Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
z2H8jaZbYg.elf

Overview

General Information

Sample Name:z2H8jaZbYg.elf
Original Sample Name:fff0456162bbf2cdc65a2f401353770e.elf
Analysis ID:829363
MD5:fff0456162bbf2cdc65a2f401353770e
SHA1:2b5ee940dbba4727f3d7fc8419d98a111fe0c9c2
SHA256:47f7d03ddaabdbdf160606362082790c43d3df876d2391497b293af746c78d57
Tags:32armelfmirai
Infos:

Detection

Mirai, Moobot
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Moobot
Reads system files that contain records of logged in users
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sets full permissions to files and/or directories
Executes the "kill" or "pkill" command typically used to terminate processes
Sample contains only a LOAD segment without any section mappings
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "mkdir" command used to create folders
Executes the "grep" command used to find patterns in files or piped streams
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Executes the "chmod" command used to modify permissions
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
ELF contains segments with high entropy indicating compressed/encrypted content
Deletes log files
Creates hidden files and/or directories
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:37.0.0 Beryl
Analysis ID:829363
Start date and time:2023-03-18 04:10:58 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 51s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample file name:z2H8jaZbYg.elf
Original Sample Name:fff0456162bbf2cdc65a2f401353770e.elf
Detection:MAL
Classification:mal92.spre.troj.evad.linELF@0/45@3/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown

Runtime Messages

Command:/tmp/z2H8jaZbYg.elf
PID:6225
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
qazwsxedc
Standard Error:

Process Tree

  • system is lnxubuntu20
  • z2H8jaZbYg.elf (PID: 6225, Parent: 6119, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/z2H8jaZbYg.elf
    • sh (PID: 6227, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/z2H8jaZbYg.elf bin/systemd; chmod 777 bin/systemd"
      • sh New Fork (PID: 6229, Parent: 6227)
      • rm (PID: 6229, Parent: 6227, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf bin/systemd
      • sh New Fork (PID: 6230, Parent: 6227)
      • mkdir (PID: 6230, Parent: 6227, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir bin
      • sh New Fork (PID: 6231, Parent: 6227)
      • mv (PID: 6231, Parent: 6227, MD5: 504f0590fa482d4da070a702260e3716) Arguments: mv /tmp/z2H8jaZbYg.elf bin/systemd
      • sh New Fork (PID: 6232, Parent: 6227)
      • chmod (PID: 6232, Parent: 6227, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod 777 bin/systemd
  • systemd New Fork (PID: 6241, Parent: 1)
  • journalctl (PID: 6241, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6253, Parent: 1)
  • systemd-journald (PID: 6253, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • gdm3 New Fork (PID: 6263, Parent: 1320)
  • Default (PID: 6263, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6269, Parent: 1)
  • dbus-daemon (PID: 6269, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6272, Parent: 1860)
  • pulseaudio (PID: 6272, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • gdm3 New Fork (PID: 6273, Parent: 1320)
  • Default (PID: 6273, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6274, Parent: 1320)
  • Default (PID: 6274, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • fusermount (PID: 6277, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 6285, Parent: 1)
  • systemd-logind (PID: 6285, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6342, Parent: 1)
  • rtkit-daemon (PID: 6342, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6343, Parent: 1)
  • gpu-manager (PID: 6343, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6345, Parent: 6343, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6349, Parent: 6345)
      • grep (PID: 6349, Parent: 6345, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6353, Parent: 6343, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6356, Parent: 6353)
      • grep (PID: 6356, Parent: 6353, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6359, Parent: 6343, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6360, Parent: 6359)
      • grep (PID: 6360, Parent: 6359, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6361, Parent: 6343, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6362, Parent: 6361)
      • grep (PID: 6362, Parent: 6361, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6363, Parent: 6343, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6364, Parent: 6363)
      • grep (PID: 6364, Parent: 6363, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6365, Parent: 6343, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6366, Parent: 6365)
      • grep (PID: 6366, Parent: 6365, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6367, Parent: 6343, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6368, Parent: 6367)
      • grep (PID: 6368, Parent: 6367, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6369, Parent: 6343, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6370, Parent: 6369)
      • grep (PID: 6370, Parent: 6369, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6348, Parent: 1)
  • polkitd (PID: 6348, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6358, Parent: 1)
  • agetty (PID: 6358, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6376, Parent: 1)
  • generate-config (PID: 6376, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6377, Parent: 6376, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6380, Parent: 1)
  • journalctl (PID: 6380, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6383, Parent: 1)
  • gdm-wait-for-drm (PID: 6383, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6388, Parent: 1)
  • gdm3 (PID: 6388, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6391, Parent: 6388)
    • plymouth (PID: 6391, Parent: 6388, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6403, Parent: 6388)
    • gdm-session-worker (PID: 6403, Parent: 6388, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 6407, Parent: 6403, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 6411, Parent: 6407, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 6413, Parent: 6411)
            • false (PID: 6414, Parent: 6413, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 6415, Parent: 6407, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 6416, Parent: 6415, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 6417, Parent: 6388)
    • Default (PID: 6417, Parent: 6388, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 6418, Parent: 6388)
    • Default (PID: 6418, Parent: 6388, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6392, Parent: 1)
  • accounts-daemon (PID: 6392, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6398, Parent: 6392, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6399, Parent: 6398, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6400, Parent: 6399, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6401, Parent: 6400)
          • locale (PID: 6401, Parent: 6400, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6402, Parent: 6400)
          • grep (PID: 6402, Parent: 6400, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6442, Parent: 1860)
  • dbus-daemon (PID: 6442, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6443, Parent: 1860)
  • pulseaudio (PID: 6443, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
NameDescriptionAttributionBlogpost URLsLink
MooBotNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.moobot

