9600691dbcc9fe9.IDENTIFIER=gvfsd.

                                              /run/systemd/journal/streams/.#9:77757BpZ7Cu

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):216
                                              Entropy (8bit):5.482386937577497
                                              Encrypted:false
                                              SSDEEP:6:SbFuFyLVK6g7/+BG+f+M8EMuPZjFSBzfLRM/:qgFqo6g7/+0+f+M8WSBrLi/
                                              MD5:2B6CC07C4855A5113108640B7213D772
                                              SHA1:85362F97B513CCBC6B14E37A2443BCB70C7F472F
                                              SHA-256:952EA842E2CFDC0E4291A5D7A40F72C90C98B265E49050D22326FDCD127BD5CF
                                              SHA-512:7FD470DDB7B4BF8C879A5A5E88CB48272A1F95441BC6692642CDFF4A2E41B603C3287E807F3FE729FEBC2719CE199A4FEFF7C7A783B9647B33176F226417BCC7
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=64b7359b59c74e10a60ca888ca3611ec.IDENTIFIER=org.freedesktop.thumbnails.Thumbnailer1.

                                              /run/systemd/journal/streams/.#9:77758FtS4tu

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):216
                                              Entropy (8bit):5.495066914758793
                                              Encrypted:false
                                              SSDEEP:6:SbFuFyLVI6g7/+BG+f+MiZB1ZjFSBzfLRM/:qgFqdg7/+0+f+MiZDvSBrLi/
                                              MD5:643924C261E8550AE63BEB37B6F0EF90
                                              SHA1:295FD0B3DD7046B69E22DF35703B2EDF4E2E918D
                                              SHA-256:3CDFD53EB7A9884C3173AA193DD99344C6148F4265BE34A5778A97B4A650331C
                                              SHA-512:1C8CBCD47E68B6907828416CB277A979E389571F680F3A07475ACA33749CE1290DB728545145F43037006DAB4E988969E7E24CE9D3DEEF259F89A576293AD7A5
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=c94f50c7a31a4b72882ab607d4dd2203.IDENTIFIER=org.freedesktop.thumbnails.Thumbnailer1.

                                              /run/systemd/journal/streams/.#9:77869vzNguw

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):183
                                              Entropy (8bit):5.360658084636198
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm4A7qACHPcR4NXR7vb:SbFuFyLVIg1BG+f+M4qWHPcR4r4ZjNA
                                              MD5:E167397ADAE48CF54C680F7B7BAA3B22
                                              SHA1:872BB212808792C283218F79F29676D95417D9A6
                                              SHA-256:BB66C0587A99E73139E97F8E2AC11B22DAC1463538BBDA2346BE4846AC91D213
                                              SHA-512:77FC95AB0A25AA78D606BCB5BCEB0965252D43425069ECAC5810DFA890E1B1FA9D0A9047B34438EDF9CF635D51002F6141D4C9429C881A512989DA7338B73BDE
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=2ea65d9ec0bf489db26d785e17bb2404.IDENTIFIER=gvfsd.

                                              /run/systemd/journal/streams/.#9:77904sKKbvv

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):228
                                              Entropy (8bit):5.390747650775956
                                              Encrypted:false
                                              SSDEEP:6:SbFuFyLVIg1BG+f+MkU7lk8jdCt/rRMtq:qgFq6g10+f+MouCDL
                                              MD5:900AB9487B7E364CDE426C71CAF68E36
                                              SHA1:B5D45F7B75DBF195EBD6DE62AFDB3C0A2830C6F3
                                              SHA-256:2234C20F6C286E5FB344B719854F2FD1D9CEF19F728C527E4B01E16DDB469955
                                              SHA-512:81C84B24D30635DE8F5480029C399DD7A500D5C774DCAE5737D2362A99A46302DDEB72406B404E56DB5F4A18C55012315DA10F7239628673D19F364019FF47F5
                                              Malicious:false
                                              Reputation:low
                                              Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=5e31d10374114defa5c1d48ca14bee38.IDENTIFIER=whoopsie-upload-all.UNIT=apport-autoreport.service.

