Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
1isequal9.arm7

Overview

General Information

Sample Name:1isequal9.arm7
Analysis ID:626544
MD5:c798ceff4aaaf18c02b544d6ef56def9
SHA1:b8ef596aad37bb69bcdb0191d5a50ed6aedfa3f1
SHA256:63275088f5f653385fce127219b64d70e2c6b6c5511568d27997b2496d7c573e
Infos:

Detection

Mirai
Score:64
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Reads system files that contain records of logged in users
Contains symbols with names commonly found in malware
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample contains symbols with suspicious names
Deletes log files
Creates hidden files and/or directories
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626544
Start date and time: 14/05/202211:58:312022-05-14 11:58:31 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 21s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:1isequal9.arm7
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal64.spre.troj.linARM7@0/45@0/0
  • Connection to analysis system has been lost, crash info: Unknown
  • VT rate limit hit for: 1isequal9.arm7
Command:/tmp/1isequal9.arm7
PID:6226
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
VegaSec-KATANA001
Standard Error:
  • system is lnxubuntu20
  • systemd New Fork (PID: 6245, Parent: 1)
  • journalctl (PID: 6245, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6262, Parent: 1)
  • systemd-journald (PID: 6262, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6265, Parent: 1)
  • journalctl (PID: 6265, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6306, Parent: 1)
  • dbus-daemon (PID: 6306, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6317, Parent: 1)
  • whoopsie (PID: 6317, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6321, Parent: 1860)
  • pulseaudio (PID: 6321, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6324, Parent: 1)
  • rtkit-daemon (PID: 6324, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6327, Parent: 1)
  • systemd-logind (PID: 6327, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6389, Parent: 1)
  • polkitd (PID: 6389, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6395, Parent: 1)
  • rsyslogd (PID: 6395, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6398, Parent: 1)
  • agetty (PID: 6398, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • gdm3 New Fork (PID: 6399, Parent: 1320)
  • Default (PID: 6399, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6403, Parent: 1320)
  • Default (PID: 6403, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6404, Parent: 1320)
  • Default (PID: 6404, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6405, Parent: 1)
  • gpu-manager (PID: 6405, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6406, Parent: 6405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6407, Parent: 6406)
      • grep (PID: 6407, Parent: 6406, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6408, Parent: 6405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6409, Parent: 6408)
      • grep (PID: 6409, Parent: 6408, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6410, Parent: 6405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6411, Parent: 6410)
      • grep (PID: 6411, Parent: 6410, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6415, Parent: 6405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6416, Parent: 6415)
      • grep (PID: 6416, Parent: 6415, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6417, Parent: 6405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6418, Parent: 6417)
      • grep (PID: 6418, Parent: 6417, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6419, Parent: 6405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6420, Parent: 6419)
      • grep (PID: 6420, Parent: 6419, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6423, Parent: 6405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6424, Parent: 6423)
      • grep (PID: 6424, Parent: 6423, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6425, Parent: 6405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6426, Parent: 6425)
      • grep (PID: 6426, Parent: 6425, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6427, Parent: 1)
  • generate-config (PID: 6427, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6428, Parent: 6427, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6431, Parent: 1)
  • gdm-wait-for-drm (PID: 6431, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6450, Parent: 1)
  • gdm3 (PID: 6450, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6455, Parent: 6450)
    • plymouth (PID: 6455, Parent: 6450, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6475, Parent: 6450)
    • gdm-session-worker (PID: 6475, Parent: 6450, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 6480, Parent: 6475, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 6482, Parent: 6480, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 6486, Parent: 6482)
            • false (PID: 6487, Parent: 6486, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 6488, Parent: 6480, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 6489, Parent: 6488, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 6490, Parent: 6450)
    • Default (PID: 6490, Parent: 6450, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 6491, Parent: 6450)
    • Default (PID: 6491, Parent: 6450, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6456, Parent: 1)
  • accounts-daemon (PID: 6456, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6468, Parent: 6456, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6469, Parent: 6468, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6470, Parent: 6469, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6473, Parent: 6470)
          • locale (PID: 6473, Parent: 6470, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6474, Parent: 6470)
          • grep (PID: 6474, Parent: 6470, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • fusermount (PID: 6498, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 6547, Parent: 1860)
  • dbus-daemon (PID: 6547, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • cleanup
SourceRuleDescriptionAuthorStrings
1isequal9.arm7SUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x171d8:$xo1: \x18:/<994z`{e
  • 0x17250:$xo1: \x18:/<994z`{e
  • 0x172c8:$xo1: \x18:/<994z`{e
  • 0x1731c:$xo1: \x18:/<994z`{e
  • 0x17394:$xo1: \x18:/<994z`{e
  • 0x1740c:$xo1: \x18:/<994z`{e
  • 0x17484:$xo1: \x18:/<994z`{e
  • 0x174f4:$xo1: \x18:/<994z`{e
  • 0x17570:$xo1: \x18:/<994z`{e
  • 0x175c0:$xo1: \x18:/<994z`{e
1isequal9.arm7JoeSecurity_Mirai_8Yara detected MiraiJoe Security
    SourceRuleDescriptionAuthorStrings
    6226.1.0000000097c8e407.000000009c2c05b8.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x3f00:$xo1: \x18:/<994z`{e
    • 0x3f78:$xo1: \x18:/<994z`{e
    • 0x3ff0:$xo1: \x18:/<994z`{e
    • 0x4048:$xo1: \x18:/<994z`{e
    • 0x40c0:$xo1: \x18:/<994z`{e
    • 0x4138:$xo1: \x18:/<994z`{e
    • 0x41b8:$xo1: \x18:/<994z`{e
    • 0x4230:$xo1: \x18:/<994z`{e
    • 0x42b0:$xo1: \x18:/<994z`{e
    • 0x4308:$xo1: \x18:/<994z`{e
    6229.1.0000000097c8e407.000000009c2c05b8.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x3f00:$xo1: \x18:/<994z`{e
    • 0x3f78:$xo1: \x18:/<994z`{e
    • 0x3ff0:$xo1: \x18:/<994z`{e
    • 0x4048:$xo1: \x18:/<994z`{e
    • 0x40c0:$xo1: \x18:/<994z`{e
    • 0x4138:$xo1: \x18:/<994z`{e
    • 0x41b8:$xo1: \x18:/<994z`{e
    • 0x4230:$xo1: \x18:/<994z`{e
    • 0x42b0:$xo1: \x18:/<994z`{e
    • 0x4308:$xo1: \x18:/<994z`{e
    6234.1.000000005d55c1b0.00000000007ca476.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x171d8:$xo1: \x18:/<994z`{e
    • 0x17250:$xo1: \x18:/<994z`{e
    • 0x172c8:$xo1: \x18:/<994z`{e
    • 0x1731c:$xo1: \x18:/<994z`{e
    • 0x17394:$xo1: \x18:/<994z`{e
    • 0x1740c:$xo1: \x18:/<994z`{e
    • 0x17484:$xo1: \x18:/<994z`{e
    • 0x174f4:$xo1: \x18:/<994z`{e
    • 0x17570:$xo1: \x18:/<994z`{e
    • 0x175c0:$xo1: \x18:/<994z`{e
    6226.1.000000005d55c1b0.00000000007ca476.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x171d8:$xo1: \x18:/<994z`{e
    • 0x17250:$xo1: \x18:/<994z`{e
    • 0x172c8:$xo1: \x18:/<994z`{e
    • 0x1731c:$xo1: \x18:/<994z`{e
    • 0x17394:$xo1: \x18:/<994z`{e
    • 0x1740c:$xo1: \x18:/<994z`{e
    • 0x17484:$xo1: \x18:/<994z`{e
    • 0x174f4:$xo1: \x18:/<994z`{e
    • 0x17570:$xo1: \x18:/<994z`{e
    • 0x175c0:$xo1: \x18:/<994z`{e
    6507.1.000000005d55c1b0.00000000007ca476.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x171d8:$xo1: \x18:/<994z`{e
    • 0x17250:$xo1: \x18:/<994z`{e
    • 0x172c8:$xo1: \x18:/<994z`{e
    • 0x1731c:$xo1: \x18:/<994z`{e
    • 0x17394:$xo1: \x18:/<994z`{e
    • 0x1740c:$xo1: \x18:/<994z`{e
    • 0x17484:$xo1: \x18:/<994z`{e
    • 0x174f4:$xo1: \x18:/<994z`{e
    • 0x17570:$xo1: \x18:/<994z`{e
    • 0x175c0:$xo1: \x18:/<994z`{e
    Click to see the 13 entries
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results
    Source: /usr/bin/pulseaudio (PID: 6321)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 6428)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6226)Socket: 127.0.0.1::59025Jump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)Socket: <unknown socket type>:unknownJump to behavior
    Source: /usr/sbin/gdm3 (PID: 6450)Socket: <unknown socket type>:unknownJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 6482)Socket: <unknown socket type>:unknownJump to behavior
    Source: syslog.35.drString found in binary or memory: https://www.rsyslog.com

    System Summary

    barindex
    Source: ELF static info symbol of initial sampleName: attack.c
    Source: ELF static info symbol of initial sampleName: attack_app.c
    Source: ELF static info symbol of initial sampleName: attack_get_opt_int
    Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
    Source: ELF static info symbol of initial sampleName: attack_get_opt_str
    Source: ELF static info symbol of initial sampleName: attack_gre.c
    Source: ELF static info symbol of initial sampleName: attack_gre_eth
    Source: ELF static info symbol of initial sampleName: attack_gre_ip
    Source: ELF static info symbol of initial sampleName: attack_init
    Source: ELF static info symbol of initial sampleName: attack_method_http
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 491, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 658, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 721, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 761, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 772, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 774, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 777, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 785, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 793, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1344, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1601, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1860, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1886, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 2048, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6044, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6190, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6191, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6230, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6234, result: unknownJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6507)SIGKILL sent: pid: 6505, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6515)SIGKILL sent: pid: 6513, result: successfulJump to behavior
    Source: 1isequal9.arm7, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6226.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6229.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6234.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6226.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6507.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6507.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6513.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6230.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6233.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6229.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6515.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6513.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6230.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6505.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6234.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6505.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6515.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6233.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 491, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 658, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 721, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 761, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 772, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 774, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 777, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 785, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 793, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1344, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1601, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1860, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 1886, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 2048, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6044, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6190, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6191, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6230, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6234)SIGKILL sent: pid: 6234, result: unknownJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6507)SIGKILL sent: pid: 6505, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6515)SIGKILL sent: pid: 6513, result: successfulJump to behavior
    Source: ELF static info symbol of initial sampleName: scanner.c
    Source: ELF static info symbol of initial sampleName: scanner_init
    Source: ELF static info symbol of initial sampleName: scanner_kill
    Source: ELF static info symbol of initial sampleName: scanner_pid
    Source: ELF static info symbol of initial sampleName: scanner_rawpkt
    Source: classification engineClassification label: mal64.spre.troj.linARM7@0/45@0/0

    Persistence and Installation Behavior

    barindex
    Source: /usr/bin/dbus-daemon (PID: 6306)File: /proc/6306/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 6482)File: /proc/6482/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 6489)File: /proc/6489/mountsJump to behavior
    Source: /bin/fusermount (PID: 6498)File: /proc/6498/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 6547)File: /proc/6547/mountsJump to behavior
    Source: /usr/share/gdm/generate-config (PID: 6428)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
    Source: /bin/sh (PID: 6407)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
    Source: /bin/sh (PID: 6409)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
    Source: /bin/sh (PID: 6411)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
    Source: /bin/sh (PID: 6416)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
    Source: /bin/sh (PID: 6418)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
    Source: /bin/sh (PID: 6420)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
    Source: /bin/sh (PID: 6424)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
    Source: /bin/sh (PID: 6426)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
    Source: /bin/sh (PID: 6474)Grep executable: /usr/bin/grep -> grep -F .utf8Jump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)Reads from proc file: /proc/meminfoJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6395/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6395/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6395/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6395/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6395/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6395/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6395/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6475/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6475/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6475/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6475/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6475/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6475/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/6475/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2078/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2078/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2078/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2078/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2078/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2078/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2078/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2077/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2077/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2077/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2077/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2077/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2077/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2077/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2033/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2033/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2033/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2033/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2033/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2033/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2033/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2074/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2074/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2074/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2074/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2074/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2074/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2074/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2028/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1532/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1532/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1532/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1532/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1532/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1532/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1532/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/1334/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2302/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2302/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2302/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2302/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2302/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2302/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2302/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2025/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2025/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2025/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2025/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2025/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2025/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2025/cgroupJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2223/commJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2223/cmdlineJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2223/statusJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2223/attr/currentJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2223/sessionidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2223/loginuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)File opened: /proc/2223/cgroupJump to behavior
    Source: /usr/bin/whoopsie (PID: 6317)Directory: /nonexistent/.cacheJump to behavior
    Source: /usr/lib/policykit-1/polkitd (PID: 6389)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/gdm3/gdm-wayland-session (PID: 6480)Directory: /var/lib/gdm3/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6456)Directory: /root/.cacheJump to behavior
    Source: /usr/sbin/gdm3 (PID: 6450)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
    Source: /usr/sbin/gdm3 (PID: 6450)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6456)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6456)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6406)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6408)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6410)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6415)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6417)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6419)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6423)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6425)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
    Source: /usr/share/language-tools/language-options (PID: 6470)Shell command executed: sh -c "locale -a | grep -F .utf8 "Jump to behavior
    Source: /usr/sbin/rsyslogd (PID: 6395)Log file created: /var/log/auth.logJump to dropped file
    Source: /usr/sbin/rsyslogd (PID: 6395)Log file created: /var/log/kern.logJump to dropped file
    Source: /usr/bin/gpu-manager (PID: 6405)Log file created: /var/log/gpu-manager.logJump to dropped file
    Source: /usr/bin/pulseaudio (PID: 6321)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 6428)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /tmp/1isequal9.arm7 (PID: 6226)Queries kernel information via 'uname': Jump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6262)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/whoopsie (PID: 6317)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/pulseaudio (PID: 6321)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/sbin/rsyslogd (PID: 6395)Queries kernel information via 'uname': Jump to behavior
    Source: /sbin/agetty (PID: 6398)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6405)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 6475)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/gpu-manager (PID: 6405)Truncated file: /var/log/gpu-manager.logJump to behavior
    Source: syslog.35.drBinary or memory string: May 14 12:00:20 galassia kernel: [ 479.246636] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
    Source: syslog.35.drBinary or memory string: May 14 12:00:20 galassia kernel: [ 479.246585] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase
    Source: 1isequal9.arm7, 6226.1.000000003680e83a.000000005c5c2243.rw-.sdmp, 1isequal9.arm7, 6229.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6230.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6233.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6234.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6505.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6507.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6513.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6515.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmpBinary or memory string: "V!/etc/qemu-binfmt/arm
    Source: 1isequal9.arm7, 6234.1.00000000fc8940c5.0000000022e68779.rw-.sdmpBinary or memory string: /tmp/qemu-open.2u2bbA
    Source: 1isequal9.arm7, 6226.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6229.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6230.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6233.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6234.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6505.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6507.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6513.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6515.1.00000000fc8940c5.0000000022e68779.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/1isequal9.arm7SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/1isequal9.arm7
    Source: 1isequal9.arm7, 6226.1.000000003680e83a.000000005c5c2243.rw-.sdmp, 1isequal9.arm7, 6229.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6230.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6233.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6234.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6505.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6507.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6513.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6515.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
    Source: 1isequal9.arm7, 6226.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6229.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6230.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6233.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6234.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6505.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6507.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6513.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6515.1.00000000fc8940c5.0000000022e68779.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
    Source: 1isequal9.arm7, 6234.1.00000000fc8940c5.0000000022e68779.rw-.sdmpBinary or memory string: "V/tmp/qemu-open.2u2bbA