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
z2H8jaZbYg.elfSUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth (Nextron Systems)
  • 0x87d4:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0x8843:$s2: $Id: UPX
  • 0x87f4:$s3: $Info: This file is packed with the UPX executable packer

Memory Dumps

SourceRuleDescriptionAuthorStrings
6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmpMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth (Nextron Systems)
  • 0xfa64:$x3: /dev/watchdog
  • 0xff6c:$s1: LCOGQGPTGP
  • 0xfc70:$s3: CFOKLKQVPCVMP
  • 0xfc54:$s4: QWRGPTKQMP
  • 0xfe74:$s5: HWCLVGAJ
6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmpJoeSecurity_MoobotYara detected MoobotJoe Security
    6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xf08c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf0a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf0b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf0c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf0dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf0f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf104:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf118:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf12c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf140:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf154:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf168:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf17c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf190:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf1a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf1b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf1cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf1e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf1f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf208:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf21c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmpLinux_Trojan_Mirai_0bce98a2unknownunknown
      • 0xfe68:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
      Click to see the 23 entries

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: z2H8jaZbYg.elfReversingLabs: Detection: 20%
      Source: z2H8jaZbYg.elfVirustotal: Detection: 24%Perma Link
      Source: /usr/bin/pulseaudio (PID: 6272)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 6377)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pulseaudio (PID: 6443)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: global trafficTCP traffic: 192.168.2.23:44560 -> 37.49.229.52:55650
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 142.2.23.205:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 69.18.22.216:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 100.165.130.222:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 140.17.106.48:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 101.198.45.74:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 87.97.253.99:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 219.174.97.116:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 147.222.30.87:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 206.192.104.243:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 189.188.177.3:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 220.161.76.74:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 207.169.217.22:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 200.11.186.71:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 114.201.197.13:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 139.185.53.144:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 43.243.56.98:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 45.216.85.209:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 148.59.167.249:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 58.163.248.20:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 14.68.194.178:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 218.172.110.6:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 222.201.177.38:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 137.81.2.228:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 182.56.159.130:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 100.169.221.183:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 100.209.55.184:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 139.156.21.112:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 197.58.176.102:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 63.41.185.255:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 107.214.171.17:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 193.121.109.73:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 166.98.78.236:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 106.174.168.190:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 143.179.241.167:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 141.162.240.235:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 173.76.223.186:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 59.199.240.207:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 132.216.5.213:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 81.249.205.45:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 100.54.227.147:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 123.127.110.34:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 52.59.61.106:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 136.99.195.131:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 87.216.44.53:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 134.115.177.141:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 140.118.78.131:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 25.130.80.3:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 182.24.11.212:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 97.26.156.236:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 187.155.173.172:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 86.251.172.122:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 45.165.33.129:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 220.130.97.78:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 75.48.88.22:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 146.93.167.205:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 186.75.174.207:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 59.226.106.26:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 14.206.250.62:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 221.45.246.3:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 103.29.128.152:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 18.53.144.192:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 121.130.193.218:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 69.252.156.238:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 63.211.226.229:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 61.110.200.73:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 174.17.42.243:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 145.63.0.5:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 121.39.42.189:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 31.202.83.96:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 220.215.21.111:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 163.145.24.111:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 148.146.22.8:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 76.97.69.221:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 25.131.123.87:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 190.254.226.157:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 83.59.10.249:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 174.121.0.92:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 169.236.151.30:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 80.16.87.229:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 73.4.8.123:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 178.79.5.207:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 4.110.127.28:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 95.159.166.210:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 85.179.29.148:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 220.184.38.62:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 20.47.101.213:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 86.97.91.178:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 156.143.252.129:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 45.240.12.85:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 136.224.227.189:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 46.103.46.11:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 120.100.188.8:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 115.107.199.4:2323
      Source: global trafficTCP traffic: 192.168.2.23:15387 -> 135.75.197.191:2323
      Source: /tmp/z2H8jaZbYg.elf (PID: 6225)Socket: 0.0.0.0::1230Jump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)Socket: <unknown socket type>:unknownJump to behavior