                                              /run/systemd/journal/streams/.#9:78111bxrX4u

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):191
                                              Entropy (8bit):5.386777074645584
                                              Encrypted:false
                                              SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmyAEGL9DhcY+sjspDz:SbFuFyLVIg1BG+f+MyAEGLNjw9CcZ
                                              MD5:C8A7F2D991C5B4F9229FA5D8D3C49AFA
                                              SHA1:C86EFCE67505B19385324817CE68D32958D17ED9
                                              SHA-256:1D5ED4C4941CC8DEB9D7C5DCF0E0BD54921EEE4710752E27C536D0CE5E438F0F
                                              SHA-512:0A306D505D81C24EF80BB12FB7C71F2F539942B69319FDEFBF9EE9D78D6A46A3BFCD9204954D9AB72532F873517B399DA136A63ACCFF8CC7837E98E6A3B02B02
                                              Malicious:false
                                              Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=83b3f3d142af42e78c617a4514b1b4ea.IDENTIFIER=xfce4-notifyd.

                                              /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):240
                                              Entropy (8bit):1.4595260194504922
                                              Encrypted:false
                                              SSDEEP:3:F31HlejphQ3/2jphQvt:F3O7Qe7Qvt
                                              MD5:12D0CAD57CD0D8F8627F3B3ABB19DE63
                                              SHA1:170D99E158BB8603BFD5853B28DB3BEF7823B9E0
                                              SHA-256:6518A645E89C8608710B54450C6E7C2479808365C71EC3F134732D4218F44609
                                              SHA-512:C69AA1F774FFDCCCE37DCDD85E0A47E46E43AC12CDDC91EA7B4797056CEAEDCF118ADF2D60487F7C7AEEE8F949C725305681ADAEB80D22FE5C46D25DEE39D573
                                              Malicious:false
                                              Preview:LPKSHHRH................y.q..D.....M..................................y.q..D.....M..........................................................................................................................................................

                                              /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal

                                              Download File
                                              Process:/lib/systemd/systemd-journald
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):240
                                              Entropy (8bit):1.459526019450492
                                              Encrypted:false
                                              SSDEEP:3:F31HlqH9dty6H9dtml:F3Mlyslm
                                              MD5:544156FC16AD437A69A9790D91D16093
                                              SHA1:449F103301AB8EA0AA1F75CDC35F570785601A89
                                              SHA-256:8C68FCCF9380203DEAA62AFD2604C6712265BDEBF5553F7A0966E0D83B30347A
                                              SHA-512:194350303090702EAEFB9F6298B941433D938B32FC619E7580DDF876C7F0268BBE7F4D369EB01E3ACBEED5D53ABA61FE53513A7B71E5A13AC18AF8B98EEC321A
                                              Malicious:false
                                              Preview:LPKSHHRH................[....D...e..ow................................[....D...e..ow........................................................................................................................................................

                                              Static File Info

                                              General

                                              File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
                                              Entropy (8bit):7.962815900318987
                                              TrID:
                                              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                              File name:r3M3VGE5AG.elf
                                              File size:38'892 bytes
                                              MD5:62979e5406e5d1d1d1883b534f964ec9
                                              SHA1:55453e91f5063de40c5862a4b99af1e71377cb57
                                              SHA256:ca180cf3a3687214752f4522c903b620addcec6f84a9d5ad2d873b4984aaaa68
                                              SHA512:17a55fc5fb849e004fd03ffea31dc7801f77ee7d27c76b13e526d1f432988b06ac94c4132b96bf34ed2d4003c4d2b25011200914a38d80b2a4c4d8a403c68617
                                              SSDEEP:768:Lk4WSrPXirwCN1msmp1j/9TC6p9JPML1jbJQr6TtDyuMeEqxJCtHzl09W0CSyxr4:LxWSLXiDrmpRQ1jbWmBDyLeEMJCtHZQZ
                                              TLSH:2803E197A77A6EF4C039EA7D82BD8470F919308FA90213870DEA41DD7DBE5051F40682
                                              File Content Preview:.ELF..............>.............@...................@.8...@..............................................................................UQ......UQ.............................Q.td.....................................................FR.UPX!H..............