    Language, Device and Operating System Detection

    barindex
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6456)Logged in records file read: /var/log/wtmpJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: 1isequal9.arm7, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: 1isequal9.arm7, type: SAMPLE
    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid Accounts1
    Scripting
    Path InterceptionPath Interception1
    Masquerading
    1
    OS Credential Dumping
    11
    Security Software Discovery
    Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
    Service Stop
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    File and Directory Permissions Modification
    LSASS Memory1
    System Owner/User Discovery
    Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
    Disable or Modify Tools
    Security Account Manager1
    File and Directory Discovery
    SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
    Scripting
    NTDS2
    System Information Discovery
    Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
    Hidden Files and Directories
    LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.common1
    Indicator Removal on Host
    Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    No configs have been found
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 626544 Sample: 1isequal9.arm7 Startdate: 14/05/2022 Architecture: LINUX Score: 64 85 Yara detected Mirai 2->85 87 Contains symbols with names commonly found in malware 2->87 10 systemd gdm3 2->10         started        12 1isequal9.arm7 2->12         started        14 systemd gpu-manager 2->14         started        16 19 other processes 2->16 process3 file4 20 gdm3 gdm-session-worker 10->20         started        34 3 other processes 10->34 22 1isequal9.arm7 12->22         started        24 1isequal9.arm7 12->24         started        26 gpu-manager sh 14->26         started        28 gpu-manager sh 14->28         started        36 6 other processes 14->36 79 /var/log/wtmp, data 16->79 dropped 81 Sample reads /proc/mounts (often used for finding a writable filesystem) 16->81 83 Reads system files that contain records of logged in users 16->83 30 accounts-daemon language-validate 16->30         started        32 generate-config pkill 16->32         started        signatures5 process6 process7 38 gdm-session-worker gdm-wayland-session 20->38         started        40 1isequal9.arm7 22->40         started        42 1isequal9.arm7 22->42         started        44 1isequal9.arm7 22->44         started        53 2 other processes 22->53 47 sh grep 26->47         started        49 sh grep 28->49         started        51 language-validate language-options 30->51         started        55 6 other processes 36->55 signatures8 57 gdm-wayland-session dbus-run-session 38->57         started        59 gdm-wayland-session dbus-daemon 38->59         started        62 1isequal9.arm7 40->62         started        64 1isequal9.arm7 42->64         started        95 Sample tries to kill multiple processes (SIGKILL) 44->95 66 language-options sh 51->66         started        process9 signatures10 68 dbus-run-session dbus-daemon 57->68         started        91 Sample reads /proc/mounts (often used for finding a writable filesystem) 59->91 71 dbus-daemon 59->71         started        93 Sample tries to kill multiple processes (SIGKILL) 62->93 73 sh locale 66->73         started        75 sh grep 66->75         started        process11 signatures12 89 Sample reads /proc/mounts (often used for finding a writable filesystem) 68->89 77 dbus-daemon false 71->77         started        process13
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No contacted domains info
    NameSourceMaliciousAntivirus DetectionReputation
    https://www.rsyslog.comsyslog.35.drfalse
      high
      No contacted IP infos
      No context
      No context
      No context
      No context
      No context
      Process:/usr/bin/pulseaudio
      File Type:ASCII text
      Category:dropped
      Size (bytes):10
      Entropy (8bit):2.9219280948873623
      Encrypted:false
      SSDEEP:3:5bkPn:pkP
      MD5:FF001A15CE15CF062A3704CEA2991B5F
      SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
      SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
      SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview:auto_null.
      Process:/usr/bin/pulseaudio
      File Type:ASCII text
      Category:dropped
      Size (bytes):18
      Entropy (8bit):3.4613201402110088
      Encrypted:false
      SSDEEP:3:5bkrIZsXvn:pkckv
      MD5:28FE6435F34B3367707BB1C5D5F6B430
      SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
      SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
      SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview:auto_null.monitor.
      Process:/usr/bin/dbus-daemon
      File Type:very short file (no magic)
      Category:dropped
      Size (bytes):1
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:3:V:V
      MD5:CFCD208495D565EF66E7DFF9F98764DA
      SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
      SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
      SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview:0
      Process:/usr/sbin/gdm3
      File Type:ASCII text
      Category:dropped
      Size (bytes):5
      Entropy (8bit):2.321928094887362
      Encrypted:false
      SSDEEP:3:Y:Y
      MD5:A80D703472FC5766CAE46D8D596262DD
      SHA1:7B01D0FBE2CBB711EBA794E944F2138C22032C60
      SHA-256:73D267E7B9831FEB83499133F3B4072D05D52E481EAFA86C8FF999AB19565CDA
      SHA-512:E48826B0BC0E965C580916AAC266BBA5C64DA47AE6C16CF80CD607C325EFE2150920CE6E5BB2FCFEBA37246656E8F2784ED0AD12A66464F067F2655680664AAE
      Malicious:false
      Reputation:low
      Preview:6450.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):223
      Entropy (8bit):5.52549506354132
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmprFecVgYW0hglsjsv:SbFuFyLVIg1BG+f+MSZ70hg2ji4s
      MD5:05DC185FA59A143371B333CCD055EB84
      SHA1:6680F16EC01414AB38A139E23E2504B22B885ADC
      SHA-256:FD058FEA25F473182E6E543F75EE04F3B02F561BBAE7F12D54B5A5B43CE3C1D3
      SHA-512:AC12DF8CA2CCF91C7A67D591CB61B8D6A5B45B1CB3180742F7E506188C483DEFF5A5D65EE3DE1C4CF36E4144E287820B2E7B4E72537B5E67D9A8EE4C4BE984F0
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=c1168619ecb641dd815b90822a262903.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):223
      Entropy (8bit):5.4898082652452045
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmymce5RPyUTExvshT+:SbFuFyLVIg1BG+f+My65zTEx0Zji4s
      MD5:8A387B421EEC18FB0CA40CA58DA3E2D1
      SHA1:673550BE429997DD5FA199AEA8DC6AB16DB96D08
      SHA-256:AF6A0AC2A22AF0D396B5811F82815F8D004257061EF0E63B69345E86BC07C123
      SHA-512:94E9441DDF66754F64C62DBF7D109DC833ABCD7F3008C7822267847E95BE4C5AFD3AA9EA1B303E9461230871B336FEF6CC5C96BA495FC8CBF386D1F421770451
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=8e73946169e64007a7d2a80d20aef1d6.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):207
      Entropy (8bit):5.404233028256503
      Encrypted:false
      SSDEEP:6:SbFuFyLVIg1BG+f+MyyHFHFfEtVwFrqjosQu:qgFq6g10+f+MLTxFr4Qu
      MD5:1B15315D1E887B5EDB3B071852BB1459
      SHA1:A1C23C80C5C9EA24194A3615D7989CC21CB0834B
      SHA-256:F7FB16CBAA6B70B659C2A0E21F38F24AD77BDB0B8DA9E4110B274843BB0D6167
      SHA-512:0EBB959C566F8D0BC0ECA06C5C84A53B264BC64DC94EA047DA8F084B81C729D3850007C7BDC0BDE5CF42C4523D39492DA1A7C9E5F6C33311472C0EC75BBA497C
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=8b7b19da131442aeaab44f4ac572a067.IDENTIFIER=dbus-daemon.UNIT=dbus.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):208
      Entropy (8bit):5.365516984544936
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmzkABHiWYcCDhTjsmM:SbFuFyLVIg1BG+f+MQkCWYHDZjdCLKzK
      MD5:8C248AF314AD87B76D37B1B00DBE8697
      SHA1:26099C59464587AEB1E21E402D9A18A98252EC96
      SHA-256:75CD0DF90FCA3D7AC72AEFAD990BF5FE0B6655F2DABA434D235B22F935F4167A
      SHA-512:0A08C838A7FE0CA63C15B36D9F538DCCF2401FED4D18078190B18A46C7997A27B9B38A4BD4D7F0CA5AEB63A79CC853E36C45B02EBE509D6B3D4D6631E346FB9F
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=9baf9db4a32a43839fc8894d1bdbcc98.IDENTIFIER=whoopsie.UNIT=whoopsie.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):188
      Entropy (8bit):5.376302213670818
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm4Au0WGMngrxsjshQJ:SbFuFyLVIg1BG+f+M4pGouqjtWL0
      MD5:7EA4F0D7713629F98BD4164C9CCB42A4
      SHA1:7851C70D248622164FD67F2FDA5233C21BF5591C
      SHA-256:F801B8B4BBB6110F0A3C6BF4FDAD33E226103B7A231F2FF52D7F1EB162176311
      SHA-512:A061F1624A8927D5A1CBE2AB4EF850193BD65CCF98E78406A63FF5F7E66C94B0CDA12AEBF6E2655F774CDD662EAF8165C1B540D496E0FA691D44E14D8204F501
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=2ec6b889ff9d4129b1d407c49ad32313.IDENTIFIER=pulseaudio.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):216
      Entropy (8bit):5.418303080912002
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmpHpMXvMPsZjsjOdlE:SbFuFyLVIg1BG+f+MJBPsZjNE
      MD5:180B5786951898994587E15A982AE7A3
      SHA1:36996516E6EE2FA0A6960E6D6D5D7D9FF0637F0D
      SHA-256:A6174826A4BC2BDF0ADE776604E60AA98F024A85C99F5095CD1314AA10E7CBB0
      SHA-512:D688958CCBD06E479BFAAE1B39F6A6051630DD867120E15544B97906F9467C354B147921FD74C060DF6C26E97DB54DC1079E1ADAC812869C5F497AE998690A2E
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=cbd481f2329249ada1cd7948b118d18e.IDENTIFIER=rtkit-daemon.UNIT=rtkit-daemon.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):220
      Entropy (8bit):5.472593390367883
      Encrypted:false
      SSDEEP:6:SbFuFyLVIg1BG+f+M44dXgJSqjZcHcljX+:qgFq6g10+f+M4CASkmAu
      MD5:63ED2FD3D9E246D95907CD311CCC1D8A
      SHA1:E211356F8759621282904A7980B97A2D22784994
      SHA-256:4DAC3A24E8401D9CC7658FDAA815876A02652C8217928CBAAE3324DEB4A39079
      SHA-512:0F69C68F6FE5BB8E7048337EED18ECFB73E60AC6926456131BCA722738C85E80DA4ED8CD18B90786086D63329AC95B9AC1B25C0C77CAE16ED83C06B504CF5D36
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=2078235905954ababc3bc453329eb3d7.IDENTIFIER=systemd-logind.UNIT=systemd-logind.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):205
      Entropy (8bit):5.414826348023577
      Encrypted:false
      SSDEEP:6:SbFuFyLVIg1BG+f+MxP1Wmfg8shuqjbVC:qgFq6g10+f+M51WYg9W
      MD5:C03339944511D081D869E2606E151C4F
      SHA1:88B292EAAAB2617DB3E2E71924D4C08A8691E894
      SHA-256:8C055BCDAE0AB5FCD9C732E66D3F41A06C772180913AAFAAFE0A6413741F3AF0
      SHA-512:4741B25AF400CD966E05380B59D881FB9029EED11A3FD1CCD08324939F7397122AAF7328DBBC05DE2F67F792E8852E21A869F548E8655323B1F4473DBE370621
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=788c5d60037b49b79928026bac7e4cda.IDENTIFIER=polkitd.UNIT=polkit.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):208
      Entropy (8bit):5.389461455657179
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmptTkg9MVIGJlsjswK:SbFuFyLVIg1BG+f+M7TkiUhJ2jLkGq
      MD5:FB5BB507BDD4C6A6C5B292B654398B80
      SHA1:340F04AF5E66E752A818B6964ECD0408821A9B96
      SHA-256:EB8ADF740FD028CEA146FD938A9F3A22C5C293B8977F218A8319939F8CA82CE3
      SHA-512:259EFEBF8049426C214A19C143B60A000B0E8D77D52BB340DD442726D22AA1E120232CD51D837BD7D958D954813F4CA08D487F9A507DBEAD0E7470D27B42938B
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=c7da02fd490a4778ba1100f1561e04db.IDENTIFIER=agetty.UNIT=getty@tty2.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):228
      Entropy (8bit):5.46660755793683
      Encrypted:false
      SSDEEP:6:SbFuFyLVIg1BG+f+MorALh6LuqjdCt/rRMtq:qgFq6g10+f+MoYh6LVCDL
      MD5:79B843818CD8EBB72AD3FD1F54372034
      SHA1:3D4EB18D049AAEA5D6DD4F884F856FBF0A083915
      SHA-256:F3FAB0E7C996AD22CACB3C312A5DD512E41DE23EE4EB978F045A528257E4C75C
      SHA-512:29BB88331A31EDECE88DDBEB53EB23345D5595EA7223BECBB0370AEC4863D96DB96BBDF93DDF02B68DA5338CD499EA525AB2F907A9766DC698340DFD6C0A008B
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b4892ee068514577b0ea2c6e4882f797.IDENTIFIER=whoopsie-upload-all.UNIT=apport-autoreport.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):210
      Entropy (8bit):5.402102015790067
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxmoAEkm+DWfA/Agrxsjsx:SbFuFyLVIg1BAf+MoM/ATjNALyAZD
      MD5:58F829FE69CB441857FB79C98DFECD5A
      SHA1:8B8B82C161714354167C900EA80AB327DFE5A4FE
      SHA-256:A6137C6D6F9DD2DDA53C83CC15AB5225FB3513B9C18029B62DC2237B30778773
      SHA-512:29AD9DB883E014A059EE8692A34C41B90C17B1C4898446AD7F4248CE9B8D2AAFC91EAFF5E35960182EED99015941EC8408BA44EC8078FF54AC69FFCD035AE6ED
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=bef40690daa64ad5aee5326cd7153fe2.IDENTIFIER=generate-config.UNIT=gdm.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):211
      Entropy (8bit):5.433807496620061
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxmrPLdDvHcAc2Gj6sjs2y:SbFuFyLVIg1BAf+MTpDvHKhHjNdQIeXD
      MD5:575BEC6625DC1B1B9B0C04E98EE90529
      SHA1:D5507882E9906BD7F0C5BFF3CDCA8D1DEDCE9092
      SHA-256:331D60204BA2152D4275EA12C8694D35E8D5E433F56F8E7091742B9763BFB8C8
      SHA-512:8E61BC4FB20DD67BBC80B04C2CE7AA2F419F5F02EB572D11A5D73E0092C35D741A58EFBDF0BD7ADC232AFE36DB078F51DE5F5A384F0556D02E63D87A53C7674E
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a9e192f28fb94292b9ee8408cc019cbb.IDENTIFIER=gdm-wait-for-drm.UNIT=gdm.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):199
      Entropy (8bit):5.405732597592262
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxmsZSw0b4+2lsjs2BZZGu:SbFuFyLVIg1BAf+MsW22jNTZD
      MD5:C801DCBA9D68D44D07D579048E51B383
      SHA1:32302CA89615D0A6E0C91D66C29F883BCFEA0E78
      SHA-256:5A107A6F62280B04F05E4B9DEE12ECF1F9C660BD18CC445B5D73D38D289728CF
      SHA-512:EDD3B2AE03EFB4EEF21A3EA84E03B3D3EB1F785D1175A25838F93F8BD3B12CC295A7773B4B9B69DEF4759EC85ACAB899A608A598925D7846D3BB328D2B76C5D5
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f1e716686b0d4f84aac73aa25d40f42b.IDENTIFIER=gdm3.UNIT=gdm.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):222
      Entropy (8bit):5.4448110668452685
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmshKvM2fGglsjswxJm:SbFuFyLVIg1BG+f+Msgdb2jLTTIWTIL
      MD5:C9D1BEDA0B3E52C610FC8B155B2BEE10
      SHA1:D0E7AA994BD71DF78B845D30EBF6CB11D73279B0
      SHA-256:22050DA0EFCAE928EE89555C4311691904F0F1F399188B1591A0D3629BA60F05
      SHA-512:2F5966BB7463BB2EFCCDDCD382F198A124B8936B3DF5A1406E79666CBC554D50FCA51BFFDBFD911CFDCD9063F7E39A021F179CBB08717F7E9F98AA56F6ADB362
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f021c55d1f6a459e863a22b9092f63d3.IDENTIFIER=accounts-daemon.UNIT=accounts-daemon.service.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):195
      Entropy (8bit):5.402590519381159
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmuMnDGpQhvsjs2BI:SbFuFyLVK6g7/+BG+f+MuM6W0jNq
      MD5:7386C257DFB4E2DF03C29DCA13D0B388
      SHA1:B345E588C422196D62267277F2E3979C4E875F30
      SHA-256:6A70A975698626F516D3B347ECED2EEC529F067182B7CAD827B6B81DA73D0B70
      SHA-512:C32617A0199AD9A2DC1A39777E58135E514706C19BB1839D270A28D074C27380008F7B016C55F895E6A5EF295348DAE6314319DC43BBD6EFBD6F5893E5918849
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=dad6b1564c6c4c1492e300636c955703.IDENTIFIER=gdm-session-worker.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):195
      Entropy (8bit):5.443830744919449
      Encrypted:false
      SSDEEP:6:SbFuFyLVI6g7/+BG+f+My2SW3wGB0hTjNq:qgFqdg7/+0+f+MzSW3tYFq
      MD5:F051AFD7C8ABEC8774357D99343AEF45
      SHA1:1136F210EE54C3FFE83963BFA868697F9AD2A399
      SHA-256:46CF157B252C7846ADDB5E06645D332DE494B4F833E52E69D36EE783C2D38C7A
      SHA-512:91E9EBA81C0AFCBA1A5DD15263BD512351C5937CDDC024C06AED9538DAF09AD8EB40BF54FC92FD15CEE5FCDC349884F848B614CCE92A756C7B1BCFDACE4D0902
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=8de0a1f340354c769b4b9e3f2d76d824.IDENTIFIER=gdm-session-worker.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):210
      Entropy (8bit):5.510825291850313
      Encrypted:false
      SSDEEP:6:SbFuFyLVK6g7/+BG+f+M+RbgFmjFQMzKaBu:qgFqo6g7/+0+f+MSgmTmh
      MD5:E29D0C38785D5E3863FA44CCDC8CC75D
      SHA1:D59A50FC73B977B22A4511E53DA369597A07E3E5
      SHA-256:302DFBA3C42ED99FA82550193B9951D2412E7CAA73723EC7D42611158117F0B4
      SHA-512:B4296C7567D9BE6E0284303F1CF1AD5EE18A45FD6DBDAD3AD26A56B86C12A4A539B32DF939E8D8585D20D902DAAC7C35563047B85836BC6E3A3F8A63AF50B4B6
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=47f62a9ff1634cf7bc77a82dda76b370.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):210
      Entropy (8bit):5.546343523609762
      Encrypted:false
      SSDEEP:6:SbFuFyLVI6g7/+BG+f+M8NRBW30hTjFQMzKaBu:qgFqdg7/+0+f+M8DBWkvTmh
      MD5:DF157BCFA368D91E1048C0B9791B29C5
      SHA1:0847A7AC93E5C8D8925DCC50C0A3E3B8714C6A6C
      SHA-256:4D00DD485D28D1CCF707740E7B60FAEBFC808AE0E1C42C1B53286386C8CBB81E
      SHA-512:14408B06BE0E1B121EE40C44B243504BE8BE73668F57E5CC90210FD73B8868CEB1AED63AEA74D63CE06E706CE0F7C0E0DC2A8241BC18FEAEFCA62BECDDC0A2F2
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=668a2d14c7424024855c6effc89ec37c.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):189
      Entropy (8bit):5.3466652868121685
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmzYZG4SVYER7xsjs16:SbFuFyLVIg1BG+f+McZGXYEojoa
      MD5:F09623415BD82D345929DD3D9D3086F0
      SHA1:D05672418DF9007D75DE9DC201656CB1E170F3F9
      SHA-256:9FB9E88DACE473ACC0FD745BCB49B52F3228D95E4EAAF59B6D9D06C40A4D0984
      SHA-512:A793361A323E3793BB35572B84404540F3F1B396536B024C2E4CC006947471664E2E54FC8BFA11E79161E4396DF1C8BAE264370C12C633B35F559D9BDF9B09E6
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=9fa0514ce46f47a5b9e09ecba61ba330.IDENTIFIER=dbus-daemon.
      Process:/lib/systemd/systemd-logind
      File Type:ASCII text
      Category:dropped
      Size (bytes):95
      Entropy (8bit):4.921230646592726
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
      MD5:BE58CCABC942125F5E27AF6EB1BA2F88
      SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
      SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
      SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
      Malicious:false
      Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.
      Process:/lib/systemd/systemd-logind
      File Type:ASCII text
      Category:dropped
