Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
1isequal9.arm

Overview

General Information

Sample Name:1isequal9.arm
Analysis ID:626540
MD5:fc0a76d00e5267eae22dc71a6926b525
SHA1:b79f48ec66a6748c35af8972bc601dd46be47c6f
SHA256:1a26e16bc62ca7e71b3b2cfa9679b3e121d85c61d2c4be597d7441789d7bd7d1
Infos:

Detection

Mirai
Score:60
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Reads system files that contain records of logged in users
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample has stripped symbol table
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626540
Start date and time: 14/05/202211:50:172022-05-14 11:50:17 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 19s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:1isequal9.arm
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal60.spre.troj.linARM@0/46@3/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100
  • Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:/tmp/1isequal9.arm
PID:6224
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
VegaSec-KATANA001
Standard Error:

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 6242, Parent: 1)
  • journalctl (PID: 6242, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6263, Parent: 1)
  • systemd-journald (PID: 6263, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6266, Parent: 1)
  • journalctl (PID: 6266, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6307, Parent: 1)
  • dbus-daemon (PID: 6307, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6322, Parent: 1)
  • whoopsie (PID: 6322, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6326, Parent: 1860)
  • pulseaudio (PID: 6326, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6331, Parent: 1)
  • rtkit-daemon (PID: 6331, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6334, Parent: 1)
  • systemd-logind (PID: 6334, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6396, Parent: 1)
  • polkitd (PID: 6396, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6397, Parent: 1)
  • rsyslogd (PID: 6397, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • gdm3 New Fork (PID: 6402, Parent: 1320)
  • Default (PID: 6402, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6403, Parent: 1320)
  • Default (PID: 6403, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6404, Parent: 1320)
  • Default (PID: 6404, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6408, Parent: 1)
  • agetty (PID: 6408, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6411, Parent: 1)
  • gpu-manager (PID: 6411, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6412, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6413, Parent: 6412)
      • grep (PID: 6413, Parent: 6412, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6414, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6415, Parent: 6414)
      • grep (PID: 6415, Parent: 6414, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6416, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6417, Parent: 6416)
      • grep (PID: 6417, Parent: 6416, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6418, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6419, Parent: 6418)
      • grep (PID: 6419, Parent: 6418, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6420, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6421, Parent: 6420)
      • grep (PID: 6421, Parent: 6420, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6423, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6424, Parent: 6423)
      • grep (PID: 6424, Parent: 6423, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6425, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6426, Parent: 6425)
      • grep (PID: 6426, Parent: 6425, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6431, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6432, Parent: 6431)
      • grep (PID: 6432, Parent: 6431, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6433, Parent: 1)
  • generate-config (PID: 6433, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6434, Parent: 6433, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6435, Parent: 1)
  • gdm-wait-for-drm (PID: 6435, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6440, Parent: 1)
  • gdm3 (PID: 6440, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6445, Parent: 6440)
    • plymouth (PID: 6445, Parent: 6440, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6463, Parent: 6440)
    • gdm-session-worker (PID: 6463, Parent: 6440, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 6467, Parent: 6463, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 6469, Parent: 6467, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 6473, Parent: 6469)
            • false (PID: 6474, Parent: 6473, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 6475, Parent: 6467, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 6476, Parent: 6475, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 6477, Parent: 6440)
    • Default (PID: 6477, Parent: 6440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 6478, Parent: 6440)
    • Default (PID: 6478, Parent: 6440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6446, Parent: 1)
  • accounts-daemon (PID: 6446, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6458, Parent: 6446, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6459, Parent: 6458, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6460, Parent: 6459, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6461, Parent: 6460)
          • locale (PID: 6461, Parent: 6460, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6462, Parent: 6460)
          • grep (PID: 6462, Parent: 6460, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • fusermount (PID: 6486, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 6527, Parent: 1860)
  • dbus-daemon (PID: 6527, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
1isequal9.armSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x11bc4:$xo1: \x18:/<994z`{e
  • 0x11c3c:$xo1: \x18:/<994z`{e
  • 0x11cb4:$xo1: \x18:/<994z`{e
  • 0x11d08:$xo1: \x18:/<994z`{e
  • 0x11d80:$xo1: \x18:/<994z`{e
  • 0x11df8:$xo1: \x18:/<994z`{e
  • 0x11e70:$xo1: \x18:/<994z`{e
  • 0x11ee0:$xo1: \x18:/<994z`{e
  • 0x11f5c:$xo1: \x18:/<994z`{e
  • 0x11fac:$xo1: \x18:/<994z`{e

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6228.1.0000000095842f29.0000000017b7556a.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x850:$xo1: \x18:/<994z`{e
    • 0x8c8:$xo1: \x18:/<994z`{e
    • 0x940:$xo1: \x18:/<994z`{e
    • 0x998:$xo1: \x18:/<994z`{e
    • 0xa10:$xo1: \x18:/<994z`{e
    • 0xa88:$xo1: \x18:/<994z`{e
    • 0xb04:$xo1: \x18:/<994z`{e
    • 0xb78:$xo1: \x18:/<994z`{e
    • 0xbf8:$xo1: \x18:/<994z`{e
    • 0xc4c:$xo1: \x18:/<994z`{e
    6230.1.0000000095842f29.0000000017b7556a.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x850:$xo1: \x18:/<994z`{e
    • 0x8c8:$xo1: \x18:/<994z`{e
    • 0x940:$xo1: \x18:/<994z`{e
    • 0x998:$xo1: \x18:/<994z`{e
    • 0xa10:$xo1: \x18:/<994z`{e
    • 0xa88:$xo1: \x18:/<994z`{e
    • 0xb04:$xo1: \x18:/<994z`{e
    • 0xb78:$xo1: \x18:/<994z`{e
    • 0xbf8:$xo1: \x18:/<994z`{e
    • 0xc4c:$xo1: \x18:/<994z`{e
    6227.1.00000000de8a82a9.00000000d707757e.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x11bc4:$xo1: \x18:/<994z`{e
    • 0x11c3c:$xo1: \x18:/<994z`{e
    • 0x11cb4:$xo1: \x18:/<994z`{e
    • 0x11d08:$xo1: \x18:/<994z`{e
    • 0x11d80:$xo1: \x18:/<994z`{e
    • 0x11df8:$xo1: \x18:/<994z`{e
    • 0x11e70:$xo1: \x18:/<994z`{e
    • 0x11ee0:$xo1: \x18:/<994z`{e
    • 0x11f5c:$xo1: \x18:/<994z`{e
    • 0x11fac:$xo1: \x18:/<994z`{e
    6230.1.00000000de8a82a9.00000000d707757e.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x11bc4:$xo1: \x18:/<994z`{e
    • 0x11c3c:$xo1: \x18:/<994z`{e
    • 0x11cb4:$xo1: \x18:/<994z`{e
    • 0x11d08:$xo1: \x18:/<994z`{e
    • 0x11d80:$xo1: \x18:/<994z`{e
    • 0x11df8:$xo1: \x18:/<994z`{e
    • 0x11e70:$xo1: \x18:/<994z`{e
    • 0x11ee0:$xo1: \x18:/<994z`{e
    • 0x11f5c:$xo1: \x18:/<994z`{e
    • 0x11fac:$xo1: \x18:/<994z`{e
    6233.1.0000000095842f29.0000000017b7556a.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x850:$xo1: \x18:/<994z`{e
    • 0x8c8:$xo1: \x18:/<994z`{e
    • 0x940:$xo1: \x18:/<994z`{e
    • 0x998:$xo1: \x18:/<994z`{e
    • 0xa10:$xo1: \x18:/<994z`{e
    • 0xa88:$xo1: \x18:/<994z`{e
    • 0xb04:$xo1: \x18:/<994z`{e
    • 0xb78:$xo1: \x18:/<994z`{e
    • 0xbf8:$xo1: \x18:/<994z`{e
    • 0xc4c:$xo1: \x18:/<994z`{e
    Click to see the 5 entries

