Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
6gIL6GLh9R

Overview

General Information

Sample Name:6gIL6GLh9R
Analysis ID:635071
MD5:6dfcca37a6b1468fcaf3addab827b850
SHA1:d96baef8427ad98a42e418e49fbcf440b173fc3a
SHA256:eed19f89eba4f0ca0b1f7ef5f02080b5839f076652aeb277c59e3b6e85f18c4a
Tags:32armelfgafgyt
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Reads system files that contain records of logged in users
Contains symbols with names commonly found in malware
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Executes the "systemctl" command used for controlling the systemd system and service manager
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample contains symbols with suspicious names
Deletes log files
Creates hidden files and/or directories
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:635071
Start date and time: 27/05/202212:24:052022-05-27 12:24:05 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 38s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:6gIL6GLh9R
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal72.spre.troj.lin@0/161@7/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:/tmp/6gIL6GLh9R
PID:6234
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
VegaSec-KATANA001
Standard Error:

Process Tree

  • system is lnxubuntu20
  • 6gIL6GLh9R (PID: 6234, Parent: 6129, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/6gIL6GLh9R
  • systemd New Fork (PID: 6249, Parent: 1)
  • journalctl (PID: 6249, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6266, Parent: 1)
  • systemd-journald (PID: 6266, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6270, Parent: 1)
  • journalctl (PID: 6270, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6323, Parent: 1)
  • whoopsie (PID: 6323, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6327, Parent: 1)
  • dbus-daemon (PID: 6327, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6328, Parent: 1860)
  • pulseaudio (PID: 6328, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6333, Parent: 1)
  • rtkit-daemon (PID: 6333, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6336, Parent: 1)
  • systemd-logind (PID: 6336, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6399, Parent: 1)
  • polkitd (PID: 6399, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6404, Parent: 1)
  • agetty (PID: 6404, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6406, Parent: 1)
  • rsyslogd (PID: 6406, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • gdm3 New Fork (PID: 6408, Parent: 1320)
  • Default (PID: 6408, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • cached_setup_terminal.sh (PID: 6409, Parent: 6306, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/console-setup/cached_setup_terminal.sh vcs2
  • gdm3 New Fork (PID: 6410, Parent: 1320)
  • Default (PID: 6410, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6411, Parent: 1320)
  • Default (PID: 6411, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6417, Parent: 1)
  • gpu-manager (PID: 6417, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6418, Parent: 6417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6419, Parent: 6418)
      • grep (PID: 6419, Parent: 6418, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6420, Parent: 6417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6421, Parent: 6420)
      • grep (PID: 6421, Parent: 6420, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6422, Parent: 6417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6423, Parent: 6422)
      • grep (PID: 6423, Parent: 6422, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6424, Parent: 6417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6425, Parent: 6424)
      • grep (PID: 6425, Parent: 6424, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6426, Parent: 6417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6427, Parent: 6426)
      • grep (PID: 6427, Parent: 6426, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6428, Parent: 6417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6429, Parent: 6428)
      • grep (PID: 6429, Parent: 6428, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6430, Parent: 6417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6431, Parent: 6430)
      • grep (PID: 6431, Parent: 6430, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6433, Parent: 6417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6435, Parent: 6433)
      • grep (PID: 6435, Parent: 6433, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6439, Parent: 1)
  • generate-config (PID: 6439, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6440, Parent: 6439, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6441, Parent: 1)
  • gdm-wait-for-drm (PID: 6441, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6446, Parent: 1)
  • gdm3 (PID: 6446, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6451, Parent: 6446)
    • plymouth (PID: 6451, Parent: 6446, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6470, Parent: 6446)
    • gdm-session-worker (PID: 6470, Parent: 6446, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 6474, Parent: 6470, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 6476, Parent: 6474, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 6480, Parent: 6476)
            • false (PID: 6481, Parent: 6480, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 6482, Parent: 6474, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 6483, Parent: 6482, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 6484, Parent: 6446)
    • Default (PID: 6484, Parent: 6446, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 6485, Parent: 6446)
    • Default (PID: 6485, Parent: 6446, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6452, Parent: 1)
  • accounts-daemon (PID: 6452, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6465, Parent: 6452, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6466, Parent: 6465, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6467, Parent: 6466, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6468, Parent: 6467)
          • locale (PID: 6468, Parent: 6467, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6469, Parent: 6467)
          • grep (PID: 6469, Parent: 6467, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • fusermount (PID: 6493, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 6515, Parent: 1)
  • journalctl (PID: 6515, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6516, Parent: 1)
  • systemd-journald (PID: 6516, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6517, Parent: 1)
  • whoopsie (PID: 6517, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6520, Parent: 1)
  • dbus-daemon (PID: 6520, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6522, Parent: 1860)
  • pulseaudio (PID: 6522, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6526, Parent: 1)
  • systemd-logind (PID: 6526, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6584, Parent: 1)
  • rtkit-daemon (PID: 6584, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6585, Parent: 1)
  • gpu-manager (PID: 6585, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6589, Parent: 6585, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6590, Parent: 6589)
      • grep (PID: 6590, Parent: 6589, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6596, Parent: 6585, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6597, Parent: 6596)