      Size (bytes):116
      Entropy (8bit):4.957035419463244
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
      MD5:66D114877B3B4DB3BDD8A3AD4F5E7421
      SHA1:62E0CB0F51E0E3F97BE251CB917968DFF69ED344
      SHA-256:A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
      SHA-512:5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
      Malicious:false
      Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.
      Process:/lib/systemd/systemd-logind
      File Type:ASCII text
      Category:dropped
      Size (bytes):223
      Entropy (8bit):5.48620993646461
      Encrypted:false
      SSDEEP:6:SbFuFyL3BVgdL87ynAir/0Ixff6xgiTEEXqt6s:qgFq30dABibBugiwEaIs
      MD5:1C0F7FDE81B5D23151329426C133891A
      SHA1:08236DBA8796B971FD789DA13CE275671EA5F723
      SHA-256:C717402E56F18497F0F5089BB62B1F1BEDD0411E2AD7E92B16C2272405B0632A
      SHA-512:FC8F94666AF475F5EE41F3852F049181F3F14C1BA4AB15AD005D3542D0F4F0BC50C8338593AC71B0D30AC364E01CF887331EB5A008C6E8054AC032FDF079A514
      Malicious:false
      Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12291.REALTIME=1652529618809046.MONOTONIC=477413531.LAST_SESSION_TIMESTAMP=477514923.
      Process:/lib/systemd/systemd-logind
      File Type:ASCII text
      Category:dropped
      Size (bytes):223
      Entropy (8bit):5.48620993646461
      Encrypted:false
      SSDEEP:6:SbFuFyL3BVgdL87ynAir/0Ixff6xgiTEEXqt6s:qgFq30dABibBugiwEaIs
      MD5:1C0F7FDE81B5D23151329426C133891A
      SHA1:08236DBA8796B971FD789DA13CE275671EA5F723
      SHA-256:C717402E56F18497F0F5089BB62B1F1BEDD0411E2AD7E92B16C2272405B0632A
      SHA-512:FC8F94666AF475F5EE41F3852F049181F3F14C1BA4AB15AD005D3542D0F4F0BC50C8338593AC71B0D30AC364E01CF887331EB5A008C6E8054AC032FDF079A514
      Malicious:false
      Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12291.REALTIME=1652529618809046.MONOTONIC=477413531.LAST_SESSION_TIMESTAMP=477514923.
      Process:/lib/systemd/systemd-logind
      File Type:ASCII text
      Category:dropped
      Size (bytes):282
      Entropy (8bit):5.31264664240427
      Encrypted:false
      SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6H0giTEEX2Q2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBPgiwE4thQHtPYq9M
      MD5:4505D01CA91659332D7099EB6CC55C24
      SHA1:1E284AD8D071981ECBC23DB93CB82E109FD8CBFF
      SHA-256:4F628E76D8CD6A0D8EA72AC5FC0B5A9E39BEDD083FADE68B5F393274DF36E156
      SHA-512:FF001B6C42C4A9A00829635374881BBD4C7AEBE6582FA03F59D01DE18FA9AE67A04CB7F8C0C00EADDE1B31C4C03AB8549A6E9FD9A14B3E81A9F3DB9532F94375
      Malicious:false
      Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12229.REALTIME=1652529618809046.MONOTONIC=477413531.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
      Process:/lib/systemd/systemd-logind
      File Type:ASCII text
      Category:dropped
      Size (bytes):188
      Entropy (8bit):4.928997328913428
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
      MD5:065A3AD1A34A9903F536410ECA748105
      SHA1:21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
      SHA-256:E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
      SHA-512:DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
      Malicious:false
      Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
      Process:/lib/systemd/systemd-logind
      File Type:ASCII text
      Category:dropped
      Size (bytes):282
      Entropy (8bit):5.31264664240427
      Encrypted:false
      SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6H0giTEEX2Q2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBPgiwE4thQHtPYq9M
      MD5:4505D01CA91659332D7099EB6CC55C24
      SHA1:1E284AD8D071981ECBC23DB93CB82E109FD8CBFF
      SHA-256:4F628E76D8CD6A0D8EA72AC5FC0B5A9E39BEDD083FADE68B5F393274DF36E156
      SHA-512:FF001B6C42C4A9A00829635374881BBD4C7AEBE6582FA03F59D01DE18FA9AE67A04CB7F8C0C00EADDE1B31C4C03AB8549A6E9FD9A14B3E81A9F3DB9532F94375
      Malicious:false
      Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12229.REALTIME=1652529618809046.MONOTONIC=477413531.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
      Process:/lib/systemd/systemd-logind
      File Type:ASCII text
      Category:dropped
      Size (bytes):174
      Entropy (8bit):5.3441116931411266
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMs5BuSgdNR2sKiYiesnAv/XSHxJgiTEU04rXP6H206qodbURhv:SbFuFyL3BVgdL87iesnAiRJgiTEEXqtR
      MD5:D59B28A5703232BB11395EFD2FB438DD
      SHA1:FB691AEBFA005DA8EEAACD295BF1139F7F026FEA
      SHA-256:185223BD0D9C7E561FB567E4DA94461D73EA7D2DDDC4C966F432C0086B24A69C
      SHA-512:1955920C0E863FF3763E722D12FECD8D0937126AE9152A6880EEA7B71956C4FBDD4838AF29DE159636650C986B641218550F3F647495DC980BD2C3B924449104
      Malicious:false
      Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.REALTIME=1652529618809046.MONOTONIC=477413531.LAST_SESSION_TIMESTAMP=477514923.
      Process:/usr/bin/pulseaudio
      File Type:ASCII text
      Category:dropped
      Size (bytes):5
      Entropy (8bit):2.321928094887362
      Encrypted:false
      SSDEEP:3:c2:c2
      MD5:79205720C1EC779F3C9E96DD33D55732
      SHA1:414C9F88079D7C3494AAAB612EA2600D2F817F25
      SHA-256:0EF81B14AFB42BFC379F8EBAF7477F0F8E1BFFF35ED111DF95E190C1AF5CA4D0
      SHA-512:59F82F450F300361552BD7157FD090D11DE91F5801050A22F17CBB8C50B6A2C36FF8E3ADFDC1B5F24FD5E997925FC428EDD62C4A7DEFC8B1CD9017E467913A59
      Malicious:false
      Preview:6321.
      Process:/sbin/agetty
      File Type:data
      Category:dropped
      Size (bytes):384
      Entropy (8bit):0.6775035134351417
      Encrypted:false
      SSDEEP:3:ns1sXlXEWtl/xlwaHOLl//:sQ+ylcM6
      MD5:18694AF416802A0552577EB9CC13C89C
      SHA1:751CC3D7BEF45DB18F21128CB87753DB46CE0634
      SHA-256:A3DDCC1F5EC78185F7EA65A59CFAD763BFBE123F469077A8568FE1A2323A681E
      SHA-512:A3F924523955F5C0C099DE0D9379D592E1359F783ADD2D722D863C2D36C35770F7FFE495D709E8978836376CDD6CF7E204711C89858266AD52BA353C99A5018B
      Malicious:false
      Preview:........tty2.tty2.......................tty2LOGIN......................................................................................................................................................................................................................................................................................................b........................................
      Process:/tmp/1isequal9.arm7
      File Type:ASCII text
      Category:dropped
      Size (bytes):309
      Entropy (8bit):3.5011619206623372
      Encrypted:false
      SSDEEP:6:NgDFo4oX6/VUd/vYDFo48ImY/VEXM/VjmsVot/VOArB/VH:NYdordHQdZ2Xfl
      MD5:FC342925026487E770B834EC500C82B6
      SHA1:4B9301261F706EE5845F6A8869EDB3F13022DA40
      SHA-256:0284BE357CFDDEBDFF055B36842A1F711C46A1FFBDD5B245FE2EAFC5ADEA30A8
      SHA-512:F43D152ECF3B49BE821E40A73660841665E51DBD2DB6F478C75AC03D13AFD3BC572BC6DD85F4B5FA0A0C3C775B1DA8AC0F0DB53758C098AB5B3EF666965D0082
      Malicious:false
      Preview:8000-20000 r-xp 00000000 fd:00 531606 /tmp/1isequal9.arm7.20000-21000 rw-p 00018000 fd:00 531606 /tmp/1isequal9.arm7.21000-26000 rw-p 00000000 00:00 0 .26000-27000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].
      Process:/usr/bin/whoopsie
      File Type:ASCII text
      Category:dropped
      Size (bytes):37
      Entropy (8bit):3.722438500530197
      Encrypted:false
      SSDEEP:3:2Dlq6jIZv:2xqt
      MD5:F54B887A98EFE4013F09A85C65602ED8
      SHA1:7771C4D7D200024D9C9FCAA6646AC8E5887231AC
      SHA-256:EEB1B0022273B180B76A561347E0C06FC434B7AB0BE322E7CCDE7D5D37AF53AF
      SHA-512:3698EDACFACFF8224345BBF4527DB43D074F2B4FB1FAF1E65C325BBB2754BC3A8E76F8E5A2B2CD68B208175DF3D9B52AADA13AAC48ABC214935FBFF570ABF916
      Malicious:false
      Preview:9bfbdaa0-d36c-11ec-9a91-fa163e55efd0.
      Process:/usr/lib/accountsservice/accounts-daemon
      File Type:ASCII text
      Category:dropped
      Size (bytes):61
      Entropy (8bit):4.66214589518167
      Encrypted:false
      SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
      MD5:542BA3FB41206AE43928AF1C5E61FEBC
      SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
      SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
      SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
      Malicious:false
      Preview:[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
      Process:/usr/bin/gpu-manager
      File Type:ASCII text
      Category:dropped
      Size (bytes):25
      Entropy (8bit):2.7550849518197795
      Encrypted:false
      SSDEEP:3:JoT/V9fDVbn:M/V3n
      MD5:078760523943E160756979906B85FB5E
      SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
      SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
      SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
      Malicious:false
      Preview:15ad:0405;0000:00:0f:0;1.
      Process:/usr/bin/whoopsie
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):128
      Entropy (8bit):3.9410969045919657
      Encrypted:false
      SSDEEP:3:19y6UTAvBTdDVEQcNgAT0XUQhd3tjCZccCKcsVQWQ7JW:3y6BlVEfQXU8djCZd40
      MD5:D2B5AAF22916F8D6665CF9E835EAD5E7
      SHA1:AAEF3CE527B8F1E3733BCD03EF7A6C0F30881E15
      SHA-256:FEB925D4465BF6D30A42B19112406AD1B59BA90673DC4F91B25005A90FEFEB36
      SHA-512:B55A45FA0DECE5A3B0348BC3F3031A7329590E57BAD5013690AFEAA9825C0DE4B75D27057A56C33800F1626935840DA2262AAF14E795C75F39362B728D95F18A
      Malicious:false
      Preview:9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e
      Process:/usr/sbin/rsyslogd
      File Type:ASCII text
      Category:dropped
      Size (bytes):1881
      Entropy (8bit):4.920371041730839
      Encrypted:false
      SSDEEP:24:h7pqdZ4lZeqWkpaRAv2A2+VX0pYrhJrnrCQu:h88vnfVuYrfrnrCN
      MD5:E3803C4226589C05C7094B2D28C278DE
      SHA1:14B2D31CAF3AD3782BCE5E237C58FE42D8155BA8
      SHA-256:EFADE4E0FE86D18DA992B95943A0C5CAD593C4B64969951C7A299BAC7B08C95D
      SHA-512:D8C77591D2434CE6305AF7D987783AF6F61609DA344FC5AE4A6F90D86F3B0CB47D1F24184074069E86C29E0BEE90B08A1FE36FE1524A7C5D6B9A660A1A89384A
      Malicious:false
      Preview:May 14 11:59:50 galassia gdm-launch-environment]: pam_systemd(gdm-launch-environment:session): Failed to release session: No session 'c2' known.May 14 11:59:50 galassia gdm-password]: pam_systemd(gdm-password:session): Failed to release session: No session '2' known.May 14 11:59:51 galassia systemd-logind[6327]: Failed to add user by file name 127, ignoring: Invalid argument.May 14 11:59:51 galassia systemd-logind[6327]: Failed to add user by file name 1000, ignoring: Invalid argument.May 14 11:59:51 galassia systemd-logind[6327]: User enumeration failed: Invalid argument.May 14 11:59:51 galassia systemd-logind[6327]: User of session c2 not known..May 14 11:59:51 galassia systemd-logind[6327]: User of session 2 not known..May 14 11:59:51 galassia systemd-logind[6327]: User of session c1 not known..May 14 11:59:51 galassia systemd-logind[6327]: Session enumeration failed: No such file or directory.May 14 11:59:51 galassia systemd-logind[6327]: Watching system buttons on /dev/input/event
      Process:/usr/bin/gpu-manager
      File Type:ASCII text
      Category:dropped
      Size (bytes):1371
      Entropy (8bit):4.8296848499188485
      Encrypted:false
      SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
      MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
      SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
      SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
      SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
      Malicious:false
      Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce
      Process:/lib/systemd/systemd-journald
      File Type:data
      Category:dropped
      Size (bytes):240
      Entropy (8bit):1.4428593527838256
      Encrypted:false
      SSDEEP:3:F31Hl6Dk54lltlCDk54d:F34kKIkKd
      MD5:51B437E87C74D3DEBABB4D64994B2B36
      SHA1:056344BD79A489A6CA25E1D70435B4E78151CD0B
      SHA-256:0F898083C11674C16FDCE5A4D9D1E68C725F7050DC63E24493E6246E0AEA4A07
      SHA-512:258CDF5CA80066F0C1C37B17CF9C6CF50787F8796F0B3535FB30750B6D1D1D01BF620A4896CE11E2FE46AF4D4E3A1306900774E35DFF66CDEED88667F9D7EDC6
      Malicious:false
      Preview:LPKSHHRH.................m(..&I`....me...................................m(..&I`....me..........................................................................................................................................................
      Process:/lib/systemd/systemd-journald
      File Type:data
      Category:dropped
      Size (bytes):240
      Entropy (8bit):1.4392978820660198
      Encrypted:false
      SSDEEP:3:F31HlnJREq3rW/ZJREq3rill:F35RDbW/3RDb
      MD5:3C6172AC52AF3BC7462155ED45D8D0D2
      SHA1:57615C668E4EBF2419007A0608BD66555A5B102A
      SHA-256:33495385AC6CD313C5326B0785CB1619BB39798D2D66579DAC7F05B40D593693
      SHA-512:971B3A97A3AED49ED63F6EE97D9530D847FF1E8F73887BAD4FCF928D652A7545FD415CCCFF9E012CB61F9F1906942AA560AB809A7A1BB7BB593E9D8E4F4238F6
      Malicious:false
      Preview:LPKSHHRH................e.,...H...V.U..................................e.,...H...V.U..........................................................................................................................................................
      Process:/usr/sbin/rsyslogd
      File Type:ASCII text, with very long lines
      Category:dropped
      Size (bytes):12324
      Entropy (8bit):4.9765746232532155
      Encrypted:false
      SSDEEP:96:KuoURmvCMeaPCVNvVWP9zWOr8MwO5YVP66OYedf/oIW3LjB9pro3:rRIefNWPr8yD9fdf/nmjxA
      MD5:3E30220F671F17A3BBA91A31613E37F0
      SHA1:5F90B8E85A75CD6CC2A608DEF8F612ACAD658142
      SHA-256:BFAD5480C1C7EAC4DB452A224747D16BD599794A39FBF6896939AED9D07B12A1
      SHA-512:82407B79C324BDEB6A08FB44F3036EF3557AA5CBD4223FFDE83C8E9D7BF4420597952263D4B12BADE50A5F1473C8E1E0B29846259159E5E2F164860E71AFA3F0
      Malicious:false
      Preview:May 14 11:59:50 galassia kernel: [ 447.522004] New task spawned: old: (tgid 6389, tid 6392), new (tgid: 6389, tid: 6393).May 14 11:59:50 galassia kernel: [ 447.787123] New task spawned: old: (tgid 6317, tid 6317), new (tgid: 6317, tid: 6394).May 14 11:59:50 galassia kernel: [ 447.902714] Reached call limit: pid 6262, name read.May 14 11:59:50 galassia kernel: [ 448.516002] New task spawned: old: (tgid 6395, tid 6395), new (tgid: 6395, tid: 6400).May 14 11:59:50 galassia kernel: [ 448.518474] New task spawned: old: (tgid 6395, tid 6395), new (tgid: 6395, tid: 6401).May 14 11:59:51 galassia kernel: [ 448.526038] New task spawned: old: (tgid 6395, tid 6400), new (tgid: 6395, tid: 6402).May 14 11:59:53 galassia kernel: [ 449.620834] blocking signal 0: 6262 -> 1860.May 14 11:59:53 galassia kernel: [ 451.697658] New task spawned: old: (tgid 6405, tid 6405), new (tgid: 6406, tid: 6406).May 14 11:59:53 galassia kernel: [ 451.750817] New task spawned: old: (tgid 6406, tid 6406), new (t
      Process:/usr/sbin/rsyslogd
      File Type:ASCII text, with very long lines
      Category:dropped
      Size (bytes):40015
      Entropy (8bit):5.058437225606099
      Encrypted:false
      SSDEEP:768:oAMmUGKkr/JEDAXD1D/0rO48BINjRFRfD7+U42CIDn+ycUzfRLxFvV8ICaUwmtZf:K+wo
      MD5:2C82BCBFB46764083DDF24CD1CB63B25
      SHA1:C46CD01D8E01754635860A3DC77003062C5F05FA
      SHA-256:48FCC5F781B2166DF49CBA7E61397138115EF19E147C7ACDA1765F8EB35E7F95
      SHA-512:FDCC5F42A023D55018E94353E2ECD30132CFFDCBE2A31103E8168C9902CCB0DA0A786D43D45E065B35502FCCB47DF5A5062FDD6EF353B2BACB223A675EDF7F9A
      Malicious:false
      Preview:May 14 11:59:49 galassia dbus-daemon[6306]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' requested by ':1.5' (uid=0 pid=6324 comm="/usr/libexec/rtkit-daemon " label="unconfined").May 14 11:59:49 galassia [2077]: wrapper-2.0: Fatal IO error 11 (Resource temporarily unavailable) on X server :1..May 14 11:59:49 galassia [2079]: wrapper-2.0: Fatal IO error 11 (Resource temporarily unavailable) on X server :1..May 14 11:59:49 galassia whoopsie[6317]: [11:59:49] Could not get the Network Manager state:.May 14 11:59:49 galassia whoopsie[6317]: [11:59:49] GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.NetworkManager was not provided by any .service files.May 14 11:59:49 galassia whoopsie[6317]: [11:59:49] Parsing /var/crash/_usr_bin_light-locker.1000.crash..May 14 11:59:49 galassia [2083]: wrapper-2.0: Fatal IO error 11 (Resource temporarily unavailable) on X server :1..May 14 11:59:49 galassia whoopsie[6317]:
      Process:/sbin/agetty
      File Type:data
      Category:dropped
      Size (bytes):384
      Entropy (8bit):0.6775035134351417
      Encrypted:false
      SSDEEP:3:ns1sXlXEWtl/xlwaHOLl//:sQ+ylcM6
      MD5:18694AF416802A0552577EB9CC13C89C
      SHA1:751CC3D7BEF45DB18F21128CB87753DB46CE0634
      SHA-256:A3DDCC1F5EC78185F7EA65A59CFAD763BFBE123F469077A8568FE1A2323A681E
      SHA-512:A3F924523955F5C0C099DE0D9379D592E1359F783ADD2D722D863C2D36C35770F7FFE495D709E8978836376CDD6CF7E204711C89858266AD52BA353C99A5018B
      Malicious:true
      Preview:........tty2.tty2.......................tty2LOGIN......................................................................................................................................................................................................................................................................................................b........................................
      File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
      Entropy (8bit):6.0065835106622005
      TrID:
      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
      File name:1isequal9.arm7
      File size:150354
      MD5:c798ceff4aaaf18c02b544d6ef56def9
      SHA1:b8ef596aad37bb69bcdb0191d5a50ed6aedfa3f1
      SHA256:63275088f5f653385fce127219b64d70e2c6b6c5511568d27997b2496d7c573e
      SHA512:f008df4fb1b79bc3b0de46729b31e778312dd92ebd0b902c45d085c23668fcd63ee5edafbb8a87d3d5c1898383ff9b719f4696bbbc2616ba740f101246a5db47
      SSDEEP:3072:0rMrjDKMlbid2wnVMdO21MzcdTcLdVaTneYxbhAGpoyfa90tM/9V3Jnr:04rjDKybid2wnKbVUdVaTn7phAefa9a4
      TLSH:1AE33B86FA409E13C0C61776BAAF014A3322E755E3DB73068D185FF43F8AA5E4E57606
      File Content Preview:.ELF..............(.........4...........4. ...(........p.}..........................................$~..$~...............................5..........................................Q.td..................................-...L..................@-.,@...0....S