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: /usr/bin/pulseaudio (PID: 6326)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 6434)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: global trafficTCP traffic: 192.168.2.23:37900 -> 185.174.136.96:63645
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 213.28.149.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 9.123.3.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.14.170.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 153.144.25.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 95.18.120.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 94.245.250.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 200.219.14.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 173.131.230.201:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 39.12.109.30:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.107.14.245:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.174.65.162:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 92.128.159.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.108.162.235:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.221.105.93:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 146.249.82.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.193.125.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 177.23.179.42:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 210.189.76.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 123.29.118.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 191.41.208.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 112.184.122.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.98.254.238:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 160.116.89.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 88.189.39.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 58.163.23.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 175.173.122.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 83.201.12.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 13.153.236.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 86.40.200.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 223.216.63.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 207.91.21.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 140.238.118.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 200.157.23.136:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.143.33.128:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 150.179.0.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 203.29.30.81:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 152.104.117.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.191.221.115:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 63.252.190.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 139.159.230.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.48.239.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 212.5.218.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 180.126.241.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 223.119.144.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 80.27.204.179:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.89.113.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 181.89.64.106:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.190.102.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.160.254.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 113.139.231.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.33.129.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 213.107.171.192:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 17.32.56.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 145.174.17.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 207.185.236.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 115.5.20.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 45.202.161.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 40.82.7.248:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 141.115.14.22:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 165.25.157.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 138.228.163.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.7.235.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.242.149.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 178.66.182.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.201.109.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 27.3.101.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.86.84.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 135.91.135.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.187.203.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 165.117.87.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 106.26.210.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 73.48.124.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 220.108.105.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 83.34.128.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 95.78.34.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 53.142.113.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.73.24.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 219.31.39.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.181.41.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.88.165.20:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 62.77.67.252:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 120.168.36.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 195.226.149.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 159.95.154.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.125.201.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 89.83.66.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.58.171.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 109.193.225.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 197.233.180.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 37.111.223.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 209.31.65.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.158.9.144:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 201.162.94.144:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 85.179.233.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 48.251.92.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 5.60.182.179:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 208.107.181.238:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 102.92.221.200:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 124.214.92.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 112.25.137.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 109.180.23.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.217.40.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 178.73.114.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 47.15.61.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 220.23.167.100:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.6.244.93:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 89.236.102.170:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 162.11.166.169:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 20.130.82.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 71.110.225.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.109.16.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 91.7.253.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 103.71.83.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 105.201.1.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 174.204.108.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.159.127.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 179.111.215.78:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 94.47.66.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 54.130.125.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 60.112.49.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 107.238.41.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 34.198.88.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 114.15.76.77:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 210.48.84.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 14.156.59.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 145.79.58.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.228.160.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 118.224.216.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 75.207.46.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 100.211.134.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.207.44.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 142.61.174.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 117.237.154.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 176.15.176.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.155.129.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 222.240.100.219:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 17.193.206.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 181.58.228.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 102.233.29.75:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 67.149.140.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 53.223.229.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 120.1.32.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 31.97.202.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 195.84.235.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 186.198.87.243:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 75.125.191.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 174.168.97.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 157.92.86.146:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 104.13.156.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 173.137.6.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 191.155.2.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 73.112.6.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 177.57.236.117:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.224.195.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 206.64.176.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 160.10.111.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 9.167.137.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 122.215.142.11:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 86.232.215.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 157.86.33.106:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 76.143.145.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.88.76.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.196.136.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 208.30.153.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 216.17.206.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 113.146.196.13:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 181.17.164.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 41.22.37.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 108.121.162.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.133.99.169:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 197.174.200.156:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.26.253.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 86.98.156.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 146.160.3.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.102.61.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.54.90.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 90.250.175.245:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 163.70.231.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 197.241.122.155:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 65.179.201.67:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 92.188.168.236:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 171.80.193.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 19.238.161.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 203.218.175.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 31.212.139.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 165.33.137.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 108.106.203.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.246.19.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 161.241.64.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 90.25.16.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 178.191.22.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 208.55.188.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.58.205.200:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 153.104.235.191:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 117.100.39.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 203.36.78.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.20.212.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.72.251.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 176.62.84.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 64.54.62.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 206.18.179.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 218.205.213.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 61.140.147.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.4.89.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.198.49.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 193.32.98.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 171.47.44.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 70.227.136.116:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.106.161.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 183.94.152.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 211.246.217.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 66.130.226.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 89.1.160.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.38.183.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.143.49.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 98.148.97.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 61.57.220.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 107.142.54.87:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 90.22.249.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.223.213.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 149.50.225.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 185.175.110.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 39.226.200.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 87.19.11.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 5.167.16.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.147.165.141:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 119.44.244.219:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 162.66.149.128:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.39.249.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.159.152.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 8.200.83.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.108.197.39:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 175.135.161.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 188.125.164.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 174.29.182.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 24.192.55.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 18.158.49.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.110.73.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.107.170.6:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 106.158.153.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 222.63.162.96:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 108.111.51.252:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 86.36.137.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 77.195.57.226:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 179.247.226.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.223.212.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 98.6.135.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.61.239.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 204.192.148.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.68.253.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 57.91.101.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 202.244.31.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 221.170.248.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 220.20.177.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.38.210.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.119.62.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 45.24.32.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 176.109.189.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.78.150.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.53.133.120:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 177.208.64.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 61.210.116.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 102.231.80.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 80.84.14.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 135.52.197.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.223.0.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 43.137.247.17:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.84.4.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 155.146.161.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 161.202.40.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 151.208.157.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 105.242.153.2:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 200.13.182.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 103.199.35.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.58.231.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 1.219.80.198:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 39.61.16.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 40.202.224.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 78.222.124.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.9.156.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 14.77.235.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 196.251.141.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 173.125.0.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.116.101.147:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 58.23.212.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.193.117.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.83.221.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 151.206.10.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 102.228.164.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 209.121.186.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 138.5.32.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 190.162.238.167:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 71.159.113.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 111.74.137.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 77.52.9.233:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 73.162.246.52:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 222.218.234.18:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 110.217.218.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 191.51.198.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 218.91.243.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.50.0.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 24.17.243.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.124.145.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 184.146.137.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 197.13.250.51:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.5.99.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.27.18.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 41.76.20.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 40.40.27.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 166.202.28.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 5.43.124.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 9.86.79.98:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 79.75.83.160:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 120.245.75.222:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 222.57.208.86:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 125.37.56.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 180.28.8.85:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 5.68.14.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.211.5.126:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 196.98.141.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 109.187.43.117:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.220.24.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 66.116.163.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 61.78.184.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 194.166.250.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 93.189.58.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 148.29.177.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 212.49.1.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 48.156.140.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.0.156.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 53.77.73.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 165.67.174.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 4.26.91.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 9.100.148.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 4.200.252.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 213.85.160.109:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 77.178.221.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 57.157.12.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 202.209.160.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 1.70.195.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 88.234.41.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 53.127.230.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 146.16.156.186:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 116.193.236.17:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 123.139.13.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 183.8.129.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 151.218.85.122:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 151.25.40.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 188.233.91.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 93.134.44.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.154.183.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 164.8.156.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 184.45.49.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.29.196.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 23.43.71.241:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 130.29.66.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 167.208.74.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.106.108.219:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 119.0.64.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 146.147.189.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 218.120.251.13:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 200.21.12.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 195.129.253.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.184.117.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 166.169.243.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 101.81.18.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 157.203.116.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 188.27.60.145:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 37.169.53.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.166.94.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 105.144.72.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 159.136.154.3:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 41.85.60.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.90.89.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 70.31.137.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 71.246.121.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.20.238.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 93.74.217.114:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.32.249.81:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.71.208.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 148.223.80.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 167.126.64.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.144.105.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.181.19.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 77.146.108.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 4.13.169.6:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.202.70.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 204.145.39.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 106.86.195.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 75.52.181.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.237.129.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 23.231.16.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 68.134.117.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 211.88.99.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 188.211.106.97:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 12.109.243.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 42.246.196.248:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.160.132.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 2.128.6.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 110.77.136.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 180.35.250.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.95.167.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 145.77.224.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.97.114.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 149.156.169.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 8.187.18.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 48.207.151.12:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 166.70.20.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 176.150.247.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 159.53.224.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 211.183.130.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 93.97.201.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 112.71.19.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.5.8.75:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 13.255.155.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.11.190.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.148.189.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 80.115.177.160:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 101.40.77.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 41.25.118.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 158.34.24.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 124.28.245.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 193.153.104.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 34.48.46.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 112.42.66.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 223.164.118.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 114.208.216.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 92.94.54.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 203.36.139.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.88.248.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 189.111.184.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 207.52.88.30:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.187.154.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 71.55.244.52:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 190.110.236.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 36.216.37.48:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 114.219.57.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.129.135.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.63.252.236:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 118.243.75.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 211.218.213.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 191.65.185.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 149.52.10.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 4.10.195.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.98.47.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.141.50.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.40.27.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 193.111.51.3:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 135.254.149.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.25.218.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.91.176.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 100.151.194.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 31.62.135.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 164.42.76.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 108.136.154.202:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.38.195.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 65.222.218.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 69.95.177.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 74.226.184.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 17.230.248.174:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 148.23.104.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 142.117.58.192:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 48.190.135.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 156.75.87.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 100.139.164.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 125.27.163.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 198.123.209.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 204.127.15.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.176.59.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 104.109.165.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 167.13.81.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 181.44.47.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 152.114.244.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 189.238.208.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.103.106.194:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.178.149.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.145.124.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.221.183.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 85.168.180.187:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 83.72.171.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 2.119.8.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.62.71.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 79.172.216.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.3.211.81:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 220.225.160.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.76.65.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 27.153.213.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.218.147.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 35.242.191.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 210.241.67.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 42.43.80.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 162.14.177.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 162.117.152.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 198.206.255.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 153.101.218.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 92.226.46.208:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 24.129.134.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 8.233.214.97:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 183.255.43.53:2323
    Source: /tmp/1isequal9.arm (PID: 6224)Socket: 127.0.0.1::59025
    Source: /lib/systemd/systemd-journald (PID: 6263)Socket: <unknown socket type>:unknown
    Source: /usr/sbin/gdm3 (PID: 6440)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 6469)Socket: <unknown socket type>:unknown
    Source: unknownNetwork traffic detected: HTTP traffic on port 56474 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56474
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 185.174.136.96
    Source: unknownTCP traffic detected without corresponding DNS query: 213.28.149.227
    Source: unknownTCP traffic detected without corresponding DNS query: 135.198.11.227
    Source: unknownTCP traffic detected without corresponding DNS query: 20.229.214.224
    Source: unknownTCP traffic detected without corresponding DNS query: 12.186.100.213
    Source: unknownTCP traffic detected without corresponding DNS query: 148.185.197.79
    Source: unknownTCP traffic detected without corresponding DNS query: 204.151.221.2
    Source: unknownTCP traffic detected without corresponding DNS query: 68.89.86.109
    Source: unknownTCP traffic detected without corresponding DNS query: 124.113.114.95
    Source: unknownTCP traffic detected without corresponding DNS query: 182.165.254.206
    Source: unknownTCP traffic detected without corresponding DNS query: 9.123.3.209
    Source: unknownTCP traffic detected without corresponding DNS query: 59.218.213.91
    Source: unknownTCP traffic detected without corresponding DNS query: 59.40.31.193
    Source: unknownTCP traffic detected without corresponding DNS query: 19.174.241.247
    Source: unknownTCP traffic detected without corresponding DNS query: 171.123.98.226
    Source: unknownTCP traffic detected without corresponding DNS query: 45.164.187.138
    Source: unknownTCP traffic detected without corresponding DNS query: 223.162.74.132
    Source: unknownTCP traffic detected without corresponding DNS query: 160.248.119.47
    Source: unknownTCP traffic detected without corresponding DNS query: 92.46.132.100
    Source: unknownTCP traffic detected without corresponding DNS query: 168.14.170.119
    Source: unknownTCP traffic detected without corresponding DNS query: 218.209.154.247
    Source: unknownTCP traffic detected without corresponding DNS query: 42.170.4.102
    Source: unknownTCP traffic detected without corresponding DNS query: 117.251.70.28
    Source: unknownTCP traffic detected without corresponding DNS query: 105.27.156.156
    Source: unknownTCP traffic detected without corresponding DNS query: 1.91.249.169
    Source: unknownTCP traffic detected without corresponding DNS query: 14.44.18.160
    Source: unknownTCP traffic detected without corresponding DNS query: 43.43.29.129
    Source: unknownTCP traffic detected without corresponding DNS query: 185.223.62.187
    Source: unknownTCP traffic detected without corresponding DNS query: 103.52.246.200
    Source: unknownTCP traffic detected without corresponding DNS query: 77.93.28.239
    Source: unknownTCP traffic detected without corresponding DNS query: 153.144.25.27
    Source: unknownTCP traffic detected without corresponding DNS query: 122.160.103.38
    Source: unknownTCP traffic detected without corresponding DNS query: 98.238.146.69
    Source: unknownTCP traffic detected without corresponding DNS query: 77.12.30.235
    Source: unknownTCP traffic detected without corresponding DNS query: 94.160.69.13
    Source: unknownTCP traffic detected without corresponding DNS query: 39.36.190.46
    Source: unknownTCP traffic detected without corresponding DNS query: 155.18.189.168
    Source: unknownTCP traffic detected without corresponding DNS query: 45.71.172.218
    Source: unknownTCP traffic detected without corresponding DNS query: 166.231.104.39
    Source: unknownTCP traffic detected without corresponding DNS query: 95.18.120.1
    Source: unknownTCP traffic detected without corresponding DNS query: 156.47.247.34
    Source: unknownTCP traffic detected without corresponding DNS query: 20.106.55.120
    Source: unknownTCP traffic detected without corresponding DNS query: 38.154.65.137
    Source: unknownTCP traffic detected without corresponding DNS query: 23.85.158.14
    Source: unknownTCP traffic detected without corresponding DNS query: 158.75.86.187
    Source: unknownTCP traffic detected without corresponding DNS query: 183.93.233.250
    Source: unknownTCP traffic detected without corresponding DNS query: 221.12.142.108
    Source: unknownTCP traffic detected without corresponding DNS query: 93.68.87.221
    Source: unknownTCP traffic detected without corresponding DNS query: 221.4.234.120
    Source: unknownTCP traffic detected without corresponding DNS query: 93.119.157.72
    Source: syslog.35.drString found in binary or memory: https://www.rsyslog.com
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com

    System Summary

    barindex
    Sample tries to kill multiple processes (SIGKILL)
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 491, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 721, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 761, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 774, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 777, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 785, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 793, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1344, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1601, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1886, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 2048, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6043, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6187, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6188, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6228, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6233, result: unknown
    Source: 1isequal9.arm, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6228.1.0000000095842f29.0000000017b7556a.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6230.1.0000000095842f29.0000000017b7556a.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6227.1.00000000de8a82a9.00000000d707757e.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6230.1.00000000de8a82a9.00000000d707757e.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6233.1.0000000095842f29.0000000017b7556a.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6224.1.00000000de8a82a9.00000000d707757e.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6227.1.0000000095842f29.0000000017b7556a.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6228.1.00000000de8a82a9.00000000d707757e.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6224.1.0000000095842f29.0000000017b7556a.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6233.1.00000000de8a82a9.00000000d707757e.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 491, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 721, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 761, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 774, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 777, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 785, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 793, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1344, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1601, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1886, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 2048, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6043, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6187, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6188, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6228, result: successful
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6233, result: unknown
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: classification engineClassification label: mal60.spre.troj.linARM@0/46@3/0

    Persistence and Installation Behavior

    barindex
    Sample reads /proc/mounts (often used for finding a writable filesystem)
    Source: /usr/bin/dbus-daemon (PID: 6307)File: /proc/6307/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 6469)File: /proc/6469/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 6476)File: /proc/6476/mountsJump to behavior
    Source: /bin/fusermount (PID: 6486)File: /proc/6486/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 6527)File: /proc/6527/mountsJump to behavior
    Source: /usr/share/gdm/generate-config (PID: 6434)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
    Source: /bin/sh (PID: 6413)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 6415)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 6417)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 6419)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 6421)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 6424)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 6426)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 6432)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 6462)Grep executable: /usr/bin/grep -> grep -F .utf8
    Source: /lib/systemd/systemd-journald (PID: 6263)Reads from proc file: /proc/meminfoJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6397/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6397/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6397/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6397/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6397/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6397/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6397/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6430/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6430/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6430/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6430/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6430/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6430/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6430/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6396/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6396/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6396/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6396/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6396/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6396/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/6396/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2078/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2078/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2078/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2078/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2078/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2078/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2078/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2077/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2077/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2077/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2077/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2077/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2077/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2077/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2033/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2033/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2033/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2033/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2033/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2033/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2033/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2074/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2074/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2074/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2074/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2074/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2074/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2074/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2028/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1532/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1532/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1532/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1532/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1532/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1532/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1532/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/1334/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2302/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2302/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2302/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2302/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2302/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2302/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2302/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2025/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2025/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2025/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2025/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2025/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2025/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2025/cgroup
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2223/comm
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2223/cmdline
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2223/status
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2223/attr/current
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2223/sessionid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2223/loginuid
    Source: /lib/systemd/systemd-journald (PID: 6263)File opened: /proc/2223/cgroup
    Source: /usr/bin/whoopsie (PID: 6322)Directory: /nonexistent/.cacheJump to behavior
    Source: /usr/lib/policykit-1/polkitd (PID: 6396)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/gdm3/gdm-wayland-session (PID: 6467)Directory: /var/lib/gdm3/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6446)Directory: /root/.cacheJump to behavior
    Source: /usr/sbin/gdm3 (PID: 6440)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
    Source: /usr/sbin/gdm3 (PID: 6440)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6446)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6446)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6412)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 6414)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 6416)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 6418)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 6420)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 6423)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 6425)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 6431)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/share/language-tools/language-options (PID: 6460)Shell command executed: sh -c "locale -a | grep -F .utf8 "
    Source: /usr/sbin/rsyslogd (PID: 6397)Log file created: /var/log/kern.logJump to dropped file
    Source: /usr/sbin/rsyslogd (PID: 6397)Log file created: /var/log/auth.logJump to dropped file
    Source: /usr/bin/gpu-manager (PID: 6411)Log file created: /var/log/gpu-manager.logJump to dropped file
    Source: /usr/bin/pulseaudio (PID: 6326)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 6434)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6224)Queries kernel information via 'uname':
    Source: /lib/systemd/systemd-journald (PID: 6263)Queries kernel information via 'uname':
    Source: /usr/bin/whoopsie (PID: 6322)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 6326)Queries kernel information via 'uname':
    Source: /usr/sbin/rsyslogd (PID: 6397)Queries kernel information via 'uname':
    Source: /sbin/agetty (PID: 6408)Queries kernel information via 'uname':
    Source: /usr/bin/gpu-manager (PID: 6411)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 6463)Queries kernel information via 'uname':
    Source: /usr/bin/gpu-manager (PID: 6411)Truncated file: /var/log/gpu-manager.log
    Source: 1isequal9.arm, 6224.1.000000001ff2364f.00000000afd67c8b.rw-.sdmp, 1isequal9.arm, 6227.1.000000001ff2364f.00000000afd67c8b.rw-.sdmp, 1isequal9.arm, 6228.1.000000001ff2364f.00000000afd67c8b.rw-.sdmp, 1isequal9.arm, 6230.1.000000001ff2364f.00000000afd67c8b.rw-.sdmp, 1isequal9.arm, 6233.1.000000001ff2364f.00000000afd67c8b.rw-.sdmpBinary or memory string: 0lU!/etc/qemu-binfmt/arm
    Source: 1isequal9.arm, 6233.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmpBinary or memory string: /tmp/qemu-open.hu2k0x
    Source: 1isequal9.arm, 6233.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmpBinary or memory string: -lU/tmp/qemu-open.hu2k0x
    Source: 1isequal9.arm, 6224.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmp, 1isequal9.arm, 6227.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmp, 1isequal9.arm, 6228.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmp, 1isequal9.arm, 6230.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmp, 1isequal9.arm, 6233.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmpBinary or memory string: ;lx86_64/usr/bin/qemu-arm/tmp/1isequal9.armSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/1isequal9.arm
    Source: 1isequal9.arm, 6224.1.000000001ff2364f.00000000afd67c8b.rw-.sdmp, 1isequal9.arm, 6227.1.000000001ff2364f.00000000afd67c8b.rw-.sdmp, 1isequal9.arm, 6228.1.000000001ff2364f.00000000afd67c8b.rw-.sdmp, 1isequal9.arm, 6230.1.000000001ff2364f.00000000afd67c8b.rw-.sdmp, 1isequal9.arm, 6233.1.000000001ff2364f.00000000afd67c8b.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
    Source: 1isequal9.arm, 6224.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmp, 1isequal9.arm, 6227.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmp, 1isequal9.arm, 6228.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmp, 1isequal9.arm, 6230.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmp, 1isequal9.arm, 6233.1.00000000116d2f3d.00000000b00ae9a3.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