                                              Static ELF Info

                                              ELF header

                                              Class:ELF64
                                              Data:2's complement, little endian
                                              Version:1 (current)
                                              Machine:Advanced Micro Devices X86-64
                                              Version Number:0x1
                                              Type:EXEC (Executable file)
                                              OS/ABI:UNIX - System V
                                              ABI Version:0
                                              Entry Point Address:0x1085b8
                                              Flags:0x0
                                              ELF Header Size:64
                                              Program Header Offset:64
                                              Program Header Size:56
                                              Number of Program Headers:3
                                              Section Header Offset:0
                                              Section Header Size:64
                                              Number of Section Headers:0
                                              Header String Table Index:0

                                              Program Segments

                                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                              LOAD0x00x1000000x1000000x96f40x96f47.96500x5R E0x100000
                                              LOAD0x5880x5155880x5155880x00x00.00000x6RW 0x1000
                                              GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Oct 8, 2024 07:30:56.998250961 CEST3511257899192.168.2.23194.120.230.54
                                              Oct 8, 2024 07:30:57.004127979 CEST5789935112194.120.230.54192.168.2.23
                                              Oct 8, 2024 07:30:57.004373074 CEST3511257899192.168.2.23194.120.230.54
                                              Oct 8, 2024 07:30:57.005624056 CEST3511257899192.168.2.23194.120.230.54
                                              Oct 8, 2024 07:30:57.010790110 CEST5789935112194.120.230.54192.168.2.23
                                              Oct 8, 2024 07:30:57.010879040 CEST3511257899192.168.2.23194.120.230.54
                                              Oct 8, 2024 07:30:57.016393900 CEST5789935112194.120.230.54192.168.2.23
                                              Oct 8, 2024 07:30:57.581619024 CEST43928443192.168.2.2391.189.91.42
                                              Oct 8, 2024 07:31:03.212691069 CEST42836443192.168.2.2391.189.91.43
                                              Oct 8, 2024 07:31:04.748437881 CEST4251680192.168.2.23109.202.202.202
                                              Oct 8, 2024 07:31:07.012147903 CEST3511257899192.168.2.23194.120.230.54
                                              Oct 8, 2024 07:31:07.017477036 CEST5789935112194.120.230.54192.168.2.23
                                              Oct 8, 2024 07:31:07.191267967 CEST5789935112194.120.230.54192.168.2.23
                                              Oct 8, 2024 07:31:07.191342115 CEST3511257899192.168.2.23194.120.230.54
                                              Oct 8, 2024 07:31:07.546339035 CEST5789935112194.120.230.54192.168.2.23
                                              Oct 8, 2024 07:31:07.546451092 CEST3511257899192.168.2.23194.120.230.54
                                              Oct 8, 2024 07:31:18.058589935 CEST43928443192.168.2.2391.189.91.42
                                              Oct 8, 2024 07:31:30.344856977 CEST42836443192.168.2.2391.189.91.43
                                              Oct 8, 2024 07:31:34.440264940 CEST4251680192.168.2.23109.202.202.202
                                              Oct 8, 2024 07:31:59.012917995 CEST43928443192.168.2.2391.189.91.42
                                              Oct 8, 2024 07:32:07.591629028 CEST3511257899192.168.2.23194.120.230.54
                                              Oct 8, 2024 07:32:07.596791983 CEST5789935112194.120.230.54192.168.2.23
                                              Oct 8, 2024 07:32:07.770698071 CEST5789935112194.120.230.54192.168.2.23
                                              Oct 8, 2024 07:32:07.770804882 CEST3511257899192.168.2.23194.120.230.54
                                              Oct 8, 2024 07:32:08.546056032 CEST5789935112194.120.230.54192.168.2.23
                                              Oct 8, 2024 07:32:08.546118975 CEST3511257899192.168.2.23194.120.230.54