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:ARM
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - System V
      ABI Version:0
      Entry Point Address:0x8194
      Flags:0x4000002
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:5
      Section Header Offset:122776
      Section Header Size:40
      Number of Section Headers:29
      Header String Table Index:26
      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
      NULL0x00x00x00x00x0000
      .initPROGBITS0x80d40xd40x100x00x6AX004
      .textPROGBITS0x80f00xf00x168d80x00x6AX0016
      .finiPROGBITS0x1e9c80x169c80x100x00x6AX004
      .rodataPROGBITS0x1e9d80x169d80x131c0x00x2A004
      .ARM.extabPROGBITS0x1fcf40x17cf40x180x00x2A004
      .ARM.exidxARM_EXIDX0x1fd0c0x17d0c0x1180x00x82AL204
      .eh_framePROGBITS0x200000x180000x40x00x3WA004
      .tbssNOBITS0x200040x180040x80x00x403WAT004
      .init_arrayINIT_ARRAY0x200040x180040x40x00x3WA004
      .fini_arrayFINI_ARRAY0x200080x180080x40x00x3WA004
      .jcrPROGBITS0x2000c0x1800c0x40x00x3WA004
      .gotPROGBITS0x200100x180100xa80x40x3WA004
      .dataPROGBITS0x200b80x180b80x2040x00x3WA004
      .bssNOBITS0x202bc0x182bc0x32ec0x00x3WA004
      .commentPROGBITS0x00x182bc0x8f20x00x0001
      .debug_arangesPROGBITS0x00x18bb00xc00x00x0008
      .debug_pubnamesPROGBITS0x00x18c700x2130x00x0001
      .debug_infoPROGBITS0x00x18e830x1d230x00x0001
      .debug_abbrevPROGBITS0x00x1aba60x6920x00x0001
      .debug_linePROGBITS0x00x1b2380x9c70x00x0001
      .debug_framePROGBITS0x00x1bc000x2b80x00x0004
      .debug_strPROGBITS0x00x1beb80x8ca0x10x30MS001
      .debug_locPROGBITS0x00x1c7820x118f0x00x0001
      .debug_rangesPROGBITS0x00x1d9110x5580x00x0001
      .ARM.attributesARM_ATTRIBUTES0x00x1de690x160x00x0001
      .shstrtabSTRTAB0x00x1de7f0x1170x00x0001
      .symtabSYMTAB0x00x1e4200x45400x100x0286424
      .strtabSTRTAB0x00x229600x21f20x00x0001
      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      EXIDX0x17d0c0x1fd0c0x1fd0c0x1180x1181.57880x4R 0x4.ARM.exidx
      LOAD0x00x80000x80000x17e240x17e243.32320x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
      LOAD0x180000x200000x200000x2bc0x35a82.32200x6RW 0x8000.eh_frame .init_array .fini_array .jcr .got .data .bss
      TLS0x180040x200040x200040x00x80.00000x4R 0x4
      GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
      NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
      .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      .symtab0x80d40SECTION<unknown>DEFAULT1
      .symtab0x80f00SECTION<unknown>DEFAULT2
      .symtab0x1e9c80SECTION<unknown>DEFAULT3
      .symtab0x1e9d80SECTION<unknown>DEFAULT4
      .symtab0x1fcf40SECTION<unknown>DEFAULT5
      .symtab0x1fd0c0SECTION<unknown>DEFAULT6
      .symtab0x200000SECTION<unknown>DEFAULT7
      .symtab0x200040SECTION<unknown>DEFAULT8
      .symtab0x200040SECTION<unknown>DEFAULT9
      .symtab0x200080SECTION<unknown>DEFAULT10
      .symtab0x2000c0SECTION<unknown>DEFAULT11
      .symtab0x200100SECTION<unknown>DEFAULT12
      .symtab0x200b80SECTION<unknown>DEFAULT13
      .symtab0x202bc0SECTION<unknown>DEFAULT14
      .symtab0x00SECTION<unknown>DEFAULT15
      .symtab0x00SECTION<unknown>DEFAULT16
      .symtab0x00SECTION<unknown>DEFAULT17
      .symtab0x00SECTION<unknown>DEFAULT18
      .symtab0x00SECTION<unknown>DEFAULT19
      .symtab0x00SECTION<unknown>DEFAULT20
      .symtab0x00SECTION<unknown>DEFAULT21
      .symtab0x00SECTION<unknown>DEFAULT22
      .symtab0x00SECTION<unknown>DEFAULT23
      .symtab0x00SECTION<unknown>DEFAULT24
      .symtab0x00SECTION<unknown>DEFAULT25
      $a.symtab0x80d40NOTYPE<unknown>DEFAULT1
      $a.symtab0x1e9c80NOTYPE<unknown>DEFAULT3
      $a.symtab0x80e00NOTYPE<unknown>DEFAULT1
      $a.symtab0x1e9d40NOTYPE<unknown>DEFAULT3
      $a.symtab0x80f00NOTYPE<unknown>DEFAULT2
      $a.symtab0x81340NOTYPE<unknown>DEFAULT2
      $a.symtab0x81940NOTYPE<unknown>DEFAULT2
      $a.symtab0x81d00NOTYPE<unknown>DEFAULT2
      $a.symtab0x85140NOTYPE<unknown>DEFAULT2
      $a.symtab0x91480NOTYPE<unknown>DEFAULT2
      $a.symtab0xa1f00NOTYPE<unknown>DEFAULT2
      $a.symtab0xa24c0NOTYPE<unknown>DEFAULT2
      $a.symtab0xa3480NOTYPE<unknown>DEFAULT2
      $a.symtab0xa5640NOTYPE<unknown>DEFAULT2
      $a.symtab0xa5d00NOTYPE<unknown>DEFAULT2
      $a.symtab0xa6400NOTYPE<unknown>DEFAULT2
      $a.symtab0xa9d40NOTYPE<unknown>DEFAULT2
      $a.symtab0xb0680NOTYPE<unknown>DEFAULT2
      $a.symtab0xb6840NOTYPE<unknown>DEFAULT2
      $a.symtab0xbd7c0NOTYPE<unknown>DEFAULT2
      $a.symtab0xc4280NOTYPE<unknown>DEFAULT2
      $a.symtab0xc6c80NOTYPE<unknown>DEFAULT2
      $a.symtab0xcbb40NOTYPE<unknown>DEFAULT2
      $a.symtab0xcfec0NOTYPE<unknown>DEFAULT2
      $a.symtab0xd6580NOTYPE<unknown>DEFAULT2
      $a.symtab0xd6ac0NOTYPE<unknown>DEFAULT2
      $a.symtab0xdd600NOTYPE<unknown>DEFAULT2
      $a.symtab0xe0080NOTYPE<unknown>DEFAULT2
      $a.symtab0xe0580NOTYPE<unknown>DEFAULT2
      $a.symtab0xe0fc0NOTYPE<unknown>DEFAULT2
      $a.symtab0xe1240NOTYPE<unknown>DEFAULT2
      $a.symtab0xe6a00NOTYPE<unknown>DEFAULT2
      $a.symtab0xf6840NOTYPE<unknown>DEFAULT2
      $a.symtab0xfc300NOTYPE<unknown>DEFAULT2
      $a.symtab0xfc480NOTYPE<unknown>DEFAULT2
      $a.symtab0xfdf40NOTYPE<unknown>DEFAULT2
      $a.symtab0xfe3c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1009c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x108480NOTYPE<unknown>DEFAULT2
      $a.symtab0x108a40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1090c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x10a480NOTYPE<unknown>DEFAULT2
      $a.symtab0x10b240NOTYPE<unknown>DEFAULT2
      $a.symtab0x10b4c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x10c140NOTYPE<unknown>DEFAULT2
      $a.symtab0x10d740NOTYPE<unknown>DEFAULT2
      $a.symtab0x10f000NOTYPE<unknown>DEFAULT2
      $a.symtab0x135b00NOTYPE<unknown>DEFAULT2
      $a.symtab0x13fe40NOTYPE<unknown>DEFAULT2
      $a.symtab0x142000NOTYPE<unknown>DEFAULT2
      $a.symtab0x142240NOTYPE<unknown>DEFAULT2
      $a.symtab0x142c40NOTYPE<unknown>DEFAULT2
      $a.symtab0x143640NOTYPE<unknown>DEFAULT2
      $a.symtab0x155240NOTYPE<unknown>DEFAULT2
      $a.symtab0x155440NOTYPE<unknown>DEFAULT2
      $a.symtab0x1556c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x155b40NOTYPE<unknown>DEFAULT2
      $a.symtab0x155d80NOTYPE<unknown>DEFAULT2
      $a.symtab0x155fc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x156680NOTYPE<unknown>DEFAULT2
      $a.symtab0x157a40NOTYPE<unknown>DEFAULT2
      $a.symtab0x158000NOTYPE<unknown>DEFAULT2
      $a.symtab0x158940NOTYPE<unknown>DEFAULT2
      $a.symtab0x159240NOTYPE<unknown>DEFAULT2
      $a.symtab0x159a40NOTYPE<unknown>DEFAULT2
      $a.symtab0x15a380NOTYPE<unknown>DEFAULT2
      $a.symtab0x15b340NOTYPE<unknown>DEFAULT2
      $a.symtab0x15c480NOTYPE<unknown>DEFAULT2
      $a.symtab0x15d8c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x15da00NOTYPE<unknown>DEFAULT2
      $a.symtab0x15e380NOTYPE<unknown>DEFAULT2
      $a.symtab0x15f2c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x15f400NOTYPE<unknown>DEFAULT2
      $a.symtab0x160200NOTYPE<unknown>DEFAULT2
      $a.symtab0x160580NOTYPE<unknown>DEFAULT2
      $a.symtab0x1609c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x160dc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x161200NOTYPE<unknown>DEFAULT2
      $a.symtab0x161a40NOTYPE<unknown>DEFAULT2
      $a.symtab0x161e40NOTYPE<unknown>DEFAULT2
      $a.symtab0x162700NOTYPE<unknown>DEFAULT2
      $a.symtab0x162a00NOTYPE<unknown>DEFAULT2
      $a.symtab0x163b00NOTYPE<unknown>DEFAULT2
      $a.symtab0x164800NOTYPE<unknown>DEFAULT2
      $a.symtab0x165440NOTYPE<unknown>DEFAULT2
      $a.symtab0x165f40NOTYPE<unknown>DEFAULT2
      $a.symtab0x166dc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x166fc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x167300NOTYPE<unknown>DEFAULT2
      $a.symtab0x167400NOTYPE<unknown>DEFAULT2
      $a.symtab0x167500NOTYPE<unknown>DEFAULT2
      $a.symtab0x167f00NOTYPE<unknown>DEFAULT2
      $a.symtab0x168180NOTYPE<unknown>DEFAULT2
      $a.symtab0x1685c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x168d00NOTYPE<unknown>DEFAULT2
      $a.symtab0x169140NOTYPE<unknown>DEFAULT2
      $a.symtab0x169580NOTYPE<unknown>DEFAULT2
      $a.symtab0x169cc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x16a100NOTYPE<unknown>DEFAULT2
      $a.symtab0x16a580NOTYPE<unknown>DEFAULT2
      $a.symtab0x16a980NOTYPE<unknown>DEFAULT2
      $a.symtab0x16adc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x16b4c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x16b940NOTYPE<unknown>DEFAULT2
      $a.symtab0x16c1c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x16c600NOTYPE<unknown>DEFAULT2
      $a.symtab0x16cd00NOTYPE<unknown>DEFAULT2
      $a.symtab0x16d1c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x16da40NOTYPE<unknown>DEFAULT2
      $a.symtab0x16dec0NOTYPE<unknown>DEFAULT2
      $a.symtab0x16e300NOTYPE<unknown>DEFAULT2
      $a.symtab0x16e800NOTYPE<unknown>DEFAULT2
      $a.symtab0x16e940NOTYPE<unknown>DEFAULT2
      $a.symtab0x16f580NOTYPE<unknown>DEFAULT2
      $a.symtab0x16fc40NOTYPE<unknown>DEFAULT2
      $a.symtab0x179740NOTYPE<unknown>DEFAULT2
      $a.symtab0x17ab40NOTYPE<unknown>DEFAULT2
      $a.symtab0x17e740NOTYPE<unknown>DEFAULT2
      $a.symtab0x183140NOTYPE<unknown>DEFAULT2
      $a.symtab0x183540NOTYPE<unknown>DEFAULT2
      $a.symtab0x1847c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x184940NOTYPE<unknown>DEFAULT2
      $a.symtab0x185380NOTYPE<unknown>DEFAULT2
      $a.symtab0x185f00NOTYPE<unknown>DEFAULT2
      $a.symtab0x186b00NOTYPE<unknown>DEFAULT2
      $a.symtab0x187540NOTYPE<unknown>DEFAULT2
      $a.symtab0x187e40NOTYPE<unknown>DEFAULT2
      $a.symtab0x188bc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x189b40NOTYPE<unknown>DEFAULT2
      $a.symtab0x18aa00NOTYPE<unknown>DEFAULT2
      $a.symtab0x18b640NOTYPE<unknown>DEFAULT2
      $a.symtab0x18cb00NOTYPE<unknown>DEFAULT2
      $a.symtab0x192d40NOTYPE<unknown>DEFAULT2
      $a.symtab0x196a00NOTYPE<unknown>DEFAULT2
      $a.symtab0x197380NOTYPE<unknown>DEFAULT2
      $a.symtab0x197800NOTYPE<unknown>DEFAULT2
      $a.symtab0x198700NOTYPE<unknown>DEFAULT2
      $a.symtab0x199a40NOTYPE<unknown>DEFAULT2
      $a.symtab0x199fc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x19a040NOTYPE<unknown>DEFAULT2
      $a.symtab0x19a340NOTYPE<unknown>DEFAULT2
      $a.symtab0x19a8c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x19a940NOTYPE<unknown>DEFAULT2
      $a.symtab0x19ac40NOTYPE<unknown>DEFAULT2
      $a.symtab0x19b1c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x19b240NOTYPE<unknown>DEFAULT2
      $a.symtab0x19b540NOTYPE<unknown>DEFAULT2
      $a.symtab0x19bac0NOTYPE<unknown>DEFAULT2
      $a.symtab0x19bb40NOTYPE<unknown>DEFAULT2
      $a.symtab0x19be00NOTYPE<unknown>DEFAULT2
      $a.symtab0x19c680NOTYPE<unknown>DEFAULT2
      $a.symtab0x19d440NOTYPE<unknown>DEFAULT2
      $a.symtab0x19e040NOTYPE<unknown>DEFAULT2
      $a.symtab0x19e580NOTYPE<unknown>DEFAULT2
      $a.symtab0x19eb00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a29c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a3180NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a3440NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a3cc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a3d40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a3e00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a3f00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a4000NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a4400NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a4a80NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a50c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a5ac0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a5d80NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a5ec0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a6000NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a6140NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a63c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a6740NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a6b40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a6c80NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a70c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a74c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a78c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a7ec0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a8580NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a86c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1a9e40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1aad00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1ae740NOTYPE<unknown>DEFAULT2
      $a.symtab0x1b1a40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1b1c40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1b6240NOTYPE<unknown>DEFAULT2
      $a.symtab0x1b6a40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1b8080NOTYPE<unknown>DEFAULT2
      $a.symtab0x1b8380NOTYPE<unknown>DEFAULT2
      $a.symtab0x1b97c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1ba980NOTYPE<unknown>DEFAULT2
      $a.symtab0x1bd480NOTYPE<unknown>DEFAULT2
      $a.symtab0x1c0f40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1c2200NOTYPE<unknown>DEFAULT2
      $a.symtab0x1c2c00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1c7500NOTYPE<unknown>DEFAULT2
      $a.symtab0x1c7700NOTYPE<unknown>DEFAULT2
      $a.symtab0x1c7d00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1c8c00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1c9ac0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1c9f00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1ca400NOTYPE<unknown>DEFAULT2
      $a.symtab0x1ca8c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1cab00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1cb2c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1cc240NOTYPE<unknown>DEFAULT2
      $a.symtab0x1cc9c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1cd040NOTYPE<unknown>DEFAULT2
      $a.symtab0x1cf580NOTYPE<unknown>DEFAULT2
      $a.symtab0x1cf640NOTYPE<unknown>DEFAULT2