      Source: /usr/sbin/gdm3 (PID: 6388)Socket: <unknown socket type>:unknownJump to behavior
      Source: /usr/bin/dbus-daemon (PID: 6411)Socket: <unknown socket type>:unknownJump to behavior
      Source: global trafficHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56406
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 56406 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
      Source: unknownTCP traffic detected without corresponding DNS query: 37.49.229.52
      Source: unknownTCP traffic detected without corresponding DNS query: 142.2.23.205
      Source: unknownTCP traffic detected without corresponding DNS query: 25.222.171.56
      Source: unknownTCP traffic detected without corresponding DNS query: 211.64.156.64
      Source: unknownTCP traffic detected without corresponding DNS query: 69.18.22.216
      Source: unknownTCP traffic detected without corresponding DNS query: 123.208.44.93
      Source: unknownTCP traffic detected without corresponding DNS query: 46.80.138.112
      Source: unknownTCP traffic detected without corresponding DNS query: 99.181.229.184
      Source: unknownTCP traffic detected without corresponding DNS query: 52.59.222.73
      Source: unknownTCP traffic detected without corresponding DNS query: 163.227.248.25
      Source: unknownTCP traffic detected without corresponding DNS query: 199.38.24.220
      Source: unknownTCP traffic detected without corresponding DNS query: 46.117.218.177
      Source: unknownTCP traffic detected without corresponding DNS query: 1.159.32.107
      Source: unknownTCP traffic detected without corresponding DNS query: 58.202.55.104
      Source: unknownTCP traffic detected without corresponding DNS query: 43.127.192.155
      Source: unknownTCP traffic detected without corresponding DNS query: 187.96.83.42
      Source: unknownTCP traffic detected without corresponding DNS query: 100.165.130.222
      Source: unknownTCP traffic detected without corresponding DNS query: 195.25.131.37
      Source: unknownTCP traffic detected without corresponding DNS query: 153.7.187.162
      Source: unknownTCP traffic detected without corresponding DNS query: 130.81.248.114
      Source: unknownTCP traffic detected without corresponding DNS query: 17.105.150.191
      Source: unknownTCP traffic detected without corresponding DNS query: 31.113.195.47
      Source: unknownTCP traffic detected without corresponding DNS query: 125.58.140.209
      Source: unknownTCP traffic detected without corresponding DNS query: 157.128.21.142
      Source: unknownTCP traffic detected without corresponding DNS query: 161.249.151.52
      Source: unknownTCP traffic detected without corresponding DNS query: 146.194.216.0
      Source: unknownTCP traffic detected without corresponding DNS query: 37.16.82.22
      Source: unknownTCP traffic detected without corresponding DNS query: 130.53.192.86
      Source: unknownTCP traffic detected without corresponding DNS query: 165.115.107.118
      Source: unknownTCP traffic detected without corresponding DNS query: 46.2.220.139
      Source: unknownTCP traffic detected without corresponding DNS query: 101.7.218.189
      Source: unknownTCP traffic detected without corresponding DNS query: 147.111.79.171
      Source: unknownTCP traffic detected without corresponding DNS query: 50.47.168.120
      Source: unknownTCP traffic detected without corresponding DNS query: 199.116.104.228
      Source: unknownTCP traffic detected without corresponding DNS query: 18.117.238.76
      Source: unknownTCP traffic detected without corresponding DNS query: 164.200.67.157
      Source: unknownTCP traffic detected without corresponding DNS query: 140.17.106.48
      Source: unknownTCP traffic detected without corresponding DNS query: 20.142.93.132
      Source: unknownTCP traffic detected without corresponding DNS query: 12.30.95.6
      Source: unknownTCP traffic detected without corresponding DNS query: 104.83.36.210
      Source: unknownTCP traffic detected without corresponding DNS query: 88.180.199.169
      Source: unknownTCP traffic detected without corresponding DNS query: 101.198.45.74
      Source: unknownTCP traffic detected without corresponding DNS query: 73.35.71.216
      Source: unknownTCP traffic detected without corresponding DNS query: 91.164.70.235
      Source: unknownTCP traffic detected without corresponding DNS query: 148.82.199.157
      Source: unknownTCP traffic detected without corresponding DNS query: 1.103.211.25
      Source: unknownTCP traffic detected without corresponding DNS query: 87.97.253.99
      Source: unknownTCP traffic detected without corresponding DNS query: 191.81.124.202
      Source: unknownTCP traffic detected without corresponding DNS query: 93.195.254.172
      Source: unknownTCP traffic detected without corresponding DNS query: 39.113.191.165
      Source: z2H8jaZbYg.elfString found in binary or memory: http://upx.sf.net
      Source: unknownHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
      Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth (Nextron Systems)
      Source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
      Source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth (Nextron Systems)
      Source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
      Source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth (Nextron Systems)
      Source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
      Source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth (Nextron Systems)
      Source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
      Source: Process Memory Space: z2H8jaZbYg.elf PID: 6225, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: z2H8jaZbYg.elf PID: 6233, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: z2H8jaZbYg.elf PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: z2H8jaZbYg.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Sample tries to kill multiple processes (SIGKILL)
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 491, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 721, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1344, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1886, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 2038, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 2048, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6041, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6186, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6187, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6233, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6235, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6237, result: unknownJump to behavior
      Source: LOAD without section mappingsProgram segment: 0x8000
      Source: z2H8jaZbYg.elf, type: SAMPLEMatched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth (Nextron Systems), description = Detects a suspicious ELF binary with UPX compression, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4, reference = Internal Research
      Source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth (Nextron Systems), description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b, modified = 2023-01-27
      Source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
      Source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth (Nextron Systems), description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b, modified = 2023-01-27
      Source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
      Source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth (Nextron Systems), description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b, modified = 2023-01-27
      Source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
      Source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth (Nextron Systems), description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b, modified = 2023-01-27
      Source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
      Source: Process Memory Space: z2H8jaZbYg.elf PID: 6225, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: z2H8jaZbYg.elf PID: 6233, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: z2H8jaZbYg.elf PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: z2H8jaZbYg.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 491, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 721, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1344, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 1886, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 2038, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 2048, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6041, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6186, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6187, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6233, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6235, result: successfulJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6237)SIGKILL sent: pid: 6237, result: unknownJump to behavior
      Source: classification engineClassification label: mal92.spre.troj.evad.linELF@0/45@3/0