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Oct 8, 2024 07:30:56.956819057 CEST5539853192.168.2.238.8.8.8
                                              Oct 8, 2024 07:30:56.964109898 CEST53553988.8.8.8192.168.2.23
                                              Oct 8, 2024 07:30:56.965142965 CEST4621953192.168.2.238.8.8.8
                                              Oct 8, 2024 07:30:56.972086906 CEST53462198.8.8.8192.168.2.23
                                              Oct 8, 2024 07:30:56.974735975 CEST5672053192.168.2.238.8.8.8
                                              Oct 8, 2024 07:30:56.981646061 CEST53567208.8.8.8192.168.2.23
                                              Oct 8, 2024 07:30:56.982713938 CEST4900853192.168.2.238.8.8.8
                                              Oct 8, 2024 07:30:56.989526033 CEST53490088.8.8.8192.168.2.23
                                              Oct 8, 2024 07:30:56.990642071 CEST3607653192.168.2.238.8.8.8
                                              Oct 8, 2024 07:30:56.997364044 CEST53360768.8.8.8192.168.2.23

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Oct 8, 2024 07:30:56.956819057 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256400false
                                              Oct 8, 2024 07:30:56.965142965 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256400false
                                              Oct 8, 2024 07:30:56.974735975 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256400false
                                              Oct 8, 2024 07:30:56.982713938 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256400false
                                              Oct 8, 2024 07:30:56.990642071 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256400false

                                              System Behavior

                                              General

                                              Start time (UTC):05:30:56
                                              Start date (UTC):08/10/2024
                                              Path:/tmp/r3M3VGE5AG.elf
                                              Arguments:/tmp/r3M3VGE5AG.elf
                                              File size:38892 bytes
                                              MD5 hash:62979e5406e5d1d1d1883b534f964ec9

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:56
                                              Start date (UTC):08/10/2024
                                              Path:/tmp/r3M3VGE5AG.elf
                                              Arguments:-
                                              File size:38892 bytes
                                              MD5 hash:62979e5406e5d1d1d1883b534f964ec9

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:56
                                              Start date (UTC):08/10/2024
                                              Path:/tmp/r3M3VGE5AG.elf
                                              Arguments:-
                                              File size:38892 bytes
                                              MD5 hash:62979e5406e5d1d1d1883b534f964ec9

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:56
                                              Start date (UTC):08/10/2024
                                              Path:/tmp/r3M3VGE5AG.elf
                                              Arguments:-
                                              File size:38892 bytes
                                              MD5 hash:62979e5406e5d1d1d1883b534f964ec9

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/tmp/r3M3VGE5AG.elf
                                              Arguments:-
                                              File size:38892 bytes
                                              MD5 hash:62979e5406e5d1d1d1883b534f964ec9

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "ps -A -o pid,cmd --no-headers"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/ps
                                              Arguments:ps -A -o pid,cmd --no-headers
                                              File size:137688 bytes
                                              MD5 hash:ab48054475a6f70f8e7fa847331f3327

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/tmp/r3M3VGE5AG.elf
                                              Arguments:-
                                              File size:38892 bytes
                                              MD5 hash:62979e5406e5d1d1d1883b534f964ec9

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "ps -A -o pid,cmd --no-headers"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/ps
                                              Arguments:ps -A -o pid,cmd --no-headers
                                              File size:137688 bytes
                                              MD5 hash:ab48054475a6f70f8e7fa847331f3327

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:31
                                              Start date (UTC):08/10/2024
                                              Path:/tmp/r3M3VGE5AG.elf
                                              Arguments:-
                                              File size:38892 bytes
                                              MD5 hash:62979e5406e5d1d1d1883b534f964ec9

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:31
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "ps -A -o pid,cmd --no-headers"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:31
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:31
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/ps
                                              Arguments:ps -A -o pid,cmd --no-headers
                                              File size:137688 bytes
                                              MD5 hash:ab48054475a6f70f8e7fa847331f3327

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:47
                                              Start date (UTC):08/10/2024
                                              Path:/tmp/r3M3VGE5AG.elf
                                              Arguments:-
                                              File size:38892 bytes
                                              MD5 hash:62979e5406e5d1d1d1883b534f964ec9

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:47
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "ps -A -o pid,cmd --no-headers"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:47
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:47
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/ps
                                              Arguments:ps -A -o pid,cmd --no-headers
                                              File size:137688 bytes
                                              MD5 hash:ab48054475a6f70f8e7fa847331f3327