      $a.symtab0x1cf9c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1cff40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d04c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d0580NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d1a00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d1f80NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d2d40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d3040NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d3a80NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d3cc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d40c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d47c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d4c80NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d5140NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d51c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d5200NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d54c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d5580NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d5640NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d7840NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d8d40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d8f00NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d9500NOTYPE<unknown>DEFAULT2
      $a.symtab0x1d9bc0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1da740NOTYPE<unknown>DEFAULT2
      $a.symtab0x1da940NOTYPE<unknown>DEFAULT2
      $a.symtab0x1dbd80NOTYPE<unknown>DEFAULT2
      $a.symtab0x1e1200NOTYPE<unknown>DEFAULT2
      $a.symtab0x1e1280NOTYPE<unknown>DEFAULT2
      $a.symtab0x1e1300NOTYPE<unknown>DEFAULT2
      $a.symtab0x1e1380NOTYPE<unknown>DEFAULT2
      $a.symtab0x1e1f40NOTYPE<unknown>DEFAULT2
      $a.symtab0x1e2380NOTYPE<unknown>DEFAULT2
      $a.symtab0x1e94c0NOTYPE<unknown>DEFAULT2
      $a.symtab0x1e9940NOTYPE<unknown>DEFAULT2
      $d.symtab0x81280NOTYPE<unknown>DEFAULT2
      $d.symtab0x200080NOTYPE<unknown>DEFAULT10
      $d.symtab0x81800NOTYPE<unknown>DEFAULT2
      $d.symtab0x200040NOTYPE<unknown>DEFAULT9
      $d.symtab0x81c40NOTYPE<unknown>DEFAULT2
      $d.symtab0x84ec0NOTYPE<unknown>DEFAULT2
      $d.symtab0x91200NOTYPE<unknown>DEFAULT2
      $d.symtab0xa3400NOTYPE<unknown>DEFAULT2
      $d.symtab0xa9a00NOTYPE<unknown>DEFAULT2
      $d.symtab0xb0640NOTYPE<unknown>DEFAULT2
      $d.symtab0xb6800NOTYPE<unknown>DEFAULT2
      $d.symtab0xbd780NOTYPE<unknown>DEFAULT2
      $d.symtab0xc4240NOTYPE<unknown>DEFAULT2
      $d.symtab0xcbb00NOTYPE<unknown>DEFAULT2
      $d.symtab0xcfe80NOTYPE<unknown>DEFAULT2
      $d.symtab0xd6480NOTYPE<unknown>DEFAULT2
      $d.symtab0xd6a40NOTYPE<unknown>DEFAULT2
      $d.symtab0xdd5c0NOTYPE<unknown>DEFAULT2
      $d.symtab0xe1200NOTYPE<unknown>DEFAULT2
      $d.symtab0xe69c0NOTYPE<unknown>DEFAULT2
      $d.symtab0xf6740NOTYPE<unknown>DEFAULT2
      $d.symtab0xfc400NOTYPE<unknown>DEFAULT2
      $d.symtab0xfde40NOTYPE<unknown>DEFAULT2
      $d.symtab0xfe340NOTYPE<unknown>DEFAULT2
      $d.symtab0x100980NOTYPE<unknown>DEFAULT2
      $d.symtab0x1080c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x200b80NOTYPE<unknown>DEFAULT13
      $d.symtab0x200bc0NOTYPE<unknown>DEFAULT13
      $d.symtab0x200c00NOTYPE<unknown>DEFAULT13
      $d.symtab0x200c40NOTYPE<unknown>DEFAULT13
      $d.symtab0x108940NOTYPE<unknown>DEFAULT2
      $d.symtab0x108fc0NOTYPE<unknown>DEFAULT2
      $d.symtab0x10a300NOTYPE<unknown>DEFAULT2
      $d.symtab0x10b140NOTYPE<unknown>DEFAULT2
      $d.symtab0x10b480NOTYPE<unknown>DEFAULT2
      $d.symtab0x10c100NOTYPE<unknown>DEFAULT2
      $d.symtab0x10d680NOTYPE<unknown>DEFAULT2
      $d.symtab0x10dbc0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1358c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x13fac0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1ed100NOTYPE<unknown>DEFAULT4
      $d.symtab0x1ed190NOTYPE<unknown>DEFAULT4
      $d.symtab0x142200NOTYPE<unknown>DEFAULT2
      $d.symtab0x142bc0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1435c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x153740NOTYPE<unknown>DEFAULT2
      $d.symtab0x200c80NOTYPE<unknown>DEFAULT13
      $d.symtab0x00NOTYPE<unknown>DEFAULT21
      $d.symtab0x200NOTYPE<unknown>DEFAULT21
      $d.symtab0x260NOTYPE<unknown>DEFAULT21
      $d.symtab0x2c0NOTYPE<unknown>DEFAULT21
      $d.symtab0x4c0NOTYPE<unknown>DEFAULT21
      $d.symtab0x530NOTYPE<unknown>DEFAULT21
      $d.symtab0x15e300NOTYPE<unknown>DEFAULT2
      $d.symtab0x15f1c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x160100NOTYPE<unknown>DEFAULT2
      $d.symtab0x160540NOTYPE<unknown>DEFAULT2
      $d.symtab0x160980NOTYPE<unknown>DEFAULT2
      $d.symtab0x160d80NOTYPE<unknown>DEFAULT2
      $d.symtab0x1611c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1619c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x161e00NOTYPE<unknown>DEFAULT2
      $d.symtab0x1626c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x163940NOTYPE<unknown>DEFAULT2
      $d.symtab0x164780NOTYPE<unknown>DEFAULT2
      $d.symtab0x165380NOTYPE<unknown>DEFAULT2
      $d.symtab0x165ec0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1f91c0NOTYPE<unknown>DEFAULT4
      $d.symtab0x166c80NOTYPE<unknown>DEFAULT2
      $d.symtab0x166f80NOTYPE<unknown>DEFAULT2
      $d.symtab0x1672c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x168540NOTYPE<unknown>DEFAULT2
      $d.symtab0x168c80NOTYPE<unknown>DEFAULT2
      $d.symtab0x1690c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x169500NOTYPE<unknown>DEFAULT2
      $d.symtab0x169c40NOTYPE<unknown>DEFAULT2
      $d.symtab0x16a080NOTYPE<unknown>DEFAULT2
      $d.symtab0x16a500NOTYPE<unknown>DEFAULT2
      $d.symtab0x16a940NOTYPE<unknown>DEFAULT2
      $d.symtab0x16ad40NOTYPE<unknown>DEFAULT2
      $d.symtab0x16b440NOTYPE<unknown>DEFAULT2
      $d.symtab0x16b900NOTYPE<unknown>DEFAULT2
      $d.symtab0x16c140NOTYPE<unknown>DEFAULT2
      $d.symtab0x16c580NOTYPE<unknown>DEFAULT2
      $d.symtab0x16cc80NOTYPE<unknown>DEFAULT2
      $d.symtab0x16d140NOTYPE<unknown>DEFAULT2
      $d.symtab0x16d9c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x16de40NOTYPE<unknown>DEFAULT2
      $d.symtab0x16e280NOTYPE<unknown>DEFAULT2
      $d.symtab0x16e7c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x16f4c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x179500NOTYPE<unknown>DEFAULT2
      $d.symtab0x200cc0NOTYPE<unknown>DEFAULT13
      $d.symtab0x17a980NOTYPE<unknown>DEFAULT2
      $d.symtab0x17e540NOTYPE<unknown>DEFAULT2
      $d.symtab0x182f80NOTYPE<unknown>DEFAULT2
      $d.symtab0x1834c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x184680NOTYPE<unknown>DEFAULT2
      $d.symtab0x200e40NOTYPE<unknown>DEFAULT13
      $d.symtab0x1851c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x185d40NOTYPE<unknown>DEFAULT2
      $d.symtab0x186940NOTYPE<unknown>DEFAULT2
      $d.symtab0x187380NOTYPE<unknown>DEFAULT2
      $d.symtab0x200fc0NOTYPE<unknown>DEFAULT13
      $d.symtab0x201940NOTYPE<unknown>DEFAULT13
      $d.symtab0x187e00NOTYPE<unknown>DEFAULT2
      $d.symtab0x188b00NOTYPE<unknown>DEFAULT2
      $d.symtab0x189a40NOTYPE<unknown>DEFAULT2
      $d.symtab0x18a940NOTYPE<unknown>DEFAULT2
      $d.symtab0x1f9340NOTYPE<unknown>DEFAULT4
      $d.symtab0x18b440NOTYPE<unknown>DEFAULT2
      $d.symtab0x201a80NOTYPE<unknown>DEFAULT13
      $d.symtab0x18c8c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x192a80NOTYPE<unknown>DEFAULT2
      $d.symtab0x196780NOTYPE<unknown>DEFAULT2
      $d.symtab0x198640NOTYPE<unknown>DEFAULT2
      $d.symtab0x199900NOTYPE<unknown>DEFAULT2
      $d.symtab0x199a00NOTYPE<unknown>DEFAULT2
      $d.symtab0x19a300NOTYPE<unknown>DEFAULT2
      $d.symtab0x19ac00NOTYPE<unknown>DEFAULT2
      $d.symtab0x19b500NOTYPE<unknown>DEFAULT2
      $d.symtab0x19d3c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x19df00NOTYPE<unknown>DEFAULT2
      $d.symtab0x19e500NOTYPE<unknown>DEFAULT2
      $d.symtab0x19ea40NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a2500NOTYPE<unknown>DEFAULT2
      $d.symtab0x201c00NOTYPE<unknown>DEFAULT13
      $d.symtab0x1a3100NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a3400NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a3c00NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a43c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a4a00NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a5080NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a5a80NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a6340NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a6700NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a6b00NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a7080NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a7480NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a7880NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a7e40NOTYPE<unknown>DEFAULT2
      $d.symtab0x1a8500NOTYPE<unknown>DEFAULT2
      $d.symtab0x1aabc0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1ae6c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1b1940NOTYPE<unknown>DEFAULT2
      $d.symtab0x1b5f00NOTYPE<unknown>DEFAULT2
      $d.symtab0x1b6940NOTYPE<unknown>DEFAULT2
      $d.symtab0x1b7ec0NOTYPE<unknown>DEFAULT2
      $d.symtab0x201d80NOTYPE<unknown>DEFAULT13
      $d.symtab0x201d40NOTYPE<unknown>DEFAULT13
      $d.symtab0x1bd2c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1c0dc0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1c2180NOTYPE<unknown>DEFAULT2
      $d.symtab0x1c8b80NOTYPE<unknown>DEFAULT2
      $d.symtab0x1c9a40NOTYPE<unknown>DEFAULT2
      $d.symtab0x1cb280NOTYPE<unknown>DEFAULT2
      $d.symtab0x1cc1c0NOTYPE<unknown>DEFAULT2
      $d.symtab0x1cc840NOTYPE<unknown>DEFAULT2
      $d.symtab0x1ccf40NOTYPE<unknown>DEFAULT2
      $d.symtab0x1cf300NOTYPE<unknown>DEFAULT2
      $d.symtab0x1cf900NOTYPE<unknown>DEFAULT2
      $d.symtab0x1d0400NOTYPE<unknown>DEFAULT2
      $d.symtab0x1d1980NOTYPE<unknown>DEFAULT2
      $d.symtab0x1d2d00NOTYPE<unknown>DEFAULT2
      $d.symtab0x1d3a40NOTYPE<unknown>DEFAULT2
      $d.symtab0x1d4780NOTYPE<unknown>DEFAULT2
      $d.symtab0x1d7680NOTYPE<unknown>DEFAULT2
      $d.symtab0x1e1100NOTYPE<unknown>DEFAULT2
      $d.symtab0x580NOTYPE<unknown>DEFAULT21
      $d.symtab0x00NOTYPE<unknown>DEFAULT23
      $d.symtab0x23c0NOTYPE<unknown>DEFAULT21
      $d.symtab0xe390NOTYPE<unknown>DEFAULT23
      $d.symtab0x201cc0NOTYPE<unknown>DEFAULT13
      $d.symtab0x1f9c20NOTYPE<unknown>DEFAULT4
      C.11.5548.symtab0x1f9a012OBJECT<unknown>DEFAULT4
      C.43.5768.symtab0x1ed193OBJECT<unknown>DEFAULT4
      C.44.5769.symtab0x1ed109OBJECT<unknown>DEFAULT4
      C.5.5083.symtab0x1f91c24OBJECT<unknown>DEFAULT4
      C.7.5370.symtab0x1f9ac12OBJECT<unknown>DEFAULT4
      C.7.6109.symtab0x1fce812OBJECT<unknown>DEFAULT4
      C.7.6182.symtab0x1fcc412OBJECT<unknown>DEFAULT4
      C.8.6110.symtab0x1fcdc12OBJECT<unknown>DEFAULT4
      C.9.6119.symtab0x1fcd012OBJECT<unknown>DEFAULT4
      LOCAL_ADDR.symtab0x22dfc4OBJECT<unknown>DEFAULT14
      Laligned.symtab0x1c7980NOTYPE<unknown>DEFAULT2
      Llastword.symtab0x1c7b40NOTYPE<unknown>DEFAULT2
      _Exit.symtab0x1a440104FUNC<unknown>DEFAULT2
      _GLOBAL_OFFSET_TABLE_.symtab0x200100OBJECT<unknown>HIDDEN12
      _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      _Unwind_Complete.symtab0x1d51c4FUNC<unknown>HIDDEN2
      _Unwind_DeleteException.symtab0x1d52044FUNC<unknown>HIDDEN2
      _Unwind_ForcedUnwind.symtab0x1e1d036FUNC<unknown>HIDDEN2
      _Unwind_GetCFA.symtab0x1d5148FUNC<unknown>HIDDEN2
      _Unwind_GetDataRelBase.symtab0x1d55812FUNC<unknown>HIDDEN2
      _Unwind_GetLanguageSpecificData.symtab0x1e1f468FUNC<unknown>HIDDEN2
      _Unwind_GetRegionStart.symtab0x1e99452FUNC<unknown>HIDDEN2
      _Unwind_GetTextRelBase.symtab0x1d54c12FUNC<unknown>HIDDEN2
      _Unwind_RaiseException.symtab0x1e16436FUNC<unknown>HIDDEN2
      _Unwind_Resume.symtab0x1e18836FUNC<unknown>HIDDEN2
      _Unwind_Resume_or_Rethrow.symtab0x1e1ac36FUNC<unknown>HIDDEN2
      _Unwind_VRS_Get.symtab0x1d47c76FUNC<unknown>HIDDEN2
      _Unwind_VRS_Pop.symtab0x1da94324FUNC<unknown>HIDDEN2
      _Unwind_VRS_Set.symtab0x1d4c876FUNC<unknown>HIDDEN2
      _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      __C_ctype_b.symtab0x201cc4OBJECT<unknown>DEFAULT13
      __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      __C_ctype_b_data.symtab0x1f9c2768OBJECT<unknown>DEFAULT4
      __EH_FRAME_BEGIN__.symtab0x200000OBJECT<unknown>DEFAULT7
      __FRAME_END__.symtab0x200000OBJECT<unknown>DEFAULT7
      __GI___C_ctype_b.symtab0x201cc4OBJECT<unknown>HIDDEN13
      __GI___close.symtab0x199c0100FUNC<unknown>HIDDEN2
      __GI___close_nocancel.symtab0x199a424FUNC<unknown>HIDDEN2
      __GI___ctype_b.symtab0x201d04OBJECT<unknown>HIDDEN13
      __GI___errno_location.symtab0x166dc32FUNC<unknown>HIDDEN2
      __GI___fcntl_nocancel.symtab0x15da0152FUNC<unknown>HIDDEN2
      __GI___fgetc_unlocked.symtab0x1c0f4300FUNC<unknown>HIDDEN2
      __GI___libc_close.symtab0x199c0100FUNC<unknown>HIDDEN2
      __GI___libc_fcntl.symtab0x15e38244FUNC<unknown>HIDDEN2
      __GI___libc_open.symtab0x19a50100FUNC<unknown>HIDDEN2
      __GI___libc_read.symtab0x19b70100FUNC<unknown>HIDDEN2
      __GI___libc_write.symtab0x19ae0100FUNC<unknown>HIDDEN2
      __GI___open.symtab0x19a50100FUNC<unknown>HIDDEN2
      __GI___open_nocancel.symtab0x19a3424FUNC<unknown>HIDDEN2
      __GI___read.symtab0x19b70100FUNC<unknown>HIDDEN2
      __GI___read_nocancel.symtab0x19b5424FUNC<unknown>HIDDEN2
      __GI___sigaddset.symtab0x16f7c36FUNC<unknown>HIDDEN2
      __GI___sigdelset.symtab0x16fa036FUNC<unknown>HIDDEN2
      __GI___sigismember.symtab0x16f5836FUNC<unknown>HIDDEN2
      __GI___uClibc_fini.symtab0x19d88124FUNC<unknown>HIDDEN2
      __GI___uClibc_init.symtab0x19e5888FUNC<unknown>HIDDEN2
      __GI___write.symtab0x19ae0100FUNC<unknown>HIDDEN2
      __GI___write_nocancel.symtab0x19ac424FUNC<unknown>HIDDEN2
      __GI__exit.symtab0x1a440104FUNC<unknown>HIDDEN2
      __GI_abort.symtab0x18354296FUNC<unknown>HIDDEN2
      __GI_accept.symtab0x1685c116FUNC<unknown>HIDDEN2
      __GI_bind.symtab0x168d068FUNC<unknown>HIDDEN2
      __GI_brk.symtab0x1cff488FUNC<unknown>HIDDEN2
      __GI_close.symtab0x199c0100FUNC<unknown>HIDDEN2
      __GI_closedir.symtab0x162a0272FUNC<unknown>HIDDEN2
      __GI_config_close.symtab0x1adf852FUNC<unknown>HIDDEN2
      __GI_config_open.symtab0x1ae2c72FUNC<unknown>HIDDEN2
      __GI_config_read.symtab0x1aad0808FUNC<unknown>HIDDEN2
      __GI_connect.symtab0x16958116FUNC<unknown>HIDDEN2