      Data Obfuscation

      barindex
      Sample is packed with UPX
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

      Persistence and Installation Behavior

      barindex
      Sample reads /proc/mounts (often used for finding a writable filesystem)
      Source: /usr/bin/dbus-daemon (PID: 6269)File: /proc/6269/mountsJump to behavior
      Source: /bin/fusermount (PID: 6277)File: /proc/6277/mountsJump to behavior
      Source: /usr/bin/dbus-daemon (PID: 6411)File: /proc/6411/mountsJump to behavior
      Source: /usr/bin/dbus-daemon (PID: 6416)File: /proc/6416/mountsJump to behavior
      Source: /usr/bin/dbus-daemon (PID: 6442)File: /proc/6442/mountsJump to behavior
      Sets full permissions to files and/or directories
      Source: /bin/sh (PID: 6232)Chmod executable with 777: /usr/bin/chmod -> chmod 777 bin/systemdJump to behavior
      Source: /usr/share/gdm/generate-config (PID: 6377)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
      Source: /bin/sh (PID: 6230)Mkdir executable: /usr/bin/mkdir -> mkdir binJump to behavior
      Source: /bin/sh (PID: 6349)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
      Source: /bin/sh (PID: 6356)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
      Source: /bin/sh (PID: 6360)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
      Source: /bin/sh (PID: 6362)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
      Source: /bin/sh (PID: 6364)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
      Source: /bin/sh (PID: 6366)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
      Source: /bin/sh (PID: 6368)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
      Source: /bin/sh (PID: 6370)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
      Source: /bin/sh (PID: 6402)Grep executable: /usr/bin/grep -> grep -F .utf8Jump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)Reads from proc file: /proc/meminfoJump to behavior
      Source: /bin/sh (PID: 6232)Chmod executable: /usr/bin/chmod -> chmod 777 bin/systemdJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2078/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2078/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2078/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2078/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2078/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2078/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2078/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2033/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2033/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2033/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2033/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2033/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2033/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2033/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2077/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2077/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2077/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2077/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2077/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2077/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2077/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2074/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2074/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2074/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2074/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2074/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2074/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2074/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6272/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6272/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6272/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6272/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6272/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6272/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6272/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6392/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6392/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6392/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6392/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6392/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6392/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/6392/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2028/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2028/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2028/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2028/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2028/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2028/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2028/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1335/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1335/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1335/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1335/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1335/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1335/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1335/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2302/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2302/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2302/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2302/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2302/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2302/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2302/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1532/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1532/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1532/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1532/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1532/