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gsd-wacom
                                              Arguments:/usr/libexec/gsd-wacom
                                              File size:39520 bytes
                                              MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gsd-keyboard
                                              Arguments:/usr/libexec/gsd-keyboard
                                              File size:39760 bytes
                                              MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/upower/upowerd
                                              Arguments:/usr/lib/upower/upowerd
                                              File size:260328 bytes
                                              MD5 hash:1253eea2fe5fe4017069664284e326cd

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/sbin/gdm3
                                              Arguments:-
                                              File size:453296 bytes
                                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/etc/gdm3/PrimeOff/Default
                                              Arguments:/etc/gdm3/PrimeOff/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/sbin/gdm3
                                              Arguments:-
                                              File size:453296 bytes
                                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/etc/gdm3/PrimeOff/Default
                                              Arguments:/etc/gdm3/PrimeOff/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:-
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/bin/fusermount
                                              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                              File size:39144 bytes
                                              MD5 hash:576a1b135c82bdcbc97a91acea900566

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfwm4
                                              Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                              File size:420424 bytes
                                              MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/rm
                                              Arguments:rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
                                              File size:72056 bytes
                                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:30:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfdesktop
                                              Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                              File size:473520 bytes
                                              MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfwm4
                                              Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                              File size:420424 bytes
                                              MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/upower/upowerd
                                              Arguments:/usr/lib/upower/upowerd
                                              File size:260328 bytes
                                              MD5 hash:1253eea2fe5fe4017069664284e326cd

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:00
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:01
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfdesktop
                                              Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                              File size:473520 bytes
                                              MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:04
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:04
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:/usr/libexec/gvfsd
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:05
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:-
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:05
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:-
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:05
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:06
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:-
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:06
                                              Start date (UTC):08/10/2024
                                              Path:/bin/fusermount
                                              Arguments:fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
                                              File size:39144 bytes
                                              MD5 hash:576a1b135c82bdcbc97a91acea900566

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:-
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/bin/fusermount
                                              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                              File size:39144 bytes
                                              MD5 hash:576a1b135c82bdcbc97a91acea900566

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:05
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/dbus-daemon
                                              Arguments:-
                                              File size:249032 bytes
                                              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:05
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                              File size:112880 bytes
                                              MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:08
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:08
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/journalctl
                                              Arguments:/usr/bin/journalctl --smart-relinquish-var
                                              File size:80120 bytes
                                              MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:08
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:08
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfwm4
                                              Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                              File size:420424 bytes
                                              MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:09
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:09
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfdesktop
                                              Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                              File size:473520 bytes
                                              MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:09
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:09
                                              Start date (UTC):08/10/2024
                                              Path:/lib/systemd/systemd-journald
                                              Arguments:/lib/systemd/systemd-journald
                                              File size:162032 bytes
                                              MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:10
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:10
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:10
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:10
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/upower/upowerd
                                              Arguments:/usr/lib/upower/upowerd
                                              File size:260328 bytes
                                              MD5 hash:1253eea2fe5fe4017069664284e326cd

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfwm4
                                              Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                              File size:420424 bytes
                                              MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:40
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:40
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:40
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:40
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:40
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:40
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:40
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:40
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:41
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:41
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 6291468 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:43
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:44
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 6291469 actions "Action Buttons" "Log out, lock or other system actions"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:59
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:32:04
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:-
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:32:04
                                              Start date (UTC):08/10/2024
                                              Path:/usr/sbin/xfpm-power-backlight-helper
                                              Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                                              File size:14656 bytes
                                              MD5 hash:3d221ad23f28ca3259f599b1664e2427

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/upower/upowerd
                                              Arguments:/usr/lib/upower/upowerd
                                              File size:260328 bytes
                                              MD5 hash:1253eea2fe5fe4017069664284e326cd

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:14
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:15
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfdesktop
                                              Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                              File size:473520 bytes
                                              MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:18
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:18
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:/usr/libexec/gvfsd
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:20
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:-
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:20
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:-
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:20
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:22
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:-
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              Chronological Activities