      __GI_exit.symtab0x18aa0196FUNC<unknown>HIDDEN2
      __GI_fclose.symtab0x1ae74816FUNC<unknown>HIDDEN2
      __GI_fcntl.symtab0x15e38244FUNC<unknown>HIDDEN2
      __GI_fflush_unlocked.symtab0x1bd48940FUNC<unknown>HIDDEN2
      __GI_fgetc.symtab0x1b838324FUNC<unknown>HIDDEN2
      __GI_fgetc_unlocked.symtab0x1c0f4300FUNC<unknown>HIDDEN2
      __GI_fgets.symtab0x1b97c284FUNC<unknown>HIDDEN2
      __GI_fgets_unlocked.symtab0x1c220160FUNC<unknown>HIDDEN2
      __GI_fopen.symtab0x1b1a432FUNC<unknown>HIDDEN2
      __GI_fork.symtab0x192d4972FUNC<unknown>HIDDEN2
      __GI_fstat.symtab0x1a4a8100FUNC<unknown>HIDDEN2
      __GI_getc_unlocked.symtab0x1c0f4300FUNC<unknown>HIDDEN2
      __GI_getdtablesize.symtab0x1a5ac44FUNC<unknown>HIDDEN2
      __GI_getegid.symtab0x1a5d820FUNC<unknown>HIDDEN2
      __GI_geteuid.symtab0x1a5ec20FUNC<unknown>HIDDEN2
      __GI_getgid.symtab0x1a60020FUNC<unknown>HIDDEN2
      __GI_getpagesize.symtab0x1a61440FUNC<unknown>HIDDEN2
      __GI_getpid.symtab0x1973872FUNC<unknown>HIDDEN2
      __GI_getrlimit.symtab0x1a63c56FUNC<unknown>HIDDEN2
      __GI_getsockname.symtab0x169cc68FUNC<unknown>HIDDEN2
      __GI_gettimeofday.symtab0x1a67464FUNC<unknown>HIDDEN2
      __GI_getuid.symtab0x1a6b420FUNC<unknown>HIDDEN2
      __GI_inet_addr.symtab0x167f040FUNC<unknown>HIDDEN2
      __GI_inet_aton.symtab0x1cb2c248FUNC<unknown>HIDDEN2
      __GI_initstate_r.symtab0x188bc248FUNC<unknown>HIDDEN2
      __GI_ioctl.symtab0x15f40224FUNC<unknown>HIDDEN2
      __GI_isatty.symtab0x1ca8c36FUNC<unknown>HIDDEN2
      __GI_kill.symtab0x1602056FUNC<unknown>HIDDEN2
      __GI_listen.symtab0x16a5864FUNC<unknown>HIDDEN2
      __GI_lseek64.symtab0x1d40c112FUNC<unknown>HIDDEN2
      __GI_memcpy.symtab0x167304FUNC<unknown>HIDDEN2
      __GI_memmove.symtab0x167404FUNC<unknown>HIDDEN2
      __GI_mempcpy.symtab0x1d3a836FUNC<unknown>HIDDEN2
      __GI_memset.symtab0x16750156FUNC<unknown>HIDDEN2
      __GI_mmap.symtab0x1a29c124FUNC<unknown>HIDDEN2
      __GI_mremap.symtab0x1a6c868FUNC<unknown>HIDDEN2
      __GI_munmap.symtab0x1a70c64FUNC<unknown>HIDDEN2
      __GI_nanosleep.symtab0x1a78c96FUNC<unknown>HIDDEN2
      __GI_open.symtab0x19a50100FUNC<unknown>HIDDEN2
      __GI_opendir.symtab0x16480196FUNC<unknown>HIDDEN2
      __GI_raise.symtab0x19780240FUNC<unknown>HIDDEN2
      __GI_random.symtab0x18494164FUNC<unknown>HIDDEN2
      __GI_random_r.symtab0x18754144FUNC<unknown>HIDDEN2
      __GI_read.symtab0x19b70100FUNC<unknown>HIDDEN2
      __GI_readdir.symtab0x165f4232FUNC<unknown>HIDDEN2
      __GI_readdir64.symtab0x1a9e4236FUNC<unknown>HIDDEN2
      __GI_readlink.symtab0x1609c64FUNC<unknown>HIDDEN2
      __GI_recv.symtab0x16adc112FUNC<unknown>HIDDEN2
      __GI_recvfrom.symtab0x16b94136FUNC<unknown>HIDDEN2
      __GI_sbrk.symtab0x1a7ec108FUNC<unknown>HIDDEN2
      __GI_select.symtab0x16120132FUNC<unknown>HIDDEN2
      __GI_send.symtab0x16c60112FUNC<unknown>HIDDEN2
      __GI_sendto.symtab0x16d1c136FUNC<unknown>HIDDEN2
      __GI_setsid.symtab0x161a464FUNC<unknown>HIDDEN2
      __GI_setsockopt.symtab0x16da472FUNC<unknown>HIDDEN2
      __GI_setstate_r.symtab0x189b4236FUNC<unknown>HIDDEN2
      __GI_sigaction.symtab0x1a344136FUNC<unknown>HIDDEN2
      __GI_sigaddset.symtab0x16e3080FUNC<unknown>HIDDEN2
      __GI_sigemptyset.symtab0x16e8020FUNC<unknown>HIDDEN2
      __GI_signal.symtab0x16e94196FUNC<unknown>HIDDEN2
      __GI_sigprocmask.symtab0x161e4140FUNC<unknown>HIDDEN2
      __GI_sleep.symtab0x19870300FUNC<unknown>HIDDEN2
      __GI_socket.symtab0x16dec68FUNC<unknown>HIDDEN2
      __GI_srandom_r.symtab0x187e4216FUNC<unknown>HIDDEN2
      __GI_strchr.symtab0x1c7d0240FUNC<unknown>HIDDEN2
      __GI_strchrnul.symtab0x1c8c0236FUNC<unknown>HIDDEN2
      __GI_strcmp.symtab0x1c75028FUNC<unknown>HIDDEN2
      __GI_strcoll.symtab0x1c75028FUNC<unknown>HIDDEN2
      __GI_strcspn.symtab0x1c9ac68FUNC<unknown>HIDDEN2
      __GI_strlen.symtab0x1c77096FUNC<unknown>HIDDEN2
      __GI_strrchr.symtab0x1c9f080FUNC<unknown>HIDDEN2
      __GI_strspn.symtab0x1ca4076FUNC<unknown>HIDDEN2
      __GI_sysconf.symtab0x18cb01572FUNC<unknown>HIDDEN2
      __GI_tcgetattr.symtab0x1cab0124FUNC<unknown>HIDDEN2
      __GI_time.symtab0x1627048FUNC<unknown>HIDDEN2
      __GI_times.symtab0x1a85820FUNC<unknown>HIDDEN2
      __GI_write.symtab0x19ae0100FUNC<unknown>HIDDEN2
      __JCR_END__.symtab0x2000c0OBJECT<unknown>DEFAULT11
      __JCR_LIST__.symtab0x2000c0OBJECT<unknown>DEFAULT11
      ___Unwind_ForcedUnwind.symtab0x1e1d036FUNC<unknown>HIDDEN2
      ___Unwind_RaiseException.symtab0x1e16436FUNC<unknown>HIDDEN2
      ___Unwind_Resume.symtab0x1e18836FUNC<unknown>HIDDEN2
      ___Unwind_Resume_or_Rethrow.symtab0x1e1ac36FUNC<unknown>HIDDEN2
      __aeabi_idiv.symtab0x15c480FUNC<unknown>HIDDEN2
      __aeabi_idivmod.symtab0x15d7424FUNC<unknown>HIDDEN2
      __aeabi_read_tp.symtab0x1a3f08FUNC<unknown>DEFAULT2
      __aeabi_uidiv.symtab0x15b340FUNC<unknown>HIDDEN2
      __aeabi_uidivmod.symtab0x15c3024FUNC<unknown>HIDDEN2
      __aeabi_unwind_cpp_pr0.symtab0x1e1308FUNC<unknown>HIDDEN2
      __aeabi_unwind_cpp_pr1.symtab0x1e1288FUNC<unknown>HIDDEN2
      __aeabi_unwind_cpp_pr2.symtab0x1e1208FUNC<unknown>HIDDEN2
      __app_fini.symtab0x208944OBJECT<unknown>HIDDEN14
      __atexit_lock.symtab0x201a824OBJECT<unknown>DEFAULT13
      __bss_end__.symtab0x235a80NOTYPE<unknown>DEFAULTSHN_ABS
      __bss_start.symtab0x202bc0NOTYPE<unknown>DEFAULTSHN_ABS
      __bss_start__.symtab0x202bc0NOTYPE<unknown>DEFAULTSHN_ABS
      __check_one_fd.symtab0x19e0484FUNC<unknown>DEFAULT2
      __close.symtab0x199c0100FUNC<unknown>DEFAULT2
      __close_nocancel.symtab0x199a424FUNC<unknown>DEFAULT2
      __ctype_b.symtab0x201d04OBJECT<unknown>DEFAULT13
      __curbrk.symtab0x22df84OBJECT<unknown>HIDDEN14
      __cxa_begin_cleanup.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __cxa_call_unexpected.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __cxa_type_match.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __data_start.symtab0x200b80NOTYPE<unknown>DEFAULT13
      __default_rt_sa_restorer.symtab0x1a3e40FUNC<unknown>DEFAULT2
      __default_sa_restorer.symtab0x1a3d80FUNC<unknown>DEFAULT2
      __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __div0.symtab0x15d8c20FUNC<unknown>HIDDEN2
      __divsi3.symtab0x15c48300FUNC<unknown>HIDDEN2
      __do_global_dtors_aux.symtab0x80f00FUNC<unknown>DEFAULT2
      __do_global_dtors_aux_fini_array_entry.symtab0x200080OBJECT<unknown>DEFAULT10
      __end__.symtab0x235a80NOTYPE<unknown>DEFAULTSHN_ABS
      __environ.symtab0x2088c4OBJECT<unknown>DEFAULT14
      __errno_location.symtab0x166dc32FUNC<unknown>DEFAULT2
      __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      __exidx_end.symtab0x1fe240NOTYPE<unknown>DEFAULTSHN_ABS
      __exidx_start.symtab0x1fd0c0NOTYPE<unknown>DEFAULTSHN_ABS
      __exit_cleanup.symtab0x2033c4OBJECT<unknown>HIDDEN14
      __fcntl_nocancel.symtab0x15da0152FUNC<unknown>DEFAULT2
      __fgetc_unlocked.symtab0x1c0f4300FUNC<unknown>DEFAULT2
      __fini_array_end.symtab0x2000c0NOTYPE<unknown>HIDDEN10
      __fini_array_start.symtab0x200080NOTYPE<unknown>HIDDEN10
      __fork.symtab0x192d4972FUNC<unknown>DEFAULT2
      __fork_generation_pointer.symtab0x235744OBJECT<unknown>HIDDEN14
      __fork_handlers.symtab0x235784OBJECT<unknown>HIDDEN14
      __fork_lock.symtab0x203404OBJECT<unknown>HIDDEN14
      __frame_dummy_init_array_entry.symtab0x200040OBJECT<unknown>DEFAULT9
      __getdents.symtab0x1a50c160FUNC<unknown>HIDDEN2
      __getdents64.symtab0x1d058328FUNC<unknown>HIDDEN2
      __getpagesize.symtab0x1a61440FUNC<unknown>DEFAULT2
      __getpid.symtab0x1973872FUNC<unknown>DEFAULT2
      __gnu_Unwind_Find_exidx.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __gnu_Unwind_ForcedUnwind.symtab0x1d8d428FUNC<unknown>HIDDEN2
      __gnu_Unwind_RaiseException.symtab0x1d9bc184FUNC<unknown>HIDDEN2
      __gnu_Unwind_Restore_VFP.symtab0x1e1540FUNC<unknown>HIDDEN2
      __gnu_Unwind_Resume.symtab0x1d950108FUNC<unknown>HIDDEN2
      __gnu_Unwind_Resume_or_Rethrow.symtab0x1da7432FUNC<unknown>HIDDEN2
      __gnu_Unwind_Save_VFP.symtab0x1e15c0FUNC<unknown>HIDDEN2
      __gnu_unwind_execute.symtab0x1e2381812FUNC<unknown>HIDDEN2
      __gnu_unwind_frame.symtab0x1e94c72FUNC<unknown>HIDDEN2
      __gnu_unwind_pr_common.symtab0x1dbd81352FUNC<unknown>DEFAULT2
      __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __init_array_end.symtab0x200080NOTYPE<unknown>HIDDEN9
      __init_array_start.symtab0x200040NOTYPE<unknown>HIDDEN9
      __libc_accept.symtab0x1685c116FUNC<unknown>DEFAULT2
      __libc_close.symtab0x199c0100FUNC<unknown>DEFAULT2
      __libc_connect.symtab0x16958116FUNC<unknown>DEFAULT2
      __libc_disable_asynccancel.symtab0x19be0136FUNC<unknown>HIDDEN2
      __libc_enable_asynccancel.symtab0x19c68220FUNC<unknown>HIDDEN2
      __libc_errno.symtab0x04TLS<unknown>HIDDEN8
      __libc_fcntl.symtab0x15e38244FUNC<unknown>DEFAULT2
      __libc_fork.symtab0x192d4972FUNC<unknown>DEFAULT2
      __libc_h_errno.symtab0x44TLS<unknown>HIDDEN8
      __libc_multiple_threads.symtab0x2357c4OBJECT<unknown>HIDDEN14
      __libc_nanosleep.symtab0x1a78c96FUNC<unknown>DEFAULT2
      __libc_open.symtab0x19a50100FUNC<unknown>DEFAULT2
      __libc_read.symtab0x19b70100FUNC<unknown>DEFAULT2
      __libc_recv.symtab0x16adc112FUNC<unknown>DEFAULT2
      __libc_recvfrom.symtab0x16b94136FUNC<unknown>DEFAULT2
      __libc_select.symtab0x16120132FUNC<unknown>DEFAULT2
      __libc_send.symtab0x16c60112FUNC<unknown>DEFAULT2
      __libc_sendto.symtab0x16d1c136FUNC<unknown>DEFAULT2
      __libc_setup_tls.symtab0x1cd28560FUNC<unknown>DEFAULT2
      __libc_sigaction.symtab0x1a344136FUNC<unknown>DEFAULT2
      __libc_stack_end.symtab0x208884OBJECT<unknown>DEFAULT14
      __libc_write.symtab0x19ae0100FUNC<unknown>DEFAULT2
      __lll_lock_wait_private.symtab0x196a0152FUNC<unknown>HIDDEN2
      __malloc_consolidate.symtab0x17f24436FUNC<unknown>HIDDEN2
      __malloc_largebin_index.symtab0x16fc4120FUNC<unknown>DEFAULT2
      __malloc_lock.symtab0x200cc24OBJECT<unknown>DEFAULT13
      __malloc_state.symtab0x231fc888OBJECT<unknown>DEFAULT14
      __malloc_trim.symtab0x17e74176FUNC<unknown>DEFAULT2
      __nptl_deallocate_tsd.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __open.symtab0x19a50100FUNC<unknown>DEFAULT2
      __open_nocancel.symtab0x19a3424FUNC<unknown>DEFAULT2
      __pagesize.symtab0x208904OBJECT<unknown>DEFAULT14
      __preinit_array_end.symtab0x200040NOTYPE<unknown>HIDDEN8
      __preinit_array_start.symtab0x200040NOTYPE<unknown>HIDDEN8
      __progname.symtab0x201c44OBJECT<unknown>DEFAULT13
      __progname_full.symtab0x201c84OBJECT<unknown>DEFAULT13
      __pthread_initialize_minimal.symtab0x1cf5812FUNC<unknown>DEFAULT2
      __pthread_mutex_init.symtab0x19d4c8FUNC<unknown>DEFAULT2
      __pthread_mutex_lock.symtab0x19d448FUNC<unknown>DEFAULT2
      __pthread_mutex_trylock.symtab0x19d448FUNC<unknown>DEFAULT2
      __pthread_mutex_unlock.symtab0x19d448FUNC<unknown>DEFAULT2
      __pthread_return_0.symtab0x19d448FUNC<unknown>DEFAULT2
      __pthread_unwind.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __read.symtab0x19b70100FUNC<unknown>DEFAULT2
      __read_nocancel.symtab0x19b5424FUNC<unknown>DEFAULT2
      __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
      __restore_core_regs.symtab0x1e13828FUNC<unknown>HIDDEN2
      __rtld_fini.symtab0x208984OBJECT<unknown>HIDDEN14
      __sigaddset.symtab0x16f7c36FUNC<unknown>DEFAULT2
      __sigdelset.symtab0x16fa036FUNC<unknown>DEFAULT2
      __sigismember.symtab0x16f5836FUNC<unknown>DEFAULT2
      __sigjmp_save.symtab0x1d3cc64FUNC<unknown>HIDDEN2
      __sigsetjmp.symtab0x1d04c12FUNC<unknown>DEFAULT2
      __stdin.symtab0x201e44OBJECT<unknown>DEFAULT13
      __stdio_READ.symtab0x1d1a088FUNC<unknown>HIDDEN2
      __stdio_WRITE.symtab0x1d1f8220FUNC<unknown>HIDDEN2
      __stdio_rfill.symtab0x1d2d448FUNC<unknown>HIDDEN2
      __stdio_trans2r_o.symtab0x1d304164FUNC<unknown>HIDDEN2
      __stdio_wcommit.symtab0x1b80848FUNC<unknown>HIDDEN2
      __stdout.symtab0x201e84OBJECT<unknown>DEFAULT13
      __sys_accept.symtab0x1681868FUNC<unknown>DEFAULT2
      __sys_connect.symtab0x1691468FUNC<unknown>DEFAULT2
      __sys_recv.symtab0x16a9868FUNC<unknown>DEFAULT2
      __sys_recvfrom.symtab0x16b4c72FUNC<unknown>DEFAULT2
      __sys_send.symtab0x16c1c68FUNC<unknown>DEFAULT2
      __sys_sendto.symtab0x16cd076FUNC<unknown>DEFAULT2
      __syscall_error.symtab0x1a31844FUNC<unknown>HIDDEN2
      __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      __syscall_nanosleep.symtab0x1a74c64FUNC<unknown>DEFAULT2
      __syscall_rt_sigaction.symtab0x1a40064FUNC<unknown>DEFAULT2
      __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      __syscall_select.symtab0x160dc68FUNC<unknown>DEFAULT2
      __tls_get_addr.symtab0x1cd0436FUNC<unknown>DEFAULT2
      __uClibc_fini.symtab0x19d88124FUNC<unknown>DEFAULT2
      __uClibc_init.symtab0x19e5888FUNC<unknown>DEFAULT2
      __uClibc_main.symtab0x19eb01004FUNC<unknown>DEFAULT2
      __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      __uclibc_progname.symtab0x201c04OBJECT<unknown>HIDDEN13
      __udivsi3.symtab0x15b34252FUNC<unknown>HIDDEN2
      __write.symtab0x19ae0100FUNC<unknown>DEFAULT2
      __write_nocancel.symtab0x19ac424FUNC<unknown>DEFAULT2
      __xstat32_conv.symtab0x1a938172FUNC<unknown>HIDDEN2
      __xstat64_conv.symtab0x1a86c204FUNC<unknown>HIDDEN2
      _bss_end__.symtab0x235a80NOTYPE<unknown>DEFAULTSHN_ABS
      _dl_aux_init.symtab0x1cf6456FUNC<unknown>DEFAULT2
      _dl_nothread_init_static_tls.symtab0x1cf9c88FUNC<unknown>HIDDEN2
      _dl_phdr.symtab0x235a04OBJECT<unknown>DEFAULT14
      _dl_phnum.symtab0x235a44OBJECT<unknown>DEFAULT14
      _dl_tls_dtv_gaps.symtab0x235941OBJECT<unknown>DEFAULT14
      _dl_tls_dtv_slotinfo_list.symtab0x235904OBJECT<unknown>DEFAULT14
      _dl_tls_generation.symtab0x235984OBJECT<unknown>DEFAULT14
      _dl_tls_max_dtv_idx.symtab0x235884OBJECT<unknown>DEFAULT14
      _dl_tls_setup.symtab0x1cc9c104FUNC<unknown>DEFAULT2
      _dl_tls_static_align.symtab0x235844OBJECT<unknown>DEFAULT14
      _dl_tls_static_nelem.symtab0x2359c4OBJECT<unknown>DEFAULT14
      _dl_tls_static_size.symtab0x2358c4OBJECT<unknown>DEFAULT14
      _dl_tls_static_used.symtab0x235804OBJECT<unknown>DEFAULT14
      _edata.symtab0x202bc0NOTYPE<unknown>DEFAULTSHN_ABS
      _end.symtab0x235a80NOTYPE<unknown>DEFAULTSHN_ABS