    Language, Device and Operating System Detection

    barindex
    Reads system files that contain records of logged in users
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6446)Logged in records file read: /var/log/wtmpJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid Accounts1
    Scripting    		Path InterceptionPath Interception1
    File and Directory Permissions Modification    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
    Service Stop
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Disable or Modify Tools    		LSASS Memory1
    System Owner/User Discovery    		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
    Non-Standard Port    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
    Scripting    		Security Account Manager1
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Non-Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
    Hidden Files and Directories    		NTDS2
    System Information Discovery    		Distributed Component Object ModelInput CaptureScheduled Transfer2
    Application Layer Protocol    		SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
    Indicator Removal on Host    		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 626540 Sample: 1isequal9.arm Startdate: 14/05/2022 Architecture: LINUX Score: 60 78 119.25.246.238 ZAQJupiterTelecommunicationsCoLtdJP Japan 2->78 80 27.71.128.226 VIETEL-AS-APViettelGroupVN Viet Nam 2->80 82 99 other IPs or domains 2->82 88 Yara detected Mirai 2->88 11 systemd gdm3 2->11         started        13 systemd gpu-manager 2->13         started        15 systemd accounts-daemon 2->15         started        18 19 other processes 2->18 signatures3 process4 file5 21 gdm3 gdm-session-worker 11->21         started        33 3 other processes 11->33 23 gpu-manager sh 13->23         started        25 gpu-manager sh 13->25         started        27 gpu-manager sh 13->27         started        35 5 other processes 13->35 92 Reads system files that contain records of logged in users 15->92 29 accounts-daemon language-validate 15->29         started        76 /var/log/wtmp, data 18->76 dropped 94 Sample reads /proc/mounts (often used for finding a writable filesystem) 18->94 31 1isequal9.arm 18->31         started        37 2 other processes 18->37 signatures6 process7 process8 39 gdm-session-worker gdm-wayland-session 21->39         started        41 sh grep 23->41         started        43 sh grep 25->43         started        45 sh grep 27->45         started        47 language-validate language-options 29->47         started        49 1isequal9.arm 31->49         started        54 2 other processes 31->54 52 sh grep 35->52         started        56 4 other processes 35->56 signatures9 58 gdm-wayland-session dbus-run-session 39->58         started        60 gdm-wayland-session dbus-daemon 39->60         started        63 language-options sh 47->63         started        84 Sample tries to kill multiple processes (SIGKILL) 49->84 process10 signatures11 65 dbus-run-session dbus-daemon 58->65         started        90 Sample reads /proc/mounts (often used for finding a writable filesystem) 60->90 68 dbus-daemon 60->68         started        70 sh locale 63->70         started        72 sh grep 63->72         started        process12 signatures13 86 Sample reads /proc/mounts (often used for finding a writable filesystem) 65->86 74 dbus-daemon false 68->74         started        process14

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    		185.125.188.136
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://www.rsyslog.comsyslog.35.drfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        219.76.244.159
        		unknownHong Kong
        		4515ERX-STARHKTLimitedHKfalse
        94.55.185.140
        		unknownTurkey
        		47524TURKSAT-ASTRfalse
        161.239.44.164
        		unknownUnited States
        		396269BPL-ASNUSfalse
        103.89.204.192
        		unknownChina
        		63590HEBBTNHebeiBroadcastingTVNetworkCNfalse
        112.162.107.95
        		unknownKorea Republic of
        		4766KIXS-AS-KRKoreaTelecomKRfalse
        19.88.63.114
        		unknownUnited States
        		3MIT-GATEWAYSUSfalse
        213.199.125.244
        		unknownSweden
        		25176AC-NETSEfalse
        170.50.192.124
        		unknownUnited States
        		11406CIGNA-1USfalse
        4.35.55.127
        		unknownUnited States
        		3356LEVEL3USfalse
        70.33.68.238
        		unknownUnited States
        		36441UGA-ASNUSfalse
        206.198.76.25
        		unknownUnited States
        		26844PACTIVUSfalse
        159.56.87.135
        		unknownUnited States
        		11351TWC-11351-NORTHEASTUSfalse
        222.241.253.153
        		unknownChina
        		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
        117.232.69.31
        		unknownIndia
        		9829BSNL-NIBNationalInternetBackboneINfalse
        201.67.204.201
        		unknownBrazil
        		8167BrasilTelecomSA-FilialDistritoFederalBRfalse
        149.153.99.171
        		unknownIreland
        		1213HEANETIEfalse
        205.184.130.99
        		unknownUnited States
        		1239SPRINTLINKUSfalse
        45.59.178.124
        		unknownReserved
        		30036MEDIACOM-ENTERPRISE-BUSINESSUSfalse
        39.73.204.115
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        149.4.73.29
        		unknownUnited States
        		31822CITY-UNIVERSITY-OF-NEW-YORKUSfalse
        176.87.61.223
        		unknownSpain
        		3352TELEFONICA_DE_ESPANAESfalse
        99.185.48.59
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        14.197.211.211
        		unknownChina
        		18229CTRLS-AS-INCtrlSDatacentersLtdINfalse
        62.248.184.246
        		unknownFinland
        		719ELISA-ASHelsinkiFinlandEUfalse
        105.132.245.150
        		unknownMorocco
        		6713IAM-ASMAfalse
        35.118.98.0
        		unknownUnited States
        		237MERIT-AS-14USfalse
        176.144.150.251
        		unknownFrance
        		5410BOUYGTEL-ISPFRfalse
        202.47.73.91
        		unknownIndonesia
        		17671ASN-JETCOMSJETCOMS-IDAutonomoussystemIDfalse
        104.246.182.216
        		unknownCanada
        		5645TEKSAVVYCAfalse
        222.191.84.208
        		unknownChina
        		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
        111.161.231.74
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        119.254.64.175
        		unknownChina
        		59050CLOUD-ARKBeijingCloud-ArkTechnologyCoLtdCNfalse
        186.243.14.231
        		unknownBrazil
        		7738TelemarNorteLesteSABRfalse
        90.112.213.93
        		unknownFrance
        		3215FranceTelecom-OrangeFRfalse
        77.159.188.35
        		unknownFrance
        		15557LDCOMNETFRfalse
        206.142.39.12
        		unknownUnited States
        		7991CENTURYLINK-LEGACY-SAVVIS-ASIA-TRANSITUSfalse
        99.230.212.150
        		unknownCanada
        		812ROGERS-COMMUNICATIONSCAfalse
        48.144.192.91
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        187.23.126.29
        		unknownBrazil
        		28573CLAROSABRfalse
        48.4.254.53
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        48.155.189.117
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        18.102.67.185
        		unknownUnited States
        		3MIT-GATEWAYSUSfalse
        27.49.160.231
        		unknownIndia
        		23772ORTELNET-ASMsOrtelCommunicationsLtdINfalse
        89.209.53.36
        		unknownUkraine
        		8359MTSRUfalse
        158.86.240.55
        		unknownUnited States
        		20379NET-BAKERUSfalse
        40.47.207.4
        		unknownUnited States
        		4249LILLY-ASUSfalse
        27.71.128.226
        		unknownViet Nam
        		7552VIETEL-AS-APViettelGroupVNfalse
        36.161.228.78
        		unknownChina
        		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
        119.25.246.238
        		unknownJapan9617ZAQJupiterTelecommunicationsCoLtdJPfalse
        2.191.24.140
        		unknownIran (ISLAMIC Republic Of)
        		12880DCI-ASIRfalse
        216.176.66.144
        		unknownUnited States
        		5742CCINETUSfalse
        102.162.71.222
        		unknownMauritius
        		30999EMTEL-AS-APMUfalse
        69.67.185.36
        		unknownCanada
        		302952ICSYSTEMSINCCAfalse
        180.189.169.3
        		unknownTimor-leste
        		38077TIMOR-TELECOM-AS-APTimorTelecomSATLfalse
        76.29.185.146
        		unknownUnited States
        		7922COMCAST-7922USfalse
        13.175.108.225
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        176.110.148.193
        		unknownPoland
        		56515OXYNET-ASPLfalse
        193.184.0.191
        		unknownFinland
        		719ELISA-ASHelsinkiFinlandEUfalse
        187.226.24.14
        		unknownMexico
        		8151UninetSAdeCVMXfalse
        27.171.134.176
        		unknownKorea Republic of
        		9644SKTELECOM-NET-ASSKTelecomKRfalse
        213.120.174.221
        		unknownUnited Kingdom
        		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
        208.90.218.236
        		unknownUnited States
        		36295FLORIDA-HIGH-SPEED-INTERNETUSfalse
        163.133.192.177
        		unknownJapan17816CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovifalse
        213.70.118.123
        		unknownGermany
        		702UUNETUSfalse
        162.158.166.142
        		unknownUnited States
        		13335CLOUDFLARENETUSfalse
        2.78.125.73
        		unknownKazakhstan
        		29355KCELL-ASKZfalse
        1.148.197.113
        		unknownAustralia
        		1221ASN-TELSTRATelstraCorporationLtdAUfalse
        57.146.227.212
        		unknownBelgium
        		2686ATGS-MMD-ASUSfalse
        113.213.98.160
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        75.74.47.224
        		unknownUnited States
        		7922COMCAST-7922USfalse
        111.249.108.11
        		unknownTaiwan; Republic of China (ROC)
        		3462HINETDataCommunicationBusinessGroupTWfalse
        59.212.182.28
        		unknownChina
        		2516KDDIKDDICORPORATIONJPfalse
        112.62.10.49
        		unknownChina
        		56040CMNET-GUANGDONG-APChinaMobilecommunicationscorporationfalse
        150.155.214.251
        		unknownUnited States
        		11351TWC-11351-NORTHEASTUSfalse
        32.255.96.230
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        61.52.209.250
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        100.232.51.122
        		unknownUnited States
        		21928T-MOBILE-AS21928USfalse
        187.116.133.91
        		unknownBrazil
        		26599TELEFONICABRASILSABRfalse
        110.252.87.61
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        39.103.117.239
        		unknownChina
        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
        187.58.205.200
        		unknownBrazil
        		18881TELEFONICABRASILSABRfalse
        157.157.170.165
        		unknownIceland
        		6677ICENET-AS1ISfalse
        42.220.179.60
        		unknownChina
        		4249LILLY-ASUSfalse
        91.17.4.80
        		unknownGermany
        		3320DTAGInternetserviceprovideroperationsDEfalse
        104.170.219.191
        		unknownUnited States
        		36352AS-COLOCROSSINGUSfalse
        217.48.206.92
        		unknownGermany
        		6805TDDE-ASN1DEfalse
        81.228.1.219
        		unknownSweden
        		3301TELIANET-SWEDENTeliaCompanySEfalse
        43.46.77.4
        		unknownJapan4249LILLY-ASUSfalse
        167.11.74.120
        		unknownCanada
        		46520CA-DOJUSfalse
        87.251.251.122
        		unknownPoland
        		8374PLUSNETPlusnetworkoperatorinPolandPLfalse
        159.28.99.193
        		unknownJapan2527SO-NETSo-netEntertainmentCorporationJPfalse
        221.110.200.105
        		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
        8.109.34.196
        		unknownUnited States
        		3356LEVEL3USfalse
        36.88.205.100
        		unknownIndonesia
        		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDfalse
        73.134.223.75
        		unknownUnited States
        		7922COMCAST-7922USfalse
        113.202.153.138
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        147.83.120.176
        		unknownSpain
        		13041CESCA-ACESfalse
        58.12.218.160
        		unknownJapan17506UCOMARTERIANetworksCorporationJPfalse
        161.71.116.100
        		unknownUnited States
        		14340SALESFORCEUSfalse
        118.234.109.176
        		unknownKorea Republic of
        		4766KIXS-AS-KRKoreaTelecomKRfalse

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

        Download File
        Process:/usr/bin/pulseaudio
        File Type:ASCII text
        Category:dropped
        Size (bytes):10
        Entropy (8bit):2.9219280948873623
        Encrypted:false
        SSDEEP:3:5bkPn:pkP
        MD5:FF001A15CE15CF062A3704CEA2991B5F
        SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
        SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
        SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:auto_null.