      • grep (PID: 6597, Parent: 6596, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6599, Parent: 6585, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6601, Parent: 6599)
      • grep (PID: 6601, Parent: 6599, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6602, Parent: 6585, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6604, Parent: 6602)
      • grep (PID: 6604, Parent: 6602, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6605, Parent: 6585, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6606, Parent: 6605)
      • grep (PID: 6606, Parent: 6605, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6607, Parent: 6585, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6608, Parent: 6607)
      • grep (PID: 6608, Parent: 6607, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6610, Parent: 6585, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6611, Parent: 6610)
      • grep (PID: 6611, Parent: 6610, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6615, Parent: 6585, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6616, Parent: 6615)
      • grep (PID: 6616, Parent: 6615, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6588, Parent: 1)
  • polkitd (PID: 6588, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6598, Parent: 1)
  • journalctl (PID: 6598, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6600, Parent: 1)
  • agetty (PID: 6600, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6609, Parent: 1)
  • rsyslogd (PID: 6609, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6620, Parent: 1)
  • generate-config (PID: 6620, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6623, Parent: 6620, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6622, Parent: 1)
  • journalctl (PID: 6622, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6624, Parent: 1860)
  • dbus-daemon (PID: 6624, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6625, Parent: 1)
  • systemd-journald (PID: 6625, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6628, Parent: 1)
  • gdm-wait-for-drm (PID: 6628, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6629, Parent: 1)
  • whoopsie (PID: 6629, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6634, Parent: 1)
  • dbus-daemon (PID: 6634, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6635, Parent: 1860)
  • pulseaudio (PID: 6635, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6636, Parent: 1)
  • journalctl (PID: 6636, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6641, Parent: 1)
  • systemd-logind (PID: 6641, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6698, Parent: 1)
  • rtkit-daemon (PID: 6698, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6703, Parent: 1)
  • polkitd (PID: 6703, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6707, Parent: 1)
  • agetty (PID: 6707, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6709, Parent: 1)
  • rsyslogd (PID: 6709, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6716, Parent: 1)
  • gdm3 (PID: 6716, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6719, Parent: 6716)
    • plymouth (PID: 6719, Parent: 6716, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6729, Parent: 6716)
    • gdm-session-worker (PID: 6729, Parent: 6716, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 6739, Parent: 6729, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 6741, Parent: 6739, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 6751, Parent: 6741)
            • false (PID: 6752, Parent: 6751, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 6753, Parent: 6739, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
    • gdm3 New Fork (PID: 6754, Parent: 6716)
    • Default (PID: 6754, Parent: 6716, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 6756, Parent: 6716)
    • Default (PID: 6756, Parent: 6716, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6720, Parent: 1)
  • accounts-daemon (PID: 6720, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6724, Parent: 6720, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6725, Parent: 6724, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6726, Parent: 6725, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6727, Parent: 6726)
          • locale (PID: 6727, Parent: 6726, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6728, Parent: 6726)
          • grep (PID: 6728, Parent: 6726, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6730, Parent: 1)
  • journalctl (PID: 6730, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6734, Parent: 1)
  • systemd-journald (PID: 6734, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6737, Parent: 1)
  • systemd (PID: 6737, Parent: 1, MD5: 9b2bec7092a40488108543f9334aab75) Arguments: /lib/systemd/systemd --user
    • systemd New Fork (PID: 6742, Parent: 6737)
      • systemd New Fork (PID: 6743, Parent: 6742)
      • 30-systemd-environment-d-generator (PID: 6743, Parent: 6742, MD5: 42417da8051ba8ee0eea7854c62d99ca) Arguments: /usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
    • systemd New Fork (PID: 6850, Parent: 6737)
    • systemctl (PID: 6850, Parent: 6737, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: /bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/127/bus
    • systemd New Fork (PID: 6855, Parent: 6737)
    • pulseaudio (PID: 6855, Parent: 6737, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6744, Parent: 1)
  • whoopsie (PID: 6744, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6757, Parent: 1)
  • dbus-daemon (PID: 6757, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6759, Parent: 1860)
  • pulseaudio (PID: 6759, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6762, Parent: 1)
  • systemd-logind (PID: 6762, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6821, Parent: 1)
  • rtkit-daemon (PID: 6821, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6824, Parent: 1)
  • polkitd (PID: 6824, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6825, Parent: 1)
  • gpu-manager (PID: 6825, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6827, Parent: 6825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6828, Parent: 6827)
      • grep (PID: 6828, Parent: 6827, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6832, Parent: 6825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6833, Parent: 6832)
      • grep (PID: 6833, Parent: 6832, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6834, Parent: 6825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6835, Parent: 6834)
      • grep (PID: 6835, Parent: 6834, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6837, Parent: 6825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6838, Parent: 6837)
      • grep (PID: 6838, Parent: 6837, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6845, Parent: 6825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6846, Parent: 6845)
      • grep (PID: 6846, Parent: 6845, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6847, Parent: 6825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6848, Parent: 6847)
      • grep (PID: 6848, Parent: 6847, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6851, Parent: 6825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6852, Parent: 6851)
      • grep (PID: 6852, Parent: 6851, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6853, Parent: 6825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6854, Parent: 6853)
      • grep (PID: 6854, Parent: 6853, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6826, Parent: 1)