                                              General

                                              Start time (UTC):05:31:22
                                              Start date (UTC):08/10/2024
                                              Path:/bin/fusermount
                                              Arguments:fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
                                              File size:39144 bytes
                                              MD5 hash:576a1b135c82bdcbc97a91acea900566

                                              General

                                              Start time (UTC):05:31:31
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:-
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              General

                                              Start time (UTC):05:31:31
                                              Start date (UTC):08/10/2024
                                              Path:/bin/fusermount
                                              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                              File size:39144 bytes
                                              MD5 hash:576a1b135c82bdcbc97a91acea900566

                                              General

                                              Start time (UTC):05:31:18
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/dbus-daemon
                                              Arguments:-
                                              File size:249032 bytes
                                              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                              General

                                              Start time (UTC):05:31:18
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                              File size:112880 bytes
                                              MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                                              General

                                              Start time (UTC):05:31:22
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              General

                                              Start time (UTC):05:31:22
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfwm4
                                              Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                              File size:420424 bytes
                                              MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                              General

                                              Start time (UTC):05:31:23
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfce4-session
                                              Arguments:-
                                              File size:264752 bytes
                                              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                              General

                                              Start time (UTC):05:31:23
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/xfdesktop
                                              Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                              File size:473520 bytes
                                              MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                              General

                                              Start time (UTC):05:31:25
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              General

                                              Start time (UTC):05:31:25
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/journalctl
                                              Arguments:/usr/bin/journalctl --flush
                                              File size:80120 bytes
                                              MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                              General

                                              Start time (UTC):05:31:34
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              General

                                              Start time (UTC):05:31:34
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:/usr/libexec/gvfsd
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              General

                                              Start time (UTC):05:31:38
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:-
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              General

                                              Start time (UTC):05:31:38
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:-
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              General

                                              Start time (UTC):05:31:38
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              General

                                              Start time (UTC):05:31:38
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:-
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              General

                                              Start time (UTC):05:31:38
                                              Start date (UTC):08/10/2024
                                              Path:/bin/fusermount
                                              Arguments:fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
                                              File size:39144 bytes
                                              MD5 hash:576a1b135c82bdcbc97a91acea900566

                                              General

                                              Start time (UTC):05:31:47
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:-
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              General

                                              Start time (UTC):05:31:47
                                              Start date (UTC):08/10/2024
                                              Path:/bin/fusermount
                                              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                              File size:39144 bytes
                                              MD5 hash:576a1b135c82bdcbc97a91acea900566

                                              General

                                              Start time (UTC):05:31:46
                                              Start date (UTC):08/10/2024
                                              Path:/usr/bin/dbus-daemon
                                              Arguments:-
                                              File size:249032 bytes
                                              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                              General

                                              Start time (UTC):05:31:46
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
                                              Arguments:/usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
                                              File size:149888 bytes
                                              MD5 hash:2ef099898845e9c5ec6f1a6fd3ad61af

                                              General

                                              Start time (UTC):05:31:52
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              General

                                              Start time (UTC):05:31:52
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:/usr/libexec/gvfsd
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              General

                                              Start time (UTC):05:31:54
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:-
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              General

                                              Start time (UTC):05:31:54
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd
                                              Arguments:-
                                              File size:39224 bytes
                                              MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                              General

                                              Start time (UTC):05:31:54
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              General

                                              Start time (UTC):05:31:55
                                              Start date (UTC):08/10/2024
                                              Path:/usr/libexec/gvfsd-fuse
                                              Arguments:-
                                              File size:47632 bytes
                                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                              General

                                              Start time (UTC):05:31:55
                                              Start date (UTC):08/10/2024
                                              Path:/bin/fusermount
                                              Arguments:fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
                                              File size:39144 bytes
                                              MD5 hash:576a1b135c82bdcbc97a91acea900566

                                              General

                                              Start time (UTC):05:32:07
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              General

                                              Start time (UTC):05:32:07
                                              Start date (UTC):08/10/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                              File size:112872 bytes
                                              MD5 hash:eee956f1b227c1d5031f9c61223255d1