        /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

        Download File
        Process:/usr/bin/pulseaudio
        File Type:ASCII text
        Category:dropped
        Size (bytes):18
        Entropy (8bit):3.4613201402110088
        Encrypted:false
        SSDEEP:3:5bkrIZsXvn:pkckv
        MD5:28FE6435F34B3367707BB1C5D5F6B430
        SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
        SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
        SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:auto_null.monitor.

        /proc/6474/oom_score_adj

        Download File
        Process:/usr/bin/dbus-daemon
        File Type:very short file (no magic)
        Category:dropped
        Size (bytes):1
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3:V:V
        MD5:CFCD208495D565EF66E7DFF9F98764DA
        SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
        SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
        SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:0

        /run/gdm3.pid

        Download File
        Process:/usr/sbin/gdm3
        File Type:ASCII text
        Category:dropped
        Size (bytes):5
        Entropy (8bit):1.9219280948873623
        Encrypted:false
        SSDEEP:3:Rn:R
        MD5:64C95F27F37ED1B41299EBBBA5ED8612
        SHA1:133E96A6A229F8AC2429D2804A5A87E3AB193D70
        SHA-256:376E40F3F7A4C7FDFA3CD15854615FD6C0531FE02976D5420AEFAECFA45E48E7
        SHA-512:88CCE926957127A635AEB7A53169A36937C9B63AA5973AC0DB071A011D914AB3323F2A83DECB47A7722FA7DDE6F01C1597F339C5906F796E3AD13A86A1CCACC6
        Malicious:false
        Reputation:low
        Preview:6440.

        /run/systemd/journal/streams/.#9:75018lw0CbK

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):223
        Entropy (8bit):5.510132184773515
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5kVRLVBVVlcQIs22+:SbFuFyLVIg1BG+f+MeVRpB/l3R22ji4s
        MD5:AC116FFB97777DB3296149F3C863F7CD
        SHA1:8358836C1129C9FB2240AF3F2E082D5A3213F034
        SHA-256:38C0E318D9486DB70528EC95EECB9B849B6614159ED04A75F0D787C3790A2F0A
        SHA-512:3F11149A9A611204792552780649AAE50F2437953E4542312939E8568BDAD3B1C9F365E5C3FE7751B969437D2BF37A03801F9061BD70E78594B404BCF701AA4B
        Malicious:false
        Reputation:low
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3ed4844e05444e948c37290e059cb865.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

        /run/systemd/journal/streams/.#9:75019o3KZTM

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):223
        Entropy (8bit):5.491662288168378
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5nl/iCEXCBBwh+sjq:SbFuFyLVIg1BG+f+M5l/iS/whTji4s
        MD5:E1EFB98007BF12CD57876F60D8168884
        SHA1:AA5785FA0EDEAB909AFA74C94A1ECA3AFD8016A9
        SHA-256:EAF23F280E1870D94F49A13D4172F1202EA17F77A8257DA90D854FC957FFF3BC
        SHA-512:EE06B268DFA15101C08A2E8C5D6922CFAB8EC37D30B18D0DF60A9F0B4BAA94520B0D942576F492DD4FE8EA14E9DA4EB0CFE40D869FA1F067D6901138397EF477
        Malicious:false
        Reputation:low
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3244ee009671452aa0cb4db74d9ee3e3.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

        /run/systemd/journal/streams/.#9:75245x49NsN

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):208
        Entropy (8bit):5.384267631323254
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmyzI6NEUcDf+BjsmNm:SbFuFyLVIg1BG+f+MyM64b+BjdCLKzK
        MD5:F19B0BD75808A1054D9FF3E523F54776
        SHA1:94A4B2155E303B9E2416FBC5C3C1518E789B159D
        SHA-256:A9D2686C1DE0ACA150565C442C534917704B55921555C2667CCD11E5F951838C
        SHA-512:7DD2CFC41FE7A53B461A4EEE279F8C62529192804848E6B50CB5BFAE4F4E2FC9ED5E8074CEACFB0C75FEEE63D9CB8F17BB4CB6665A3E43A96BCF993F63760DB2
        Malicious:false
        Reputation:low
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=87e6afa211a94494866e3fb64c208768.IDENTIFIER=whoopsie.UNIT=whoopsie.service.

        /run/systemd/journal/streams/.#9:752621A12rK

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):200
        Entropy (8bit):5.441039842260236
        Encrypted:false
        SSDEEP:6:SbFuFyLVK6g7/+BG+f+M3njsr2jFmzXvn:qgFqo6g7/+0+f+M3UEQXvn
        MD5:40364CFFEFBEEB8F8162A8C87D667CE5
        SHA1:766573F1FB959C9793E308A030ACF18AF5DE9978
        SHA-256:0D2D094B47453DD90113015515D62564A5BC4DE288B86156DA0D30CA2F2E7525
        SHA-512:8CC1C9C5F457028C7FEFED77A00891F23F0547DE47B31A9D29DE3ADA59FE99E62E352B54F6D84DB15A1DFAD020BBBE1ACD8F333750D98AD84AB453C95994605C
        Malicious:false
        Reputation:low
        Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=98c857a4e84347adbce7e5cfbb91b74f.IDENTIFIER=org.gnome.Shell.desktop.

        /run/systemd/journal/streams/.#9:75955K4u6BN

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):207
        Entropy (8bit):5.389018749832899
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmpUStcHVLHBXd7uqjx:SbFuFyLVIg1BG+f+MiStcNhXd7TjosQu
        MD5:D2090F9AC8632EEA45DF04E590DB50DE
        SHA1:4D0066D8BC77A51BAA1837C678379119183759A3
        SHA-256:ECF9ED9ACBBA7A0C5342C987F8A819AD278621A3E2C2F69D475B8ACB7BD2C6D3
        SHA-512:ADD3ADCCA11E260983E0DC8DA6442B2AA899702D4C784B87E5347A5A94DEBCF275CA5AE3D17DE772242037B439FBB241571329DA5ACF6BCB8B998677D124F27F
        Malicious:false
        Reputation:low
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=cbe667aa9b0e4c9eb0bde73f7f8e2bf4.IDENTIFIER=dbus-daemon.UNIT=dbus.service.

        /run/systemd/journal/streams/.#9:76157OSqEhM

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):200
        Entropy (8bit):5.4382185476761356
        Encrypted:false
        SSDEEP:6:SbFuFyLVI6g7/+BG+f+MoZPcRd1WYqjFmzXvn:qgFqdg7/+0+f+MoQ94QXvn
        MD5:4B52924A19A7A35C59103F2B79CDA7B9
        SHA1:5602CB2DC4E4A826D9AA596CD38F95B64A939BED
        SHA-256:F6C74FB7D35E20782BF8D20C4EB547519B48722285DC6F9768DF1539606E6CCA
        SHA-512:C51CE7F34ED52E6516E4574E0FF9F4FB3D5B50B5BE1215C577C2A345379EFEBAD622229BB545E72EB666A36F6EAFD2127E0C8367DFABBF37FF346DF2ADF6D600
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=baf442d9b36e49ce958888cd0c34675e.IDENTIFIER=org.gnome.Shell.desktop.

        /run/systemd/journal/streams/.#9:76176G25jGK

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):188
        Entropy (8bit):5.374003258854173
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmsvUEad4XehMXRJcP/:SbFuFyLVIg1BG+f+MsMEW4QMBUZjtWL0
        MD5:447F63C227D0586227D341D7A2B7FFF3
        SHA1:EBBB93B81E2E71CCCDFCEB893BBC950B9678C519
        SHA-256:F48BAD88E4DC3E0912EBA200B655E797548E88A165F748230D50D53BAA4D7A6F
        SHA-512:B09790B107E57E8B0D643C1621C9618257E01F15E8575E82D5AA38F56E6296CB7879F1FD1150178F64E69FF90DCDBCCDA96B40522A00C2AA7482288857D2B3F7
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f21c1a7b868a4283b776e2421b43947d.IDENTIFIER=pulseaudio.

        /run/systemd/journal/streams/.#9:76283a6Cx8L

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):216
        Entropy (8bit):5.435896919151726
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm8nO4mdTbd2Frxsjsx:SbFuFyLVIg1BG+f+M8vmdPoFrqjNE
        MD5:724A5E4A166A0348BAAFA42CA23F86FD
        SHA1:5399AC2DBAA136FC44366F11357F0EDEDD15B006
        SHA-256:AAEACCC9A0495486B0C28DE5FC50CC893D5C48D1E14B2BCF589AB244B141737B
        SHA-512:20CB014548F923B486683CABF25A5CEEFF3AB4E8ADC4F491EC61F140249A204AD1F3366774B55750AF30340F4016B9A77365F9A0080FDA5FCE994DA86D760BC5
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=64c01805512544efa3062f71b48d0fd1.IDENTIFIER=rtkit-daemon.UNIT=rtkit-daemon.service.

        /run/systemd/journal/streams/.#9:76284tVVVfL

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):220
        Entropy (8bit):5.432903390750342
        Encrypted:false
        SSDEEP:6:SbFuFyLVIg1BG+f+M+MOxre5qjZcHcljX+:qgFq6g10+f+M+MOpeimAu
        MD5:7AD5A34FCD7E62C2020BCB249E318A1A
        SHA1:012F9A56102F5785BBE8FDF409D839D2AA426D9E
        SHA-256:7B9025EBD301533C47CD8CB653601324101368D11083FD88BFF64147F862D7DC
        SHA-512:85666D0C61DC383C6E651F0CD8FAFCB23C968A65BCE3FD80D5DC9AAFF63F9CFB76B5862305E1322112432F3297E115A8333907D895B9FD2CC9DAC0D2935D9219
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=73b4a439240c49419a40099d4b7634ba.IDENTIFIER=systemd-logind.UNIT=systemd-logind.service.

        /run/systemd/journal/streams/.#9:76287G4fchO

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):205
        Entropy (8bit):5.418021577448228
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmsAwRBBQRcSVcYjMfW:SbFuFyLVIg1BG+f+MsvHrSVc0mZjbVC
        MD5:A19689FB2A691DEB0225837D6D3C584F
        SHA1:72C541B903A4E4CF8435F2C53CFA3A512AC8FC9F
        SHA-256:EA943944849B36B831E41CD0332E1D76ADB314543F43AD2E19F327A3BD2AA87A
        SHA-512:5BE161E7CFB2719603FADCA627CA1B45CF2F8FA0A6039D1EC1106601DBC475622F3944024CBB312323032FCD1452A7E3E3E130B9E90DEA289237F3F764935062
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=fe43ccf8d5494ec3b09841ec787d5892.IDENTIFIER=polkitd.UNIT=polkit.service.

        /run/systemd/journal/streams/.#9:7644849WLoM

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):208
        Entropy (8bit):5.424293727281392
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm9tXyTH2Uxq7Pa2jsV:SbFuFyLVIg1BG+f+MGWUxkjLkGq
        MD5:CFA042134F4A4D37C94BADB0664E204A
        SHA1:48654D12165B4354D7589AB2EB7C0B90E42B7436
        SHA-256:A954BB759DBBDB53962D8EB7001FA3D68A461895E1D4662E6FC11C3FD1DDA0CB
        SHA-512:34357CFBC2B0978CA76AFB9805ED2F76CEB06C4FE1BC37BD380E1039FA8FA0572357AA3025DB5186876F82832BF147A1B139738E9DB045071A65479BC88ED572
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=737b27d5c5744c1dbaf8b96e8ff0aeed.IDENTIFIER=agetty.UNIT=getty@tty2.service.

        /run/systemd/journal/streams/.#9:76597ueUGtL

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):228
        Entropy (8bit):5.432935119325575
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm531BD+91Rds0fglsS:SbFuFyLVIg1BG+f+M7A7jdCt/rRMtq
        MD5:0F5643E967D6BEC47B43ED8524E2BBF8
        SHA1:0F1FFA99D51D15633B3E501CE6A6E93C4E0A468C
        SHA-256:12845F479E92B0B6B4EFE9844FCD2B0FD2ECCE40B6A69D719BB6B21CC466F8E0
        SHA-512:7C9F87FF1300B2F4A095D6C905A1DE92591A9E36A4E6C868AA6C440C90849315F17C4F16B1800610CE74CC219E83C51098A1DE430726CBE2149981A53F07E453
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3e7c3fdf8be0493394480c2cb40db7e3.IDENTIFIER=whoopsie-upload-all.UNIT=apport-autoreport.service.