  • agetty (PID: 6826, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6836, Parent: 1)
  • rsyslogd (PID: 6836, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6841, Parent: 1)
  • journalctl (PID: 6841, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6856, Parent: 1)
  • journalctl (PID: 6856, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6857, Parent: 1)
  • systemd-journald (PID: 6857, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6862, Parent: 1860)
  • dbus-daemon (PID: 6862, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6863, Parent: 1)
  • generate-config (PID: 6863, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6864, Parent: 6863, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6867, Parent: 1)
  • whoopsie (PID: 6867, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6868, Parent: 1)
  • gdm-wait-for-drm (PID: 6868, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6870, Parent: 1)
  • dbus-daemon (PID: 6870, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6871, Parent: 1860)
  • pulseaudio (PID: 6871, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6874, Parent: 1)
  • systemd-logind (PID: 6874, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6932, Parent: 1)
  • rtkit-daemon (PID: 6932, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6935, Parent: 1)
  • journalctl (PID: 6935, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6939, Parent: 1)
  • polkitd (PID: 6939, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6944, Parent: 1)
  • agetty (PID: 6944, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6945, Parent: 1)
  • rsyslogd (PID: 6945, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6952, Parent: 1)
  • journalctl (PID: 6952, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6953, Parent: 1)
  • systemd-journald (PID: 6953, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6954, Parent: 1)
  • gdm3 (PID: 6954, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6957, Parent: 6954)
    • plymouth (PID: 6957, Parent: 6954, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6969, Parent: 6954)
    • gdm-session-worker (PID: 6969, Parent: 6954, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
  • systemd New Fork (PID: 6958, Parent: 1)
  • accounts-daemon (PID: 6958, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6964, Parent: 6958, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6965, Parent: 6964, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6966, Parent: 6965, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6967, Parent: 6966)
          • locale (PID: 6967, Parent: 6966, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6968, Parent: 6966)
          • grep (PID: 6968, Parent: 6966, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6973, Parent: 1)
  • whoopsie (PID: 6973, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
6gIL6GLh9RSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x171d8:$xo1: \x18:/<994z`{e
  • 0x17250:$xo1: \x18:/<994z`{e
  • 0x172c8:$xo1: \x18:/<994z`{e
  • 0x1731c:$xo1: \x18:/<994z`{e
  • 0x17394:$xo1: \x18:/<994z`{e
  • 0x1740c:$xo1: \x18:/<994z`{e
  • 0x17484:$xo1: \x18:/<994z`{e
  • 0x174f4:$xo1: \x18:/<994z`{e
  • 0x17570:$xo1: \x18:/<994z`{e
  • 0x175c0:$xo1: \x18:/<994z`{e
6gIL6GLh9RJoeSecurity_Mirai_8Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6237.1.0000000024c9a23c.00000000c094cd33.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x3f00:$xo1: \x18:/<994z`{e
    • 0x3f78:$xo1: \x18:/<994z`{e
    • 0x3ff0:$xo1: \x18:/<994z`{e
    • 0x4048:$xo1: \x18:/<994z`{e
    • 0x40c0:$xo1: \x18:/<994z`{e
    • 0x4138:$xo1: \x18:/<994z`{e
    • 0x41b8:$xo1: \x18:/<994z`{e
    • 0x4230:$xo1: \x18:/<994z`{e
    • 0x42b0:$xo1: \x18:/<994z`{e
    • 0x4308:$xo1: \x18:/<994z`{e
    6240.1.0000000065830d93.00000000a6543536.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x171d8:$xo1: \x18:/<994z`{e
    • 0x17250:$xo1: \x18:/<994z`{e
    • 0x172c8:$xo1: \x18:/<994z`{e
    • 0x1731c:$xo1: \x18:/<994z`{e
    • 0x17394:$xo1: \x18:/<994z`{e
    • 0x1740c:$xo1: \x18:/<994z`{e
    • 0x17484:$xo1: \x18:/<994z`{e
    • 0x174f4:$xo1: \x18:/<994z`{e
    • 0x17570:$xo1: \x18:/<994z`{e
    • 0x175c0:$xo1: \x18:/<994z`{e
    6237.1.0000000065830d93.00000000a6543536.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x171d8:$xo1: \x18:/<994z`{e
    • 0x17250:$xo1: \x18:/<994z`{e
    • 0x172c8:$xo1: \x18:/<994z`{e
    • 0x1731c:$xo1: \x18:/<994z`{e
    • 0x17394:$xo1: \x18:/<994z`{e
    • 0x1740c:$xo1: \x18:/<994z`{e
    • 0x17484:$xo1: \x18:/<994z`{e
    • 0x174f4:$xo1: \x18:/<994z`{e
    • 0x17570:$xo1: \x18:/<994z`{e
    • 0x175c0:$xo1: \x18:/<994z`{e
    6240.1.0000000024c9a23c.00000000c094cd33.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x3f00:$xo1: \x18:/<994z`{e
    • 0x3f78:$xo1: \x18:/<994z`{e
    • 0x3ff0:$xo1: \x18:/<994z`{e
    • 0x4048:$xo1: \x18:/<994z`{e
    • 0x40c0:$xo1: \x18:/<994z`{e
    • 0x4138:$xo1: \x18:/<994z`{e
    • 0x41b8:$xo1: \x18:/<994z`{e
    • 0x4230:$xo1: \x18:/<994z`{e
    • 0x42b0:$xo1: \x18:/<994z`{e
    • 0x4308:$xo1: \x18:/<994z`{e
    6234.1.0000000024c9a23c.00000000c094cd33.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x3f00:$xo1: \x18:/<994z`{e
    • 0x3f78:$xo1: \x18:/<994z`{e
    • 0x3ff0:$xo1: \x18:/<994z`{e
    • 0x4048:$xo1: \x18:/<994z`{e
    • 0x40c0:$xo1: \x18:/<994z`{e
    • 0x4138:$xo1: \x18:/<994z`{e
    • 0x41b8:$xo1: \x18:/<994z`{e
    • 0x4230:$xo1: \x18:/<994z`{e
    • 0x42b0:$xo1: \x18:/<994z`{e
    • 0x4308:$xo1: \x18:/<994z`{e
    Click to see the 5 entries

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: 6gIL6GLh9RVirustotal: Detection: 55%Perma Link
    Source: /usr/bin/pulseaudio (PID: 6328)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 6440)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 6522)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 6623)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 6635)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 6759)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pkill (PID: 6864)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 6871)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: global trafficTCP traffic: 192.168.2.23:48298 -> 45.142.122.121:63645
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 107.79.25.102:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 189.231.99.149:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 92.100.138.80:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 71.175.227.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 83.162.197.152:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 138.6.47.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 179.78.195.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 140.254.83.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 166.67.144.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 101.203.212.31:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 19.138.206.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 37.126.56.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 182.99.171.202:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 90.129.129.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 178.26.223.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 174.14.213.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 150.20.214.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 184.92.81.