      _exit.symtab0x1a440104FUNC<unknown>DEFAULT2
      _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      _fini.symtab0x1e9c80FUNC<unknown>DEFAULT3
      _fixed_buffers.symtab0x208bc8192OBJECT<unknown>DEFAULT14
      _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      _init.symtab0x80d40FUNC<unknown>DEFAULT1
      _memcpy.symtab0x1c2c00FUNC<unknown>HIDDEN2
      _pthread_cleanup_pop_restore.symtab0x19d5c44FUNC<unknown>DEFAULT2
      _pthread_cleanup_push_defer.symtab0x19d548FUNC<unknown>DEFAULT2
      _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      _setjmp.symtab0x1a3cc8FUNC<unknown>DEFAULT2
      _sigintr.symtab0x231f48OBJECT<unknown>HIDDEN14
      _start.symtab0x81940FUNC<unknown>DEFAULT2
      _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      _stdio_fopen.symtab0x1b1c41120FUNC<unknown>HIDDEN2
      _stdio_init.symtab0x1b624128FUNC<unknown>HIDDEN2
      _stdio_openlist.symtab0x201ec4OBJECT<unknown>DEFAULT13
      _stdio_openlist_add_lock.symtab0x2089c12OBJECT<unknown>DEFAULT14
      _stdio_openlist_dec_use.symtab0x1ba98688FUNC<unknown>HIDDEN2
      _stdio_openlist_del_count.symtab0x208b84OBJECT<unknown>DEFAULT14
      _stdio_openlist_del_lock.symtab0x208a812OBJECT<unknown>DEFAULT14
      _stdio_openlist_use_count.symtab0x208b44OBJECT<unknown>DEFAULT14
      _stdio_streams.symtab0x201f0204OBJECT<unknown>DEFAULT13
      _stdio_term.symtab0x1b6a4356FUNC<unknown>HIDDEN2
      _stdio_user_locking.symtab0x201d44OBJECT<unknown>DEFAULT13
      _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      abort.symtab0x18354296FUNC<unknown>DEFAULT2
      abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      accept.symtab0x1685c116FUNC<unknown>DEFAULT2
      accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      add_auth_entry.symtab0x10c14352FUNC<unknown>DEFAULT2
      anti_gdb_entry.symtab0xfc3024FUNC<unknown>DEFAULT2
      attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      attack_app.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      attack_get_opt_int.symtab0xa5d0112FUNC<unknown>DEFAULT2
      attack_get_opt_ip.symtab0xa564108FUNC<unknown>DEFAULT2
      attack_get_opt_str.symtab0xa1f092FUNC<unknown>DEFAULT2
      attack_gre.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      attack_gre_eth.symtab0xa9d41684FUNC<unknown>DEFAULT2
      attack_gre_ip.symtab0xb0681564FUNC<unknown>DEFAULT2
      attack_init.symtab0xa640916FUNC<unknown>DEFAULT2
      attack_method_http.symtab0x81d08224FUNC<unknown>DEFAULT2
      attack_parse.symtab0xa348540FUNC<unknown>DEFAULT2
      attack_start.symtab0xa24c252FUNC<unknown>DEFAULT2
      attack_tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      attack_tcp_ack.symtab0xb6841784FUNC<unknown>DEFAULT2
      attack_tcp_syn.symtab0xbd7c1708FUNC<unknown>DEFAULT2
      attack_udp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      attack_udp_dns.symtab0xcfec1728FUNC<unknown>DEFAULT2
      attack_udp_generic.symtab0xc6c81260FUNC<unknown>DEFAULT2
      attack_udp_ovhhex.symtab0xd6ac1716FUNC<unknown>DEFAULT2
      attack_udp_plain.symtab0xc428672FUNC<unknown>DEFAULT2
      attack_udp_stdhex.symtab0xdd60680FUNC<unknown>DEFAULT2
      attack_udp_vse.symtab0xcbb41080FUNC<unknown>DEFAULT2
      auth_table.symtab0x2032c4OBJECT<unknown>DEFAULT14
      auth_table_len.symtab0x203004OBJECT<unknown>DEFAULT14
      auth_table_max_weight.symtab0x203302OBJECT<unknown>DEFAULT14
      been_there_done_that.symtab0x203384OBJECT<unknown>DEFAULT14
      bind.symtab0x168d068FUNC<unknown>DEFAULT2
      bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      brk.symtab0x1cff488FUNC<unknown>DEFAULT2
      brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      bsd_signal.symtab0x16e94196FUNC<unknown>DEFAULT2
      calloc.symtab0x17974320FUNC<unknown>DEFAULT2
      calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      checksum_generic.symtab0xe00880FUNC<unknown>DEFAULT2
      checksum_tcpudp.symtab0xe058164FUNC<unknown>DEFAULT2
      clock.symtab0x166fc52FUNC<unknown>DEFAULT2
      clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      close.symtab0x199c0100FUNC<unknown>DEFAULT2
      closedir.symtab0x162a0272FUNC<unknown>DEFAULT2
      closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      completed.5105.symtab0x202bc1OBJECT<unknown>DEFAULT14
      conn_table.symtab0x22e144OBJECT<unknown>DEFAULT14
      connect.symtab0x16958116FUNC<unknown>DEFAULT2
      connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      ensure_single_instance.symtab0xfc48428FUNC<unknown>DEFAULT2
      environ.symtab0x2088c4OBJECT<unknown>DEFAULT14
      errno.symtab0x04TLS<unknown>DEFAULT8
      errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      exit.symtab0x18aa0196FUNC<unknown>DEFAULT2
      exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fake_time.symtab0x203344OBJECT<unknown>DEFAULT14
      fclose.symtab0x1ae74816FUNC<unknown>DEFAULT2
      fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fcntl.symtab0x15e38244FUNC<unknown>DEFAULT2
      fd_ctrl.symtab0x200b84OBJECT<unknown>DEFAULT13
      fd_serv.symtab0x200bc4OBJECT<unknown>DEFAULT13
      fd_to_DIR.symtab0x163b0208FUNC<unknown>DEFAULT2
      fdopendir.symtab0x16544176FUNC<unknown>DEFAULT2
      fflush_unlocked.symtab0x1bd48940FUNC<unknown>DEFAULT2
      fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fgetc.symtab0x1b838324FUNC<unknown>DEFAULT2
      fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fgetc_unlocked.symtab0x1c0f4300FUNC<unknown>DEFAULT2
      fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fgets.symtab0x1b97c284FUNC<unknown>DEFAULT2
      fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fgets_unlocked.symtab0x1c220160FUNC<unknown>DEFAULT2
      fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fopen.symtab0x1b1a432FUNC<unknown>DEFAULT2
      fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fork.symtab0x192d4972FUNC<unknown>DEFAULT2
      fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fork_handler_pool.symtab0x203441348OBJECT<unknown>DEFAULT14
      frame_dummy.symtab0x81340FUNC<unknown>DEFAULT2
      free.symtab0x180d8572FUNC<unknown>DEFAULT2
      free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      fstat.symtab0x1a4a8100FUNC<unknown>DEFAULT2
      fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      get_eit_entry.symtab0x1d564544FUNC<unknown>DEFAULT2
      getc.symtab0x1b838324FUNC<unknown>DEFAULT2
      getc_unlocked.symtab0x1c0f4300FUNC<unknown>DEFAULT2
      getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getdtablesize.symtab0x1a5ac44FUNC<unknown>DEFAULT2
      getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getegid.symtab0x1a5d820FUNC<unknown>DEFAULT2
      getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      geteuid.symtab0x1a5ec20FUNC<unknown>DEFAULT2
      geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getgid.symtab0x1a60020FUNC<unknown>DEFAULT2
      getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getpagesize.symtab0x1a61440FUNC<unknown>DEFAULT2
      getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getpid.symtab0x1973872FUNC<unknown>DEFAULT2
      getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getppid.symtab0x15f2c20FUNC<unknown>DEFAULT2
      getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getrlimit.symtab0x1a63c56FUNC<unknown>DEFAULT2
      getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getsockname.symtab0x169cc68FUNC<unknown>DEFAULT2
      getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getsockopt.symtab0x16a1072FUNC<unknown>DEFAULT2
      getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      gettimeofday.symtab0x1a67464FUNC<unknown>DEFAULT2
      gettimeofday.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      getuid.symtab0x1a6b420FUNC<unknown>DEFAULT2
      getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      h_errno.symtab0x44TLS<unknown>DEFAULT8
      index.symtab0x1c7d0240FUNC<unknown>DEFAULT2
      inet_addr.symtab0x167f040FUNC<unknown>DEFAULT2
      inet_aton.symtab0x1cb2c248FUNC<unknown>DEFAULT2
      inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      init_static_tls.symtab0x1cc24120FUNC<unknown>DEFAULT2
      initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      initstate.symtab0x185f0192FUNC<unknown>DEFAULT2
      initstate_r.symtab0x188bc248FUNC<unknown>DEFAULT2
      ioctl.symtab0x15f40224FUNC<unknown>DEFAULT2
      ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      ioctl_keepalive.symtab0xfe3c608FUNC<unknown>DEFAULT2
      ioctl_pid.symtab0x202e84OBJECT<unknown>DEFAULT14
      isatty.symtab0x1ca8c36FUNC<unknown>DEFAULT2
      isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      kill.symtab0x1602056FUNC<unknown>DEFAULT2
      kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      killer.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      killer_init.symtab0xe6a05520FUNC<unknown>DEFAULT2
      killer_kill.symtab0xe0fc40FUNC<unknown>DEFAULT2
      killer_kill_by_port.symtab0xe1241404FUNC<unknown>DEFAULT2
      killer_pid.symtab0x202e04OBJECT<unknown>DEFAULT14
      killer_realpath.symtab0x22e004OBJECT<unknown>DEFAULT14
      killer_realpath_len.symtab0x202e44OBJECT<unknown>DEFAULT14
      libc-cancellation.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      libc-lowlevellock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      libc-tls.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      libc_multiple_threads.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      listen.symtab0x16a5864FUNC<unknown>DEFAULT2
      listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      local_bind.4764.symtab0x200c41OBJECT<unknown>DEFAULT13
      lseek64.symtab0x1d40c112FUNC<unknown>DEFAULT2
      main.symtab0x1009c1964FUNC<unknown>DEFAULT2
      main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      malloc.symtab0x1703c2360FUNC<unknown>DEFAULT2
      malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      malloc_trim.symtab0x1831464FUNC<unknown>DEFAULT2
      memcpy.symtab0x167304FUNC<unknown>DEFAULT2
      memmove.symtab0x167404FUNC<unknown>DEFAULT2
      mempcpy.symtab0x1d3a836FUNC<unknown>DEFAULT2
      mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      memset.symtab0x16750156FUNC<unknown>DEFAULT2
      methods.symtab0x202dc4OBJECT<unknown>DEFAULT14
      methods_len.symtab0x202d81OBJECT<unknown>DEFAULT14
      mmap.symtab0x1a29c124FUNC<unknown>DEFAULT2
      mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      mremap.symtab0x1a6c868FUNC<unknown>DEFAULT2
      mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      munmap.symtab0x1a70c64FUNC<unknown>DEFAULT2
      munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      mylock.symtab0x200e424OBJECT<unknown>DEFAULT13
      mylock.symtab0x200fc24OBJECT<unknown>DEFAULT13
      nanosleep.symtab0x1a78c96FUNC<unknown>DEFAULT2
      nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      nprocessors_onln.symtab0x18b64332FUNC<unknown>DEFAULT2
      object.5113.symtab0x202c024OBJECT<unknown>DEFAULT14
      open.symtab0x19a50100FUNC<unknown>DEFAULT2
      opendir.symtab0x16480196FUNC<unknown>DEFAULT2
      opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      pending_connection.symtab0x202ec1OBJECT<unknown>DEFAULT14
      pr-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      prctl.symtab0x1605868FUNC<unknown>DEFAULT2
      prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      program_invocation_name.symtab0x201c84OBJECT<unknown>DEFAULT13
      program_invocation_short_name.symtab0x201c44OBJECT<unknown>DEFAULT13
      raise.symtab0x19780240FUNC<unknown>DEFAULT2
      raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      rand.symtab0x1847c24FUNC<unknown>DEFAULT2
      rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      rand_alpha_str.symtab0x1090c316FUNC<unknown>DEFAULT2
      rand_init.symtab0x108a4104FUNC<unknown>DEFAULT2
      rand_next.symtab0x1084892FUNC<unknown>DEFAULT2
      rand_str.symtab0x10a48220FUNC<unknown>DEFAULT2
      random.symtab0x18494164FUNC<unknown>DEFAULT2
      random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      random_poly_info.symtab0x1f93440OBJECT<unknown>DEFAULT4
      random_r.symtab0x18754144FUNC<unknown>DEFAULT2
      random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      randtbl.symtab0x20114128OBJECT<unknown>DEFAULT13
      read.symtab0x19b70100FUNC<unknown>DEFAULT2
      readdir.symtab0x165f4232FUNC<unknown>DEFAULT2
      readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      readdir64.symtab0x1a9e4236FUNC<unknown>DEFAULT2
      readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      readlink.symtab0x1609c64FUNC<unknown>DEFAULT2
      readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      realloc.symtab0x17ab4960FUNC<unknown>DEFAULT2
      realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      recv.symtab0x16adc112FUNC<unknown>DEFAULT2
      recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      recvfrom.symtab0x16b94136FUNC<unknown>DEFAULT2
      recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      register-atfork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      resolve_cnc_addr.symtab0xfdf472FUNC<unknown>DEFAULT2
      resolve_func.symtab0x200c04OBJECT<unknown>DEFAULT13
      restore_core_regs.symtab0x1e13828FUNC<unknown>HIDDEN2
      rindex.symtab0x1c9f080FUNC<unknown>DEFAULT2
      rsck.symtab0x22e184OBJECT<unknown>DEFAULT14
      rsck_out.symtab0x22e204OBJECT<unknown>DEFAULT14
      sbrk.symtab0x1a7ec108FUNC<unknown>DEFAULT2
      sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      scanner.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      scanner_init.symtab0x10d7413452FUNC<unknown>DEFAULT2
      scanner_kill.symtab0x10b2440FUNC<unknown>DEFAULT2
      scanner_pid.symtab0x22e1c4OBJECT<unknown>DEFAULT14
      scanner_rawpkt.symtab0x2030440OBJECT<unknown>DEFAULT14
      select.symtab0x16120132FUNC<unknown>DEFAULT2
      select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      send.symtab0x16c60112FUNC<unknown>DEFAULT2
      send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      sendto.symtab0x16d1c136FUNC<unknown>DEFAULT2
      sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
      No network behavior found