        /run/systemd/journal/streams/.#9:76697hPVHgM

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):210
        Entropy (8bit):5.420607762485168
        Encrypted:false
        SSDEEP:6:SbFuFyLVIg1BAf+MgXQOV9cd1E5qjNALyAZD:qgFq6g1af+Mgg69cXjIZD
        MD5:D49CE3953830F8592DDC286C58D3860F
        SHA1:5C9077A92D75FFB43CC88F249636491A11E2AF2D
        SHA-256:958508F78B6D004DB66937488F42A1BE9D2FB79C9868DC984D8DF8891CD88A49
        SHA-512:0D7A80BB88AA4D1D901A439A5EC60AD07694987F90CF406B96E9AF8A17422303233EE529BF3A0D74C2336EA6029A9E18284C8E1571EE666A61E3F3E7D8407EB1
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ca3722e0b9d04049911181f7a70f624a.IDENTIFIER=generate-config.UNIT=gdm.service.

        /run/systemd/journal/streams/.#9:76775rOT3ZM

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):211
        Entropy (8bit):5.4582684419221
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxmofQWdEUmvAgrqjs2BbM:SbFuFyLVIg1BAf+MofDhYAg2jNdQIeXD
        MD5:AC0B6817391B024C169D7FD24A53A218
        SHA1:2EB7922097A3341A9C7D6FCC60202F29C51F3F61
        SHA-256:7F870635D042EF639427BB31B7B8C74C759CA065920947EAC1D6D1FC49AA0954
        SHA-512:AFEBEF7A996A3CB130E315D2B7089AA1A8B17DD6F347D4AD6D8DAEFFAD159CDFA19FB65245820C9C4809A46AAF676BD1ADA9E5F8D2BF62CB0243BAF3607192D1
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b6eafd53c1dc43898715d1062eeecfbd.IDENTIFIER=gdm-wait-for-drm.UNIT=gdm.service.

        /run/systemd/journal/streams/.#9:76790SdgP0M

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):199
        Entropy (8bit):5.421713406293598
        Encrypted:false
        SSDEEP:6:SbFuFyLVIg1BAf+MCRc4/mXTmE4S48jNTZD:qgFq6g1af+MeeXTmEtTZD
        MD5:4808F1D1C7AF40CE45E8AF29C8E86F44
        SHA1:F805957286DD6AD74539DEB822A52519BC053F01
        SHA-256:DABE2A1D59801060B4F2B2A6564B85667EDC5167DDEE84A1EADD553335E83DE7
        SHA-512:5F8169270490814D90CC539E6EA5F415BCB6D66703B902EAFA84B3C3CF4AE0A42F246F6E7E42A9D7448753DF9B71D6CA868ABF83464D08508424BCD93FBDA2F1
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=1cd08d29e89047708826efaa47539bff.IDENTIFIER=gdm3.UNIT=gdm.service.

        /run/systemd/journal/streams/.#9:771928HMvgK

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):195
        Entropy (8bit):5.4532279705654005
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmsiDPJtSAhlsjs2q:SbFuFyLVK6g7/+BG+f+MsijLh2jNq
        MD5:051D16A548111CFD6723413DFBC752A8
        SHA1:E2247580C05778C1398C3322759CC9B3FBB25806
        SHA-256:2BB9AD952C81A20B1363F7BEA302E3C89F0553E8066462E84BFF365978F933D0
        SHA-512:46AD9510F238C2B5A64B734F6034CD346877B986593A27B98DEE467C313341FF23A655DA4369C41E65E72F5962DB7CE3BF1B5A870B94A49F5F4D1C71E67CA37B
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f74bec1b3d1e44689c4698b3a6512efb.IDENTIFIER=gdm-session-worker.

        /run/systemd/journal/streams/.#9:77194PNcvLM

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):195
        Entropy (8bit):5.369819444891092
        Encrypted:false
        SSDEEP:6:SbFuFyLVI6g7/+BG+f+M4DjftpfLHBdE22jNq:qgFqdg7/+0+f+M4HnThenq
        MD5:D6C82F104D28D2AEFA26D7BE40F1EB9B
        SHA1:DA552FFD886DFDFD6E98317C666EDB4BB09EEB04
        SHA-256:94711DE3242706B242729D89F47C2C8A63E1DB4FCC4980ED30703E14F51B7792
        SHA-512:35572C20A35B537F17CB44FE50EC4664A7E27B851398C75C9C551059054A4DCF6A1104E2B65DC794494C0D7F291AC8835B2B228535BE2DF9CF95534F28046BEE
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=2f10d761cba141e09fd11adf891bd8dd.IDENTIFIER=gdm-session-worker.

        /run/systemd/journal/streams/.#9:77230EsEw0K

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):210
        Entropy (8bit):5.4837471091920165
        Encrypted:false
        SSDEEP:6:SbFuFyLVK6g7/+BG+f+MSd/Qv8jFQMzKaBu:qgFqo6g7/+0+f+MsXTmh
        MD5:9C54E99D5105D608BA1B3C2BACB18E5C
        SHA1:C659AD31A82971F5C99E3B19A196774B8F87BD79
        SHA-256:C87F78ED8B0BCF83F3107C8E6D00F998096934BC583B0F7DF7D15AEC24BE8634
        SHA-512:19E77FB92074BE619DA736801F1C45A00D93AE3EC07572F39540B8507F6378576C9FD9953A7ADB6E35167808AAACAFB37A8E7684569AC66CA8DCEBE92DA2F37E
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=cbfc6975473b4ca6a6a76d4916a07b69.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.

        /run/systemd/journal/streams/.#9:77235e6ws8N

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):210
        Entropy (8bit):5.516754398982868
        Encrypted:false
        SSDEEP:6:SbFuFyLVI6g7/+BG+f+M6CWbx0jFQMzKaBu:qgFqdg7/+0+f+MfWbx+Tmh
        MD5:296195A3C30D47F58E9D155431A6D46A
        SHA1:DF2158EF9A32F76C9686624A2011B685DEDD3028
        SHA-256:4520D765010909981147623A468CABB904A741D5A2017A782D37D01CB9BCD302
        SHA-512:88609E1E515F69F28EAE7C8F0419392517AC0B3D335B6851FA49F93E1570853FC0226B1BBBE36AD55463D842FD5697FD2DA5F8FB291B97F4978206C5D95C3855
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a621952e602c438c8b53a83cdfa9036d.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.

        /run/systemd/journal/streams/.#9:77535UdbKIM

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):189
        Entropy (8bit):5.375939692053604
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm6TcWQcDADH2rqjs16:SbFuFyLVIg1BG+f+M6QXcSWrqjoa
        MD5:9D251D38EA943BDA4E81A07234828DC1
        SHA1:097C7321F0097616ADEC407AB0D94D9DE0239659
        SHA-256:2AF0568F2BFA06C09C76CA70CA1CE1D0AC11C535EFD0DA8BBF78BADD4C7C592B
        SHA-512:504C5A7E1ECB50C4E1DF7AA5FE4C7A8F792CDB3F9150390A819D10B02B1B23E94D1ADFF3EABB099A8666955504A02F4A7259D6E927F44988DEF95EDD9B1AD1FF
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=0b8db29b9a6447b59e3b26d7c310a805.IDENTIFIER=dbus-daemon.

        /run/systemd/journal/streams/.#9:77932cdsDmN

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:ASCII text
        Category:dropped
        Size (bytes):222
        Entropy (8bit):5.446902929217836
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmrfBRPIGcAbzX+sjsB:SbFuFyLVIg1BG+f+MLjcAXTjLTTIWTIL
        MD5:36304BE7618CF8914302D1BFEB5ECDEE
        SHA1:4F912D7A6FF8E0E4040CEFA4CC8DB122A06E090C
        SHA-256:DB708E21B7B6E8AF1AF3C0EE1B01BFAF1878B08A5153D8836D74969017D60BB6
        SHA-512:F43E4C3A48FC240677D3D53A7AD3319E7F3B27539650BF36A5CD2C7047676515E4394F06CA70A89A9E7F668E0901E2324BFBD8C19A9060C402E67F3C08E3BA39
        Malicious:false
        Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ae49d6308b7d413d89c9e4787c8f5423.IDENTIFIER=accounts-daemon.UNIT=accounts-daemon.service.

        /run/systemd/seats/.#seat0izgq07

        Download File
        Process:/lib/systemd/systemd-logind
        File Type:ASCII text
        Category:dropped
        Size (bytes):95
        Entropy (8bit):4.921230646592726
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
        MD5:BE58CCABC942125F5E27AF6EB1BA2F88
        SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
        SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
        SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
        Malicious:false
        Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.

        /run/systemd/seats/.#seat0xCLwZ7

        Download File
        Process:/lib/systemd/systemd-logind
        File Type:ASCII text
        Category:dropped
        Size (bytes):116
        Entropy (8bit):4.957035419463244
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
        MD5:66D114877B3B4DB3BDD8A3AD4F5E7421
        SHA1:62E0CB0F51E0E3F97BE251CB917968DFF69ED344
        SHA-256:A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
        SHA-512:5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
        Malicious:false
        Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.

        /run/systemd/users/.#1273tH4oa

        Download File
        Process:/lib/systemd/systemd-logind
        File Type:ASCII text
        Category:dropped
        Size (bytes):282
        Entropy (8bit):5.285662101714777
        Encrypted:false
        SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6H0gi1CONQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBPgixNjthQHtPYq9M
        MD5:2BD425A5ED68287AB9C5CB1D35B60FA7
        SHA1:CB5952D5260686FF01682FC58D35BC1F687AB88C
        SHA-256:E8E24A1B1C8A01CADB5F9BE1143F9BFF1D4187E1F7B84ECB57D64C4D663D9893
        SHA-512:1A769E7832FA7491EE232FB326383050204D04EE9FBB082A59C11CD7EFF6E859884AAE918C77C1CC20790355168BD508BE43075B701AA2FEA26A5DDD61F8DB48
        Malicious:false
        Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12229.REALTIME=1652529119237761.MONOTONIC=472827535.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

        /run/systemd/users/.#127PRvuxa

        Download File
        Process:/lib/systemd/systemd-logind
        File Type:ASCII text
        Category:dropped
        Size (bytes):188
        Entropy (8bit):4.928997328913428
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
        MD5:065A3AD1A34A9903F536410ECA748105
        SHA1:21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
        SHA-256:E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
        SHA-512:DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
        Malicious:false
        Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

        /run/systemd/users/.#127UMUrx8

        Download File
        Process:/lib/systemd/systemd-logind
        File Type:ASCII text
        Category:dropped
        Size (bytes):223
        Entropy (8bit):5.441366887137256
        Encrypted:false
        SSDEEP:6:SbFuFyL3BVgdL87ynAir/0Ixff6xgi1COJt616n:qgFq30dABibBugixJIQ
        MD5:8825D5644EA221CCDAA5B5D2416E808B
        SHA1:C224BE0785EEEDBA55FC5F6D932CB774C7F36B4A
        SHA-256:52155802E39E98A7494605EC0434BC297AEA35D23174971EA4E2DEBBEA91B216
        SHA-512:DF649393558120759B1AA93B8DA3C480460ABBDB853D0DF9738E317FB1404765C785E148B504407C81878BD26E90565C40CF19642E5D09992AF97F7DAC494CF4
        Malicious:false
        Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12291.REALTIME=1652529119237761.MONOTONIC=472827535.LAST_SESSION_TIMESTAMP=472936812.

        /run/systemd/users/.#127Z4PAH9

        Download File
        Process:/lib/systemd/systemd-logind
        File Type:ASCII text
        Category:dropped
        Size (bytes):174
        Entropy (8bit):5.29646517558105
        Encrypted:false
        SSDEEP:3:SbFVVmFyinKMs5BuSgdNR2sKiYiesnAv/XSHxJgiUU7C3+W5qCo206qodvT6n:SbFuFyL3BVgdL87iesnAiRJgi1COJt6Q
        MD5:2C5F4AFF207521BBB66634CDCB5258EA
        SHA1:EAC8889708A18BA696581F4D5D2705BA6B539E3E
        SHA-256:02CE2F950F1099B71C8276D296461C9936E57E05AB7D96725BD23D5AE5C43200
        SHA-512:EF89AA39D37178E9F07C20B2CF06CA619539146F392FC3B644E42352F3432534625482D41CD0194FF1DC2D10A55850AA5AF4F51D88FCF66F51EA46A8E11C748D
        Malicious:false
        Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.REALTIME=1652529119237761.MONOTONIC=472827535.LAST_SESSION_TIMESTAMP=472936812.

        /run/systemd/users/.#127qgny5a

        Download File
        Process:/lib/systemd/systemd-logind
        File Type:ASCII text
        Category:dropped
        Size (bytes):282
        Entropy (8bit):5.285662101714777
        Encrypted:false
        SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6H0gi1CONQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBPgixNjthQHtPYq9M
        MD5:2BD425A5ED68287AB9C5CB1D35B60FA7
        SHA1:CB5952D5260686FF01682FC58D35BC1F687AB88C
        SHA-256:E8E24A1B1C8A01CADB5F9BE1143F9BFF1D4187E1F7B84ECB57D64C4D663D9893
        SHA-512:1A769E7832FA7491EE232FB326383050204D04EE9FBB082A59C11CD7EFF6E859884AAE918C77C1CC20790355168BD508BE43075B701AA2FEA26A5DDD61F8DB48
        Malicious:false
        Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12229.REALTIME=1652529119237761.MONOTONIC=472827535.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

        /run/user/1000/pulse/pid

        Download File
        Process:/usr/bin/pulseaudio
        File Type:ASCII text
        Category:dropped
        Size (bytes):5
        Entropy (8bit):1.9219280948873623
        Encrypted:false
        SSDEEP:3:cj:cj
        MD5:1A9FB42733DF63B30C9B5CB6B5E776F1
        SHA1:8E3156D63027FDF49CD5A4A5728A85D3C6295DE0
        SHA-256:F9DAB62108F0B9821BE9CCD7DFC10858979035DFD5360C0353F02587A89BC03A
        SHA-512:7578477F18E4E7450D9F3679E70D708445C0CC4FAC4CF96D75CC93278C7B00637896A68B192D0DE2D840D65938B63FB471D69EC64BED9686286FF1D73F4FF98E
        Malicious:false
        Preview:6326.