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 165.114.133.106:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 70.16.130.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 164.144.87.120:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 175.44.51.243:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 36.82.214.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 170.82.117.186:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 85.78.162.77:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 221.101.184.219:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 94.238.13.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 133.173.203.13:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 46.233.140.200:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 190.200.31.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 221.112.75.252:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 58.42.120.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 85.138.223.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 91.28.52.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 113.102.12.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 115.34.58.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 145.88.87.235:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 105.96.72.247:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 76.179.1.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 202.8.204.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 81.171.243.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 92.255.208.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 62.31.84.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 203.239.221.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 2.219.221.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 67.218.39.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 41.85.0.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 170.224.184.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 64.254.173.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 17.82.34.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 169.213.92.52:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 17.217.45.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 135.101.37.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 189.243.234.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 88.78.12.80:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 109.93.0.62:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 93.128.244.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 61.167.168.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 70.175.4.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 164.61.34.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 150.102.162.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 40.211.60.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 59.238.94.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 151.38.54.249:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 166.240.34.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 105.116.144.177:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 91.204.35.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 40.253.73.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 67.217.243.39:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 151.14.152.208:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 149.136.134.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 209.251.133.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 130.191.165.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 53.7.57.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 71.148.102.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 222.247.143.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 177.98.104.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 167.120.152.18:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 201.226.126.169:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 120.82.85.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 161.112.41.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 96.203.129.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 93.203.87.59:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 5.86.73.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 72.198.235.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 189.98.144.45:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 157.48.66.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 165.209.192.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 211.213.222.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 200.26.199.169:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 154.134.17.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 113.98.208.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 162.77.180.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 161.234.156.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 66.39.80.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 209.243.157.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 5.192.35.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 110.62.207.45:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 14.104.17.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 91.56.230.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 100.34.130.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 90.77.179.243:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 169.254.110.51:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 220.22.94.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 168.114.234.107:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 13.76.114.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 183.143.141.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 223.173.39.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 71.70.231.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 196.41.4.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 203.219.175.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 70.166.115.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 111.145.208.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 102.144.195.13:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 39.51.162.74:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 80.34.149.59:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 32.207.59.207:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 151.140.62.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 173.50.114.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 111.248.159.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 5.98.65.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 158.24.65.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 194.34.50.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 193.249.7.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 74.136.74.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 105.30.107.59:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 78.215.96.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 18.17.68.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 68.197.94.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 169.77.132.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 136.140.122.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 198.131.127.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 40.180.245.