      System Behavior

      Start time:11:59:18
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:/tmp/1isequal9.arm7
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      Start time:11:59:18
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      Start time:11:59:18
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      Start time:11:59:18
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      Start time:11:59:18
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      Start time:11:59:18
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:12:00:37
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      Start time:12:00:37
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      Start time:12:00:45
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      Start time:12:00:45
      Start date:14/05/2022
      Path:/tmp/1isequal9.arm7
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      Start time:11:59:25
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:25
      Start date:14/05/2022
      Path:/usr/bin/journalctl
      Arguments:/usr/bin/journalctl --smart-relinquish-var
      File size:80120 bytes
      MD5 hash:bf3a987344f3bacafc44efd882abda8b

      Start time:11:59:26
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:26
      Start date:14/05/2022
      Path:/lib/systemd/systemd-journald
      Arguments:/lib/systemd/systemd-journald
      File size:162032 bytes
      MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

      Start time:11:59:29
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:29
      Start date:14/05/2022
      Path:/usr/bin/journalctl
      Arguments:/usr/bin/journalctl --flush
      File size:80120 bytes
      MD5 hash:bf3a987344f3bacafc44efd882abda8b

      Start time:11:59:45
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:45
      Start date:14/05/2022
      Path:/usr/bin/dbus-daemon
      Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Start time:11:59:45
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:45
      Start date:14/05/2022
      Path:/usr/bin/whoopsie
      Arguments:/usr/bin/whoopsie -f
      File size:68592 bytes
      MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

      Start time:11:59:45
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:45
      Start date:14/05/2022
      Path:/usr/bin/pulseaudio
      Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
      File size:100832 bytes
      MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

      Start time:11:59:47
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:47
      Start date:14/05/2022
      Path:/usr/libexec/rtkit-daemon
      Arguments:/usr/libexec/rtkit-daemon
      File size:68096 bytes
      MD5 hash:df0cacf1db4ec95ac70f5b6e06b8ffd7

      Start time:11:59:47
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:47
      Start date:14/05/2022
      Path:/lib/systemd/systemd-logind
      Arguments:/lib/systemd/systemd-logind
      File size:268576 bytes
      MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

      Start time:11:59:47
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:47
      Start date:14/05/2022
      Path:/usr/lib/policykit-1/polkitd
      Arguments:/usr/lib/policykit-1/polkitd --no-debug
      File size:121504 bytes
      MD5 hash:8efc9b4b5b524210ad2ea1954a9d0e69

      Start time:11:59:49
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:49
      Start date:14/05/2022
      Path:/usr/sbin/rsyslogd
      Arguments:/usr/sbin/rsyslogd -n -iNONE
      File size:727248 bytes
      MD5 hash:0b8087fc907c42eb3c81a691db258e33

      Start time:11:59:50
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:50
      Start date:14/05/2022
      Path:/sbin/agetty
      Arguments:/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
      File size:69000 bytes
      MD5 hash:3a374724ba7e863768139bdd60ca36f7

      Start time:11:59:50
      Start date:14/05/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Start time:11:59:50
      Start date:14/05/2022
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:50
      Start date:14/05/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Start time:11:59:50
      Start date:14/05/2022
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:50
      Start date:14/05/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Start time:11:59:50
      Start date:14/05/2022
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:52
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:52
      Start date:14/05/2022
      Path:/usr/bin/gpu-manager
      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Start time:11:59:53
      Start date:14/05/2022
      Path:/usr/bin/gpu-manager
      Arguments:n/a
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Start time:11:59:53
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:53
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:53
      Start date:14/05/2022
      Path:/usr/bin/grep
      Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

      Start time:11:59:53
      Start date:14/05/2022
      Path:/usr/bin/gpu-manager
      Arguments:n/a
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Start time:11:59:53
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:53
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:53
      Start date:14/05/2022
      Path:/usr/bin/grep
      Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

      Start time:11:59:54
      Start date:14/05/2022
      Path:/usr/bin/gpu-manager
      Arguments:n/a
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Start time:11:59:54
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:54
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:54
      Start date:14/05/2022
      Path:/usr/bin/grep
      Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

      Start time:11:59:55
      Start date:14/05/2022
      Path:/usr/bin/gpu-manager
      Arguments:n/a
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Start time:11:59:55
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:55
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:55
      Start date:14/05/2022
      Path:/usr/bin/grep
      Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

      Start time:11:59:55
      Start date:14/05/2022
      Path:/usr/bin/gpu-manager
      Arguments:n/a
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Start time:11:59:55
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:55
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:55
      Start date:14/05/2022
      Path:/usr/bin/grep
      Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

      Start time:11:59:56
      Start date:14/05/2022
      Path:/usr/bin/gpu-manager
      Arguments:n/a
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Start time:11:59:56
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:56
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:56
      Start date:14/05/2022
      Path:/usr/bin/grep
      Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

      Start time:11:59:57
      Start date:14/05/2022
      Path:/usr/bin/gpu-manager
      Arguments:n/a
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Start time:11:59:57
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:57
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:57
      Start date:14/05/2022
      Path:/usr/bin/grep
      Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

      Start time:11:59:57
      Start date:14/05/2022
      Path:/usr/bin/gpu-manager
      Arguments:n/a
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Start time:11:59:57
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:57
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:57
      Start date:14/05/2022
      Path:/usr/bin/grep
      Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

      Start time:11:59:59
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:11:59:59
      Start date:14/05/2022
      Path:/usr/share/gdm/generate-config
      Arguments:/usr/share/gdm/generate-config
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:59
      Start date:14/05/2022
      Path:/usr/share/gdm/generate-config
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:11:59:59
      Start date:14/05/2022
      Path:/usr/bin/pkill
      Arguments:pkill --signal HUP --uid gdm dconf-service
      File size:30968 bytes
      MD5 hash:fa96a75a08109d8842e4865b2907d51f

      Start time:12:00:03
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:12:00:03
      Start date:14/05/2022
      Path:/usr/lib/gdm3/gdm-wait-for-drm
      Arguments:/usr/lib/gdm3/gdm-wait-for-drm
      File size:14640 bytes
      MD5 hash:82043ba752c6930b4e6aaea2f7747545

      Start time:12:00:13
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:12:00:13
      Start date:14/05/2022
      Path:/usr/sbin/gdm3
      Arguments:/usr/sbin/gdm3
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Start time:12:00:13
      Start date:14/05/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Start time:12:00:13
      Start date:14/05/2022
      Path:/usr/bin/plymouth
      Arguments:plymouth --ping
      File size:51352 bytes
      MD5 hash:87003efd8dad470042f5e75360a8f49f

      Start time:12:00:16
      Start date:14/05/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Start time:12:00:16
      Start date:14/05/2022
      Path:/usr/lib/gdm3/gdm-session-worker
      Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
      File size:293360 bytes
      MD5 hash:692243754bd9f38fe9bd7e230b5c060a

      Start time:12:00:19
      Start date:14/05/2022
      Path:/usr/lib/gdm3/gdm-session-worker
      Arguments:n/a
      File size:293360 bytes
      MD5 hash:692243754bd9f38fe9bd7e230b5c060a

      Start time:12:00:19
      Start date:14/05/2022
      Path:/usr/lib/gdm3/gdm-wayland-session
      Arguments:/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      File size:76368 bytes
      MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

      Start time:12:00:19
      Start date:14/05/2022
      Path:/usr/lib/gdm3/gdm-wayland-session
      Arguments:n/a
      File size:76368 bytes
      MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

      Start time:12:00:19
      Start date:14/05/2022
      Path:/usr/bin/dbus-daemon
      Arguments:dbus-daemon --print-address 3 --session
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Start time:12:00:20
      Start date:14/05/2022
      Path:/usr/bin/dbus-daemon
      Arguments:n/a
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Start time:12:00:20
      Start date:14/05/2022
      Path:/usr/bin/dbus-daemon
      Arguments:n/a
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Start time:12:00:20
      Start date:14/05/2022
      Path:/bin/false
      Arguments:/bin/false
      File size:39256 bytes
      MD5 hash:3177546c74e4f0062909eae43d948bfc

      Start time:12:00:20
      Start date:14/05/2022
      Path:/usr/lib/gdm3/gdm-wayland-session
      Arguments:n/a
      File size:76368 bytes
      MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

      Start time:12:00:20
      Start date:14/05/2022
      Path:/usr/bin/dbus-run-session
      Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
      File size:14480 bytes
      MD5 hash:245f3ef6a268850b33b0225a8753b7f4

      Start time:12:00:20
      Start date:14/05/2022
      Path:/usr/bin/dbus-run-session
      Arguments:n/a
      File size:14480 bytes
      MD5 hash:245f3ef6a268850b33b0225a8753b7f4

      Start time:12:00:20
      Start date:14/05/2022
      Path:/usr/bin/dbus-daemon
      Arguments:dbus-daemon --nofork --print-address 4 --session
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Start time:12:00:21
      Start date:14/05/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Start time:12:00:21
      Start date:14/05/2022
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:12:00:21
      Start date:14/05/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Start time:12:00:21
      Start date:14/05/2022
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:12:00:13
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:12:00:13
      Start date:14/05/2022
      Path:/usr/lib/accountsservice/accounts-daemon
      Arguments:/usr/lib/accountsservice/accounts-daemon
      File size:203192 bytes
      MD5 hash:01a899e3fb5e7e434bea1290255a1f30

      Start time:12:00:14
      Start date:14/05/2022
      Path:/usr/lib/accountsservice/accounts-daemon
      Arguments:n/a
      File size:203192 bytes
      MD5 hash:01a899e3fb5e7e434bea1290255a1f30

      Start time:12:00:14
      Start date:14/05/2022
      Path:/usr/share/language-tools/language-validate
      Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:12:00:14
      Start date:14/05/2022
      Path:/usr/share/language-tools/language-validate
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:12:00:14
      Start date:14/05/2022
      Path:/usr/share/language-tools/language-options
      Arguments:/usr/share/language-tools/language-options
      File size:3478464 bytes
      MD5 hash:16a21f464119ea7fad1d3660de963637

      Start time:12:00:14
      Start date:14/05/2022
      Path:/usr/share/language-tools/language-options
      Arguments:n/a
      File size:3478464 bytes
      MD5 hash:16a21f464119ea7fad1d3660de963637

      Start time:12:00:14
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:sh -c "locale -a | grep -F .utf8 "
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:12:00:15
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:12:00:15
      Start date:14/05/2022
      Path:/usr/bin/locale
      Arguments:locale -a
      File size:58944 bytes
      MD5 hash:c72a78792469db86d91369c9057f20d2

      Start time:12:00:15
      Start date:14/05/2022
      Path:/bin/sh
      Arguments:n/a
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Start time:12:00:15
      Start date:14/05/2022
      Path:/usr/bin/grep
      Arguments:grep -F .utf8
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

      Start time:12:00:29
      Start date:14/05/2022
      Path:/usr/libexec/gvfsd-fuse
      Arguments:n/a
      File size:47632 bytes
      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

      Start time:12:00:29
      Start date:14/05/2022
      Path:/bin/fusermount
      Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
      File size:39144 bytes
      MD5 hash:576a1b135c82bdcbc97a91acea900566

      Start time:12:01:59
      Start date:14/05/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Start time:12:01:59
      Start date:14/05/2022
      Path:/usr/bin/dbus-daemon
      Arguments:/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c