        /run/utmp

        Download File
        Process:/sbin/agetty
        File Type:data
        Category:dropped
        Size (bytes):384
        Entropy (8bit):0.6775035134351417
        Encrypted:false
        SSDEEP:3:861sXlXEWtl/E5yO/l:8V+ylc5y
        MD5:68A3711336B1DD46772EB29B8F1F4418
        SHA1:D8511F61349181EB99F99EAA99A0E8521CEFB486
        SHA-256:BAE7C27560BD17484BDFB1EAAD90722E6965924A14745B1CF266620541F6D660
        SHA-512:F795BE6C2BCA5EA661734A697A99B02B679D5623B194CE301D5EC69A195232CEE41A287398A0795EB48751D90D02175A408C634B504B48797126A808B848F7B7
        Malicious:false
        Preview:........tty2.tty2.......................tty2LOGIN.....................................................................................................................................................................................................................................................................................................b........................................

        /tmp/qemu-open.hu2k0x (deleted)

        Download File
        Process:/tmp/1isequal9.arm
        File Type:ASCII text
        Category:dropped
        Size (bytes):307
        Entropy (8bit):3.541981605587762
        Encrypted:false
        SSDEEP:6:OgDFo7nj/VUX/vYDFo7G/VjY/V3Y/VjmsVot/VOArB/VH:OYayXQdVyl
        MD5:56AD511871BE2EEC42B30ECBF6A04816
        SHA1:4DF6D2187D4BA083B6C5C34E2984F8879F716606
        SHA-256:26791EB3B5BE02B124C992BDA35CC1180FCFE16479C6DC0B9C621200B502C5DB
        SHA-512:9F7FEB4A051C027B31296DD8ED767AD48BF3D0C69A196FF1F8884D27867F9A70E4D3F289C73A6C8090C7BEE44B2050456B55D388BC1185BB858F82F208597234
        Malicious:false
        Preview:8000-1b000 r-xp 00000000 fd:00 531606 /tmp/1isequal9.arm.22000-23000 rw-p 00012000 fd:00 531606 /tmp/1isequal9.arm.23000-24000 rw-p 00000000 00:00 0 .24000-26000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

        /var/crash/_usr_bin_light-locker.1000.uploaded

        Download File
        Process:/usr/bin/whoopsie
        File Type:ASCII text
        Category:dropped
        Size (bytes):5
        Entropy (8bit):1.9219280948873623
        Encrypted:false
        SSDEEP:3:gpv:gB
        MD5:CA35C56C0C379F292F8FAB68B3A19F61
        SHA1:7998C16A75224F0EAA4EA6F96689A3B6A879751C
        SHA-256:21726C10DCF9E11A1BC65FFAB39BB4DF9A068D87D16F1946D8F54D44860395A5
        SHA-512:6B9BA24E319391666D9B90F90A66969D10678E5F67BDDB77A616ADD5B428542990947AFFAA7EC61D7ED2C0EC3232404F4F8E928161A85F02545C22456C1C69BC
        Malicious:false
        Preview:NULL.

        /var/lib/AccountsService/users/gdm.WTWPL1

        Download File
        Process:/usr/lib/accountsservice/accounts-daemon
        File Type:ASCII text
        Category:dropped
        Size (bytes):61
        Entropy (8bit):4.66214589518167
        Encrypted:false
        SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
        MD5:542BA3FB41206AE43928AF1C5E61FEBC
        SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
        SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
        SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
        Malicious:false
        Preview:[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.

        /var/lib/ubuntu-drivers-common/last_gfx_boot

        Download File
        Process:/usr/bin/gpu-manager
        File Type:ASCII text
        Category:dropped
        Size (bytes):25
        Entropy (8bit):2.7550849518197795
        Encrypted:false
        SSDEEP:3:JoT/V9fDVbn:M/V3n
        MD5:078760523943E160756979906B85FB5E
        SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
        SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
        SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
        Malicious:false
        Preview:15ad:0405;0000:00:0f:0;1.

        /var/lib/whoopsie/whoopsie-id.60SZL1

        Download File
        Process:/usr/bin/whoopsie
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):128
        Entropy (8bit):3.9410969045919657
        Encrypted:false
        SSDEEP:3:19y6UTAvBTdDVEQcNgAT0XUQhd3tjCZccCKcsVQWQ7JW:3y6BlVEfQXU8djCZd40
        MD5:D2B5AAF22916F8D6665CF9E835EAD5E7
        SHA1:AAEF3CE527B8F1E3733BCD03EF7A6C0F30881E15
        SHA-256:FEB925D4465BF6D30A42B19112406AD1B59BA90673DC4F91B25005A90FEFEB36
        SHA-512:B55A45FA0DECE5A3B0348BC3F3031A7329590E57BAD5013690AFEAA9825C0DE4B75D27057A56C33800F1626935840DA2262AAF14E795C75F39362B728D95F18A
        Malicious:false
        Preview:9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e

        /var/log/auth.log

        Download File
        Process:/usr/sbin/rsyslogd
        File Type:ASCII text
        Category:dropped
        Size (bytes):1737
        Entropy (8bit):4.8908333435894065
        Encrypted:false
        SSDEEP:24:bqllMZ4dlMZesleol2Ol2fl2HlzbEl9Av3l9A2+VRlPdM0pYrtJr3rCQU:2WvIfVZYrrr3rCn
        MD5:755652D7AB44235EB55CF16DB8C96820
        SHA1:546A8EF492CE6AC3A7579B8C54250376BC4C8CFB
        SHA-256:66A6D273B2FCB1BEBF1AF6B7AD0716B488E699C587FC1B81AF1BC37740D4B4C5
        SHA-512:3910599BC98A2EA505F519B82682938E2F287DC98FDC8AABCA60881078C241AE06FE4E940CAF513B0475BE4C2F8C3F4AB54930173072F8F5D7B5F51D47EAF22F
        Malicious:false
        Preview:May 14 11:51:34 galassia gdm-password]: pam_systemd(gdm-password:session): Failed to release session: No session '2' known.May 14 11:51:36 galassia systemd-logind[6334]: Failed to add user by file name 127, ignoring: Invalid argument.May 14 11:51:36 galassia systemd-logind[6334]: Failed to add user by file name 1000, ignoring: Invalid argument.May 14 11:51:36 galassia systemd-logind[6334]: User enumeration failed: Invalid argument.May 14 11:51:36 galassia systemd-logind[6334]: User of session c2 not known..May 14 11:51:36 galassia systemd-logind[6334]: User of session 2 not known..May 14 11:51:36 galassia systemd-logind[6334]: User of session c1 not known..May 14 11:51:36 galassia systemd-logind[6334]: Session enumeration failed: No such file or directory.May 14 11:51:36 galassia systemd-logind[6334]: Watching system buttons on /dev/input/event0 (Power Button).May 14 11:51:36 galassia systemd-logind[6334]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard).May

        /var/log/gpu-manager.log

        Download File
        Process:/usr/bin/gpu-manager
        File Type:ASCII text
        Category:dropped
        Size (bytes):1371
        Entropy (8bit):4.8296848499188485
        Encrypted:false
        SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
        MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
        SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
        SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
        SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
        Malicious:false
        Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

        /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:data
        Category:dropped
        Size (bytes):240
        Entropy (8bit):1.448047321524811
        Encrypted:false
        SSDEEP:3:F31HlP:F3
        MD5:53972837F0F72E57A6BE907126D69E48
        SHA1:60A5F27C631A29984A5396A93D30408E681BE581
        SHA-256:D4EAF1EAABF7CCDC3E29E92FE194FBB0B5631A25496CFD239A97DE3F5F7D6BE0
        SHA-512:4B8043BCB6E27C42FACD080C5F1FB699ADD9F422EFEB29D53552A3D990ED306806AF14A006259086927A60AB71E2A8A4B4696A1582B2009DBE245AD04812BAD7
        Malicious:false
        Preview:LPKSHHRH...................`.@=..WS.Y.....................................`.@=..WS.Y..........................................................................................................................................................

        /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal

        Download File
        Process:/lib/systemd/systemd-journald
        File Type:data
        Category:dropped
        Size (bytes):240
        Entropy (8bit):1.4428593527838256
        Encrypted:false
        SSDEEP:3:F31Hl930ZR0tllN30ZR0:F3F0ZRGz0ZR
        MD5:9FA2070AE1E0EA3CB69567468FB99982
        SHA1:BC7D4B370B4E9076417DD6ACD210D082D53CFA3D
        SHA-256:19094EFBD79C7DACFFF44EC1E8F09A9BC47EFD5CF771BDBE7210469270711934
        SHA-512:79CFACD95F0F4F1FA6FB716C73D3E4B4DFFBDE5DDB6759B14F8B8172BF54BFEC3EE295CCCF4B99DF6CFFE1AB6B7B5BB55ACEFCCD99308BCA8162BA56246B306B
        Malicious:false
        Preview:LPKSHHRH................1a.>.tJ_....t.v.................................1a.>.tJ_....t.v.........................................................................................................................................................

        /var/log/kern.log

        Download File
        Process:/usr/sbin/rsyslogd
        File Type:ASCII text
        Category:dropped
        Size (bytes):7791
        Entropy (8bit):4.7351531373979325
        Encrypted:false
        SSDEEP:48:j2OlB/8MlkObl8ZHovhkZQoSyLBzeiyZLy9vWkDv0g3yS0U+BQGQZyhOYu+S4ah9:aoHPS2DBknAwpD9AnQSnbuCO+yr5h
        MD5:348262CD857A8287DB8DE95ABA1B12CB
        SHA1:591FF68696867CBADA4F27C7780E518AC97CFCDC
        SHA-256:9E4E9CB64F1A5714988FF25851339F5C5512282E62C76A8371D578B683D4778D
        SHA-512:01591CFFF4F11E71DE7ED8D0A8E6D41FAD4C5633455CB7AFFC80C0F8EAB47A1CA977BEEF2A471CCEC7191615C2EDA202318761D77C3D6C0B0DD88C1287C2446C
        Malicious:false
        Preview:May 14 11:51:33 galassia kernel: [ 444.072656] New task spawned: old: (tgid 6331, tid 6331), new (tgid: 6331, tid: 6395).May 14 11:51:33 galassia kernel: [ 445.400775] New task spawned: old: (tgid 6396, tid 6396), new (tgid: 6396, tid: 6398).May 14 11:51:33 galassia kernel: [ 445.402303] New task spawned: old: (tgid 6396, tid 6396), new (tgid: 6396, tid: 6399).May 14 11:51:33 galassia kernel: [ 445.439829] New task spawned: old: (tgid 6396, tid 6399), new (tgid: 6396, tid: 6400).May 14 11:51:33 galassia kernel: [ 445.643362] New task spawned: old: (tgid 6322, tid 6322), new (tgid: 6322, tid: 6401).May 14 11:51:33 galassia kernel: [ 446.004939] Reached call limit: pid 6263, name read.May 14 11:51:33 galassia kernel: [ 446.239137] blocking signal 0: 6263 -> 1809.May 14 11:51:33 galassia kernel: [ 447.224669] blocking signal 0: 6263 -> 1860.May 14 11:51:33 galassia kernel: [ 447.230003] New task spawned: old: (tgid 6397, tid 6397), new (tgid: 6397, tid: 6405).May 14 11:51:33 gala

        /var/log/syslog

        Download File
        Process:/usr/sbin/rsyslogd
        File Type:ASCII text, with very long lines
        Category:dropped
        Size (bytes):36423
        Entropy (8bit):5.002801159527799
        Encrypted:false
        SSDEEP:768:JpUhNDqFndR/L/czGoMXFZj+IUuTymQafr9GUQO6Z9DbnjBbquMMKGYBHLVfd5Li:BVnrxY
        MD5:1EFC104AEB6D8CD6C589FD49FBE96B5A
        SHA1:A09AD08D59A075EF56178928B156BD039D0C7C7D
        SHA-256:A655F2A5D807AB303409C350D2E9B6B48CFDB0403175DA78DD7CA1ED6B2F9332
        SHA-512:869B321FD6FD019802E20D463FF2B03D58190987950A5F9D538CC9AC2D3F50D9A683BB92B4D7BE8167096C7C22F3D98A0B72A06DACC3CF7E4545320A490D1EFF
        Malicious:false
        Preview:May 14 11:51:31 galassia rtkit-daemon[6331]: Successfully called chroot..May 14 11:51:33 galassia kernel: [ 444.072656] New task spawned: old: (tgid 6331, tid 6331), new (tgid: 6331, tid: 6395).May 14 11:51:33 galassia kernel: [ 445.400775] New task spawned: old: (tgid 6396, tid 6396), new (tgid: 6396, tid: 6398).May 14 11:51:33 galassia kernel: [ 445.402303] New task spawned: old: (tgid 6396, tid 6396), new (tgid: 6396, tid: 6399).May 14 11:51:33 galassia kernel: [ 445.439829] New task spawned: old: (tgid 6396, tid 6399), new (tgid: 6396, tid: 6400).May 14 11:51:33 galassia kernel: [ 445.643362] New task spawned: old: (tgid 6322, tid 6322), new (tgid: 6322, tid: 6401).May 14 11:51:33 galassia kernel: [ 446.004939] Reached call limit: pid 6263, name read.May 14 11:51:33 galassia kernel: [ 446.239137] blocking signal 0: 6263 -> 1809.May 14 11:51:33 galassia kernel: [ 447.224669] blocking signal 0: 6263 -> 1860.May 14 11:51:33 galassia kernel: [ 447.230003] New task spawned: old

        /var/log/wtmp

        Download File
        Process:/sbin/agetty
        File Type:data
        Category:dropped
        Size (bytes):384
        Entropy (8bit):0.6775035134351417
        Encrypted:false
        SSDEEP:3:861sXlXEWtl/E5yO/l:8V+ylc5y
        MD5:68A3711336B1DD46772EB29B8F1F4418
        SHA1:D8511F61349181EB99F99EAA99A0E8521CEFB486
        SHA-256:BAE7C27560BD17484BDFB1EAAD90722E6965924A14745B1CF266620541F6D660
        SHA-512:F795BE6C2BCA5EA661734A697A99B02B679D5623B194CE301D5EC69A195232CEE41A287398A0795EB48751D90D02175A408C634B504B48797126A808B848F7B7
        Malicious:true
        Preview:........tty2.tty2.......................tty2LOGIN.....................................................................................................................................................................................................................................................................................................b........................................