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 95.51.247.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 20.205.0.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 181.167.102.136:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 113.201.32.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 40.107.17.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 205.120.169.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 66.254.33.226:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 190.47.233.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 78.51.184.12:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 186.17.46.75:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 180.207.159.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 110.44.147.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 170.213.228.45:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 121.169.103.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 109.112.68.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 2.157.179.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 194.236.243.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 62.227.219.202:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 216.3.211.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 59.27.242.6:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 14.182.42.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 39.31.66.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 85.8.74.107:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 163.93.133.100:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 209.52.27.167:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 218.31.204.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 24.203.144.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 178.244.65.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 4.9.203.226:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 23.182.132.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 130.230.139.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 191.49.202.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 189.86.61.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 205.122.178.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 188.40.38.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 165.133.249.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 103.150.195.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 38.174.204.128:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 100.12.204.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 95.48.114.39:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 101.173.141.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 185.81.28.207:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 66.44.199.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 211.175.208.100:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 174.101.115.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 20.196.94.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 195.202.127.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 174.222.115.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 136.101.199.96:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 206.242.23.186:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 24.103.83.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 170.7.142.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 88.245.147.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 177.9.245.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 211.2.39.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 94.151.227.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 198.129.9.149:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 14.198.203.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 85.51.202.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 210.139.240.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 118.151.41.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 36.181.218.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 65.188.137.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 43.246.189.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 118.231.214.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 34.194.99.179:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 96.162.102.198:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 209.205.174.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 133.21.218.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 195.88.117.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 94.109.250.22:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 2.73.15.18:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 13.51.41.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 118.73.162.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 208.73.198.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 159.7.246.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 31.237.93.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 202.188.219.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 210.112.123.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 86.66.56.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 154.62.55.208:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 182.96.188.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 178.93.32.100:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 27.25.176.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 37.227.192.189:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 133.103.105.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 162.216.48.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 123.99.153.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 160.204.32.17:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 103.223.238.162:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 13.230.56.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 77.255.17.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 181.159.78.186:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 142.242.163.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 204.55.201.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 69.119.26.78:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 171.195.145.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 201.74.202.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 209.217.120.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 118.140.54.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 197.15.7.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 23.217.57.194:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 209.133.168.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 4.105.118.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 40.159.174.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 156.179.63.45:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 24.249.185.198:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 12.48.47.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 74.5.93.152:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 126.38.87.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 145.116.196.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 123.32.204.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:30675 -> 146.143.170.93:2323
    Source: global traffic