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1532/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1532/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1576/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1576/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1576/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1576/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1576/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1576/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1576/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/1334/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/797/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/797/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/797/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/797/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/797/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/797/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/797/cgroupJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2025/commJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2025/cmdlineJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2025/statusJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2025/attr/currentJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2025/sessionidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2025/loginuidJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)File opened: /proc/2025/cgroupJump to behavior
      Source: /usr/lib/policykit-1/polkitd (PID: 6348)Directory: /root/.cacheJump to behavior
      Source: /usr/lib/gdm3/gdm-wayland-session (PID: 6407)Directory: /var/lib/gdm3/.cacheJump to behavior
      Source: /usr/lib/accountsservice/accounts-daemon (PID: 6392)Directory: /root/.cacheJump to behavior
      Source: /usr/bin/chmod (PID: 6232)File: /tmp/bin/systemd (bits: - usr: rwx grp: rwx all: rwx)Jump to behavior
      Source: /usr/sbin/gdm3 (PID: 6388)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
      Source: /usr/sbin/gdm3 (PID: 6388)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
      Source: /usr/lib/accountsservice/accounts-daemon (PID: 6392)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
      Source: /usr/lib/accountsservice/accounts-daemon (PID: 6392)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6227)Shell command executed: sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/z2H8jaZbYg.elf bin/systemd; chmod 777 bin/systemd"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6345)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6353)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6359)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6361)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6363)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6365)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6367)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6369)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
      Source: /usr/share/language-tools/language-options (PID: 6400)Shell command executed: sh -c "locale -a | grep -F .utf8 "Jump to behavior
      Source: /bin/sh (PID: 6229)Rm executable: /usr/bin/rm -> rm -rf bin/systemdJump to behavior
      Source: /usr/bin/gpu-manager (PID: 6343)Log file created: /var/log/gpu-manager.logJump to dropped file
      Source: z2H8jaZbYg.elfSubmission file: segment LOAD with 7.7678 entropy (max. 8.0)
      Source: /usr/bin/pulseaudio (PID: 6272)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 6377)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pulseaudio (PID: 6443)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /tmp/z2H8jaZbYg.elf (PID: 6225)Queries kernel information via 'uname': Jump to behavior
      Source: /lib/systemd/systemd-journald (PID: 6253)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/pulseaudio (PID: 6272)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6343)Queries kernel information via 'uname': Jump to behavior
      Source: /sbin/agetty (PID: 6358)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/gdm3/gdm-session-worker (PID: 6403)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/pulseaudio (PID: 6443)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6343)Truncated file: /var/log/gpu-manager.logJump to behavior
      Source: z2H8jaZbYg.elf, 6237.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmpBinary or memory string: /tmp/qemu-open.fDwK6M
      Source: z2H8jaZbYg.elf, 6225.1.000055a0460db000.000055a0462a9000.rw-.sdmp, z2H8jaZbYg.elf, 6233.1.000055a0460db000.000055a0462a9000.rw-.sdmp, z2H8jaZbYg.elf, 6235.1.000055a0460db000.000055a0462a9000.rw-.sdmp, z2H8jaZbYg.elf, 6237.1.000055a0460db000.000055a0462a9000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
      Source: z2H8jaZbYg.elf, 6237.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmpBinary or memory string: U/tmp/qemu-open.fDwK6Mh
      Source: z2H8jaZbYg.elf, 6225.1.000055a0460db000.000055a0462a9000.rw-.sdmp, z2H8jaZbYg.elf, 6233.1.000055a0460db000.000055a0462a9000.rw-.sdmp, z2H8jaZbYg.elf, 6235.1.000055a0460db000.000055a0462a9000.rw-.sdmp, z2H8jaZbYg.elf, 6237.1.000055a0460db000.000055a0462a9000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
      Source: z2H8jaZbYg.elf, 6225.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmp, z2H8jaZbYg.elf, 6233.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmp, z2H8jaZbYg.elf, 6235.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmp, z2H8jaZbYg.elf, 6237.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/z2H8jaZbYg.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/z2H8jaZbYg.elf
      Source: z2H8jaZbYg.elf, 6225.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmp, z2H8jaZbYg.elf, 6233.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmp, z2H8jaZbYg.elf, 6235.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmp, z2H8jaZbYg.elf, 6237.1.00007ffd3237f000.00007ffd323a0000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