        Static File Info

        General

        File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
        Entropy (8bit):6.115146070521125
        TrID:
        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
        File name:1isequal9.arm
        File size:76348
        MD5:fc0a76d00e5267eae22dc71a6926b525
        SHA1:b79f48ec66a6748c35af8972bc601dd46be47c6f
        SHA256:1a26e16bc62ca7e71b3b2cfa9679b3e121d85c61d2c4be597d7441789d7bd7d1
        SHA512:8031f4b2e3bdaf0151ee9bbaada5aa73065dc96bc0234718505a731bca42240999d044605ad71a63f872dc0a1a7940ab29967320fa188f9f4cea0b9fca6318f2
        SSDEEP:1536:czwFNSneF6IMMfDGsADV3bt6EB7XfU2//uBgzy:ckFgeF6I833AEBLM2+Bgzy
        TLSH:E4730686BC80AA15D7C04777FE6F108E3314A7D9E1EA72029C295FA07B8EC2B0D67755
        File Content Preview:.ELF...a..........(.........4....(......4. ...(.....................<&..<&..............@&..@&..@&..,...............Q.td..................................-...L."....D..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

        Static ELF Info

        ELF header

        Class:ELF32
        Data:2's complement, little endian
        Version:1 (current)
        Machine:ARM
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:ARM - ABI
        ABI Version:0
        Entry Point Address:0x8190
        Flags:0x202
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:3
        Section Header Offset:75948
        Section Header Size:40
        Number of Section Headers:10
        Header String Table Index:9

        Sections

        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
        NULL0x00x00x00x00x0000
        .initPROGBITS0x80940x940x180x00x6AX004
        .textPROGBITS0x80b00xb00x113000x00x6AX0016
        .finiPROGBITS0x193b00x113b00x140x00x6AX004
        .rodataPROGBITS0x193c40x113c40x12780x00x2A004
        .ctorsPROGBITS0x226400x126400x80x00x3WA004
        .dtorsPROGBITS0x226480x126480x80x00x3WA004
        .dataPROGBITS0x226540x126540x2180x00x3WA004
        .bssNOBITS0x2286c0x1286c0x5580x00x3WA004
        .shstrtabSTRTAB0x00x1286c0x3e0x00x0001

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x80000x80000x1263c0x1263c3.36860x5R E0x8000.init .text .fini .rodata
        LOAD0x126400x226400x226400x22c0x7841.72470x6RW 0x8000.ctors .dtors .data .bss
        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        May 14, 2022 11:51:02.183361053 CEST3790063645192.168.2.23185.174.136.96
        May 14, 2022 11:51:02.212296963 CEST55012323192.168.2.23213.28.149.227
        May 14, 2022 11:51:02.212328911 CEST550123192.168.2.23135.198.11.227
        May 14, 2022 11:51:02.212390900 CEST550123192.168.2.2320.229.214.224
        May 14, 2022 11:51:02.212390900 CEST550123192.168.2.2312.186.100.213
        May 14, 2022 11:51:02.212428093 CEST550123192.168.2.23149.177.210.225
        May 14, 2022 11:51:02.212428093 CEST550123192.168.2.23148.185.197.79
        May 14, 2022 11:51:02.212434053 CEST550123192.168.2.23204.151.221.2
        May 14, 2022 11:51:02.212440968 CEST550123192.168.2.2368.89.86.109
        May 14, 2022 11:51:02.212441921 CEST550123192.168.2.23124.113.114.95
        May 14, 2022 11:51:02.212447882 CEST550123192.168.2.23182.165.254.206
        May 14, 2022 11:51:02.212457895 CEST55012323192.168.2.239.123.3.209
        May 14, 2022 11:51:02.212522030 CEST550123192.168.2.2359.218.213.91
        May 14, 2022 11:51:02.212522030 CEST550123192.168.2.2359.40.31.193
        May 14, 2022 11:51:02.212528944 CEST550123192.168.2.2319.174.241.247
        May 14, 2022 11:51:02.212538958 CEST550123192.168.2.23171.123.98.226
        May 14, 2022 11:51:02.212541103 CEST550123192.168.2.2345.164.187.138
        May 14, 2022 11:51:02.212543964 CEST550123192.168.2.23223.162.74.132
        May 14, 2022 11:51:02.212544918 CEST550123192.168.2.23160.248.119.47
        May 14, 2022 11:51:02.212544918 CEST550123192.168.2.2392.46.132.100
        May 14, 2022 11:51:02.212560892 CEST55012323192.168.2.23168.14.170.119
        May 14, 2022 11:51:02.212559938 CEST550123192.168.2.23218.209.154.247
        May 14, 2022 11:51:02.212568045 CEST550123192.168.2.2342.170.4.102
        May 14, 2022 11:51:02.212583065 CEST550123192.168.2.23117.251.70.28
        May 14, 2022 11:51:02.212584019 CEST550123192.168.2.23105.27.156.156
        May 14, 2022 11:51:02.212585926 CEST550123192.168.2.231.91.249.169
        May 14, 2022 11:51:02.212587118 CEST550123192.168.2.2314.44.18.160
        May 14, 2022 11:51:02.212599039 CEST550123192.168.2.2343.43.29.129
        May 14, 2022 11:51:02.212601900 CEST550123192.168.2.23185.223.62.187
        May 14, 2022 11:51:02.212610960 CEST550123192.168.2.23103.52.246.200
        May 14, 2022 11:51:02.212624073 CEST550123192.168.2.2377.93.28.239
        May 14, 2022 11:51:02.212630033 CEST55012323192.168.2.23153.144.25.27
        May 14, 2022 11:51:02.212640047 CEST550123192.168.2.23122.160.103.38
        May 14, 2022 11:51:02.212661982 CEST550123192.168.2.2398.238.146.69
        May 14, 2022 11:51:02.212676048 CEST550123192.168.2.2377.12.30.235
        May 14, 2022 11:51:02.212686062 CEST550123192.168.2.2394.160.69.13
        May 14, 2022 11:51:02.212694883 CEST550123192.168.2.2339.36.190.46
        May 14, 2022 11:51:02.212722063 CEST550123192.168.2.23155.18.189.168
        May 14, 2022 11:51:02.212737083 CEST550123192.168.2.2345.71.172.218
        May 14, 2022 11:51:02.212743044 CEST550123192.168.2.23166.231.104.39
        May 14, 2022 11:51:02.212747097 CEST55012323192.168.2.2395.18.120.1
        May 14, 2022 11:51:02.212774992 CEST550123192.168.2.23156.47.247.34
        May 14, 2022 11:51:02.212805986 CEST550123192.168.2.2320.106.55.120
        May 14, 2022 11:51:02.212811947 CEST550123192.168.2.2338.154.65.137
        May 14, 2022 11:51:02.212836027 CEST550123192.168.2.2323.85.158.14
        May 14, 2022 11:51:02.212837934 CEST550123192.168.2.23158.75.86.187
        May 14, 2022 11:51:02.212850094 CEST550123192.168.2.23110.109.105.247
        May 14, 2022 11:51:02.212852955 CEST550123192.168.2.23183.93.233.250
        May 14, 2022 11:51:02.212855101 CEST550123192.168.2.23221.12.142.108
        May 14, 2022 11:51:02.212865114 CEST550123192.168.2.2393.68.87.221
        May 14, 2022 11:51:02.212867022 CEST550123192.168.2.23221.4.234.120
        May 14, 2022 11:51:02.212874889 CEST550123192.168.2.2393.119.157.72
        May 14, 2022 11:51:02.212883949 CEST55012323192.168.2.2394.245.250.158
        May 14, 2022 11:51:02.212899923 CEST550123192.168.2.2394.137.121.171
        May 14, 2022 11:51:02.212905884 CEST550123192.168.2.239.114.46.64
        May 14, 2022 11:51:02.212919950 CEST550123192.168.2.23182.117.226.198
        May 14, 2022 11:51:02.212933064 CEST550123192.168.2.23166.246.51.149
        May 14, 2022 11:51:02.212935925 CEST550123192.168.2.23126.134.82.80
        May 14, 2022 11:51:02.212953091 CEST550123192.168.2.23160.128.167.193
        May 14, 2022 11:51:02.212968111 CEST550123192.168.2.23173.215.176.242
        May 14, 2022 11:51:02.212974072 CEST550123192.168.2.2394.51.242.79
        May 14, 2022 11:51:02.212975979 CEST55012323192.168.2.23200.219.14.184
        May 14, 2022 11:51:02.212990999 CEST550123192.168.2.23188.74.89.35
        May 14, 2022 11:51:02.213005066 CEST550123192.168.2.23188.186.167.31
        May 14, 2022 11:51:02.213011026 CEST550123192.168.2.2399.113.80.61
        May 14, 2022 11:51:02.213026047 CEST550123192.168.2.23152.44.144.92
        May 14, 2022 11:51:02.213049889 CEST550123192.168.2.23103.43.182.230
        May 14, 2022 11:51:02.213062048 CEST550123192.168.2.2366.145.73.156
        May 14, 2022 11:51:02.213076115 CEST550123192.168.2.2318.53.29.97
        May 14, 2022 11:51:02.213076115 CEST550123192.168.2.23150.76.42.188
        May 14, 2022 11:51:02.213095903 CEST550123192.168.2.2374.213.101.255
        May 14, 2022 11:51:02.213104963 CEST550123192.168.2.23153.193.172.140
        May 14, 2022 11:51:02.213104963 CEST55012323192.168.2.23173.131.230.201
        May 14, 2022 11:51:02.213112116 CEST550123192.168.2.2398.113.83.103
        May 14, 2022 11:51:02.213125944 CEST550123192.168.2.2345.228.143.7
        May 14, 2022 11:51:02.213152885 CEST550123192.168.2.23124.159.92.202
        May 14, 2022 11:51:02.213172913 CEST550123192.168.2.2380.152.8.117
        May 14, 2022 11:51:02.213191032 CEST550123192.168.2.23178.131.11.172
        May 14, 2022 11:51:02.213208914 CEST550123192.168.2.2368.161.12.101
        May 14, 2022 11:51:02.213221073 CEST550123192.168.2.2378.40.167.5
        May 14, 2022 11:51:02.213222980 CEST550123192.168.2.238.173.82.22
        May 14, 2022 11:51:02.213238001 CEST55012323192.168.2.2339.12.109.30
        May 14, 2022 11:51:02.213244915 CEST550123192.168.2.23211.100.187.239
        May 14, 2022 11:51:02.213255882 CEST550123192.168.2.2383.71.53.55
        May 14, 2022 11:51:02.213277102 CEST550123192.168.2.2312.172.169.127
        May 14, 2022 11:51:02.213287115 CEST550123192.168.2.23159.228.105.57
        May 14, 2022 11:51:02.213315964 CEST550123192.168.2.23133.116.81.226
        May 14, 2022 11:51:02.213324070 CEST550123192.168.2.23200.124.181.8
        May 14, 2022 11:51:02.213327885 CEST550123192.168.2.23122.149.232.233
        May 14, 2022 11:51:02.213347912 CEST550123192.168.2.2387.116.58.164
        May 14, 2022 11:51:02.213354111 CEST550123192.168.2.23187.179.157.121
        May 14, 2022 11:51:02.213366032 CEST55012323192.168.2.2397.107.14.245
        May 14, 2022 11:51:02.213388920 CEST550123192.168.2.23124.35.214.230
        May 14, 2022 11:51:02.213402987 CEST550123192.168.2.23121.212.62.209
        May 14, 2022 11:51:02.213406086 CEST550123192.168.2.2361.27.72.114
        May 14, 2022 11:51:02.213429928 CEST550123192.168.2.23157.211.208.245
        May 14, 2022 11:51:02.213442087 CEST550123192.168.2.23192.114.59.85
        May 14, 2022 11:51:02.213444948 CEST550123192.168.2.2335.124.199.6
        May 14, 2022 11:51:02.213452101 CEST550123192.168.2.2396.133.147.124
        May 14, 2022 11:51:02.213464975 CEST550123192.168.2.23122.243.72.243

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
        May 14, 2022 11:51:32.810097933 CEST192.168.2.231.1.1.10xf219Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)
        May 14, 2022 11:51:32.810152054 CEST192.168.2.231.1.1.10xddd3Standard query (0)daisy.ubuntu.com28IN (0x0001)
        May 14, 2022 11:51:33.218988895 CEST192.168.2.231.1.1.10xabbdStandard query (0)daisy.ubuntu.com28IN (0x0001)

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
        May 14, 2022 11:51:32.826551914 CEST1.1.1.1192.168.2.230xf219No error (0)daisy.ubuntu.com185.125.188.136A (IP address)IN (0x0001)
        May 14, 2022 11:51:32.826551914 CEST1.1.1.1192.168.2.230xf219No error (0)daisy.ubuntu.com185.125.188.137A (IP address)IN (0x0001)

        System Behavior

        General

        Start time:11:51:01
        Start date:14/05/2022
        Path:/tmp/1isequal9.arm
        Arguments:/tmp/1isequal9.arm
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

        General

        Start time:11:51:01
        Start date:14/05/2022
        Path:/tmp/1isequal9.arm
        Arguments:n/a
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

        General

        Start time:11:51:01
        Start date:14/05/2022
        Path:/tmp/1isequal9.arm
        Arguments:n/a
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

        General

        Start time:11:51:01
        Start date:14/05/2022
        Path:/tmp/1isequal9.arm
        Arguments:n/a
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

        General

        Start time:11:51:01
        Start date:14/05/2022
        Path:/tmp/1isequal9.arm
        Arguments:n/a
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

        General

        Start time:11:51:01
        Start date:14/05/2022
        Path:/tmp/1isequal9.arm
        Arguments:n/a
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

        General

        Start time:11:51:08
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:08
        Start date:14/05/2022
        Path:/usr/bin/journalctl
        Arguments:/usr/bin/journalctl --smart-relinquish-var
        File size:80120 bytes
        MD5 hash:bf3a987344f3bacafc44efd882abda8b

        General

        Start time:11:51:08
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:08
        Start date:14/05/2022
        Path:/lib/systemd/systemd-journald
        Arguments:/lib/systemd/systemd-journald
        File size:162032 bytes
        MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

        General

        Start time:11:51:12
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:12
        Start date:14/05/2022
        Path:/usr/bin/journalctl
        Arguments:/usr/bin/journalctl --flush
        File size:80120 bytes
        MD5 hash:bf3a987344f3bacafc44efd882abda8b

        General

        Start time:11:51:27
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:27
        Start date:14/05/2022
        Path:/usr/bin/dbus-daemon
        Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
        File size:249032 bytes
        MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

        General

        Start time:11:51:27
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:27
        Start date:14/05/2022
        Path:/usr/bin/whoopsie
        Arguments:/usr/bin/whoopsie -f
        File size:68592 bytes
        MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

        General

        Start time:11:51:27
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:27
        Start date:14/05/2022
        Path:/usr/bin/pulseaudio
        Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
        File size:100832 bytes
        MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

        General

        Start time:11:51:30
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:30
        Start date:14/05/2022
        Path:/usr/libexec/rtkit-daemon
        Arguments:/usr/libexec/rtkit-daemon
        File size:68096 bytes
        MD5 hash:df0cacf1db4ec95ac70f5b6e06b8ffd7

        General

        Start time:11:51:30
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:30
        Start date:14/05/2022
        Path:/lib/systemd/systemd-logind
        Arguments:/lib/systemd/systemd-logind
        File size:268576 bytes
        MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

        General

        Start time:11:51:30
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:30
        Start date:14/05/2022
        Path:/usr/lib/policykit-1/polkitd
        Arguments:/usr/lib/policykit-1/polkitd --no-debug
        File size:121504 bytes
        MD5 hash:8efc9b4b5b524210ad2ea1954a9d0e69

        General

        Start time:11:51:31
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:31
        Start date:14/05/2022
        Path:/usr/sbin/rsyslogd
        Arguments:/usr/sbin/rsyslogd -n -iNONE
        File size:727248 bytes
        MD5 hash:0b8087fc907c42eb3c81a691db258e33

        General

        Start time:11:51:32
        Start date:14/05/2022
        Path:/usr/sbin/gdm3
        Arguments:n/a
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        General

        Start time:11:51:32
        Start date:14/05/2022
        Path:/etc/gdm3/PrimeOff/Default
        Arguments:/etc/gdm3/PrimeOff/Default
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:32
        Start date:14/05/2022
        Path:/usr/sbin/gdm3
        Arguments:n/a
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        General

        Start time:11:51:32
        Start date:14/05/2022
        Path:/etc/gdm3/PrimeOff/Default
        Arguments:/etc/gdm3/PrimeOff/Default
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:32
        Start date:14/05/2022
        Path:/usr/sbin/gdm3
        Arguments:n/a
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        General

        Start time:11:51:32
        Start date:14/05/2022
        Path:/etc/gdm3/PrimeOff/Default
        Arguments:/etc/gdm3/PrimeOff/Default
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:33
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:33
        Start date:14/05/2022
        Path:/sbin/agetty
        Arguments:/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
        File size:69000 bytes
        MD5 hash:3a374724ba7e863768139bdd60ca36f7

        General

        Start time:11:51:35
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:35
        Start date:14/05/2022
        Path:/usr/bin/gpu-manager
        Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
        File size:76616 bytes
        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/usr/bin/gpu-manager
        Arguments:n/a
        File size:76616 bytes
        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/usr/bin/grep
        Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
        File size:199136 bytes
        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/usr/bin/gpu-manager
        Arguments:n/a
        File size:76616 bytes
        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/usr/bin/grep
        Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
        File size:199136 bytes
        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/usr/bin/gpu-manager
        Arguments:n/a
        File size:76616 bytes
        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:36
        Start date:14/05/2022
        Path:/usr/bin/grep
        Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
        File size:199136 bytes
        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

        General

        Start time:11:51:37
        Start date:14/05/2022
        Path:/usr/bin/gpu-manager
        Arguments:n/a
        File size:76616 bytes
        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

        General

        Start time:11:51:37
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/usr/bin/grep
        Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
        File size:199136 bytes
        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/usr/bin/gpu-manager
        Arguments:n/a
        File size:76616 bytes
        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/usr/bin/grep
        Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
        File size:199136 bytes
        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/usr/bin/gpu-manager
        Arguments:n/a
        File size:76616 bytes
        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/usr/bin/grep
        Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
        File size:199136 bytes
        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/usr/bin/gpu-manager
        Arguments:n/a
        File size:76616 bytes
        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:38
        Start date:14/05/2022
        Path:/usr/bin/grep
        Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
        File size:199136 bytes
        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

        General

        Start time:11:51:39
        Start date:14/05/2022
        Path:/usr/bin/gpu-manager
        Arguments:n/a
        File size:76616 bytes
        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

        General

        Start time:11:51:39
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:39
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:39
        Start date:14/05/2022
        Path:/usr/bin/grep
        Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
        File size:199136 bytes
        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

        General

        Start time:11:51:40
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:40
        Start date:14/05/2022
        Path:/usr/share/gdm/generate-config
        Arguments:/usr/share/gdm/generate-config
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:40
        Start date:14/05/2022
        Path:/usr/share/gdm/generate-config
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:40
        Start date:14/05/2022
        Path:/usr/bin/pkill
        Arguments:pkill --signal HUP --uid gdm dconf-service
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time:11:51:44
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:44
        Start date:14/05/2022
        Path:/usr/lib/gdm3/gdm-wait-for-drm
        Arguments:/usr/lib/gdm3/gdm-wait-for-drm
        File size:14640 bytes
        MD5 hash:82043ba752c6930b4e6aaea2f7747545

        General

        Start time:11:51:54
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:54
        Start date:14/05/2022
        Path:/usr/sbin/gdm3
        Arguments:/usr/sbin/gdm3
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        General

        Start time:11:51:54
        Start date:14/05/2022
        Path:/usr/sbin/gdm3
        Arguments:n/a
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        General

        Start time:11:51:54
        Start date:14/05/2022
        Path:/usr/bin/plymouth
        Arguments:plymouth --ping
        File size:51352 bytes
        MD5 hash:87003efd8dad470042f5e75360a8f49f

        General

        Start time:11:51:57
        Start date:14/05/2022
        Path:/usr/sbin/gdm3
        Arguments:n/a
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        General

        Start time:11:51:57
        Start date:14/05/2022
        Path:/usr/lib/gdm3/gdm-session-worker
        Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
        File size:293360 bytes
        MD5 hash:692243754bd9f38fe9bd7e230b5c060a

        General

        Start time:11:51:59
        Start date:14/05/2022
        Path:/usr/lib/gdm3/gdm-session-worker
        Arguments:n/a
        File size:293360 bytes
        MD5 hash:692243754bd9f38fe9bd7e230b5c060a

        General

        Start time:11:51:59
        Start date:14/05/2022
        Path:/usr/lib/gdm3/gdm-wayland-session
        Arguments:/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        File size:76368 bytes
        MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

        General

        Start time:11:51:59
        Start date:14/05/2022
        Path:/usr/lib/gdm3/gdm-wayland-session
        Arguments:n/a
        File size:76368 bytes
        MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

        General

        Start time:11:51:59
        Start date:14/05/2022
        Path:/usr/bin/dbus-daemon
        Arguments:dbus-daemon --print-address 3 --session
        File size:249032 bytes
        MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

        General

        Start time:11:52:00
        Start date:14/05/2022
        Path:/usr/bin/dbus-daemon
        Arguments:n/a
        File size:249032 bytes
        MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

        General

        Start time:11:52:00
        Start date:14/05/2022
        Path:/usr/bin/dbus-daemon
        Arguments:n/a
        File size:249032 bytes
        MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

        General

        Start time:11:52:00
        Start date:14/05/2022
        Path:/bin/false
        Arguments:/bin/false
        File size:39256 bytes
        MD5 hash:3177546c74e4f0062909eae43d948bfc

        General

        Start time:11:52:01
        Start date:14/05/2022
        Path:/usr/lib/gdm3/gdm-wayland-session
        Arguments:n/a
        File size:76368 bytes
        MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

        General

        Start time:11:52:01
        Start date:14/05/2022
        Path:/usr/bin/dbus-run-session
        Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        File size:14480 bytes
        MD5 hash:245f3ef6a268850b33b0225a8753b7f4

        General

        Start time:11:52:01
        Start date:14/05/2022
        Path:/usr/bin/dbus-run-session
        Arguments:n/a
        File size:14480 bytes
        MD5 hash:245f3ef6a268850b33b0225a8753b7f4

        General

        Start time:11:52:01
        Start date:14/05/2022
        Path:/usr/bin/dbus-daemon
        Arguments:dbus-daemon --nofork --print-address 4 --session
        File size:249032 bytes
        MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

        General

        Start time:11:52:01
        Start date:14/05/2022
        Path:/usr/sbin/gdm3
        Arguments:n/a
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        General

        Start time:11:52:01
        Start date:14/05/2022
        Path:/etc/gdm3/PrimeOff/Default
        Arguments:/etc/gdm3/PrimeOff/Default
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:52:01
        Start date:14/05/2022
        Path:/usr/sbin/gdm3
        Arguments:n/a
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        General

        Start time:11:52:01
        Start date:14/05/2022
        Path:/etc/gdm3/PrimeOff/Default
        Arguments:/etc/gdm3/PrimeOff/Default
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:54
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:51:54
        Start date:14/05/2022
        Path:/usr/lib/accountsservice/accounts-daemon
        Arguments:/usr/lib/accountsservice/accounts-daemon
        File size:203192 bytes
        MD5 hash:01a899e3fb5e7e434bea1290255a1f30

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/usr/lib/accountsservice/accounts-daemon
        Arguments:n/a
        File size:203192 bytes
        MD5 hash:01a899e3fb5e7e434bea1290255a1f30

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/usr/share/language-tools/language-validate
        Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/usr/share/language-tools/language-validate
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/usr/share/language-tools/language-options
        Arguments:/usr/share/language-tools/language-options
        File size:3478464 bytes
        MD5 hash:16a21f464119ea7fad1d3660de963637

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/usr/share/language-tools/language-options
        Arguments:n/a
        File size:3478464 bytes
        MD5 hash:16a21f464119ea7fad1d3660de963637

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:sh -c "locale -a | grep -F .utf8 "
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/usr/bin/locale
        Arguments:locale -a
        File size:58944 bytes
        MD5 hash:c72a78792469db86d91369c9057f20d2

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/bin/sh
        Arguments:n/a
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time:11:51:55
        Start date:14/05/2022
        Path:/usr/bin/grep
        Arguments:grep -F .utf8
        File size:199136 bytes
        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

        General

        Start time:11:52:11
        Start date:14/05/2022
        Path:/usr/libexec/gvfsd-fuse
        Arguments:n/a
        File size:47632 bytes
        MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

        General

        Start time:11:52:11
        Start date:14/05/2022
        Path:/bin/fusermount
        Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
        File size:39144 bytes
        MD5 hash:576a1b135c82bdcbc97a91acea900566

        General

        Start time:11:53:42
        Start date:14/05/2022
        Path:/usr/lib/systemd/systemd
        Arguments:n/a
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        General

        Start time:11:53:42
        Start date:14/05/2022
        Path:/usr/bin/dbus-daemon
        Arguments:/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
        File size:249032 bytes
        MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c