      Language, Device and Operating System Detection

      barindex
      Reads system files that contain records of logged in users
      Source: /usr/lib/accountsservice/accounts-daemon (PID: 6392)Logged in records file read: /var/log/wtmpJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Yara detected Moobot
      Source: Yara matchFile source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: z2H8jaZbYg.elf PID: 6225, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: z2H8jaZbYg.elf PID: 6233, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: z2H8jaZbYg.elf PID: 6235, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: z2H8jaZbYg.elf PID: 6237, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Yara detected Moobot
      Source: Yara matchFile source: 6233.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6235.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6225.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6237.1.00007f07b4017000.00007f07b4029000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: z2H8jaZbYg.elf PID: 6225, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: z2H8jaZbYg.elf PID: 6233, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: z2H8jaZbYg.elf PID: 6235, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: z2H8jaZbYg.elf PID: 6237, type: MEMORYSTR

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Scripting      		Path InterceptionPath Interception1
      Disable or Modify Tools      		1
      OS Credential Dumping      		11
      Security Software Discovery      		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
      Service Stop
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
      File and Directory Permissions Modification      		LSASS Memory1
      System Owner/User Discovery      		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
      Non-Standard Port      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
      Scripting      		Security Account Manager1
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
      Hidden Files and Directories      		NTDS2
      System Information Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer3
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
      Obfuscated Files or Information      		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      Indicator Removal on Host      		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
      File Deletion      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 829363 Sample: z2H8jaZbYg.elf Startdate: 18/03/2023 Architecture: LINUX Score: 92 78 207.10.82.95, 23 WINDSTREAMUS United States 2->78 80 196.133.74.6, 23 Vodafone-EG Egypt 2->80 82 99 other IPs or domains 2->82 90 Malicious sample detected (through community Yara rule) 2->90 92 Multi AV Scanner detection for submitted file 2->92 94 Yara detected Moobot 2->94 96 2 other signatures 2->96 11 systemd gdm3 2->11         started        13 z2H8jaZbYg.elf 2->13         started        15 systemd gpu-manager 2->15         started        17 18 other processes 2->17 signatures3 process4 file5 21 gdm3 gdm-session-worker 11->21         started        35 3 other processes 11->35 23 z2H8jaZbYg.elf sh 13->23         started        25 z2H8jaZbYg.elf 13->25         started        27 gpu-manager sh 15->27         started        29 gpu-manager sh 15->29         started        37 6 other processes 15->37 76 /var/log/wtmp, data 17->76 dropped 84 Sample reads /proc/mounts (often used for finding a writable filesystem) 17->84 86 Reads system files that contain records of logged in users 17->86 31 accounts-daemon language-validate 17->31         started        33 generate-config pkill 17->33         started        signatures6 process7 process8 39 gdm-session-worker gdm-wayland-session 21->39         started        41 sh chmod 23->41         started        54 3 other processes 23->54 44 z2H8jaZbYg.elf 25->44         started        46 z2H8jaZbYg.elf 25->46         started        48 sh grep 27->48         started        50 sh grep 29->50         started        52 language-validate language-options 31->52         started        56 6 other processes 37->56 signatures9 58 gdm-wayland-session dbus-run-session 39->58         started        60 gdm-wayland-session dbus-daemon 39->60         started        98 Sets full permissions to files and/or directories 41->98 100 Sample tries to kill multiple processes (SIGKILL) 44->100 63 language-options sh 52->63         started        process10 signatures11 65 dbus-run-session dbus-daemon 58->65         started        102 Sample reads /proc/mounts (often used for finding a writable filesystem) 60->102 68 dbus-daemon 60->68         started        70 sh locale 63->70         started        72 sh grep 63->72         started        process12 signatures13 88 Sample reads /proc/mounts (often used for finding a writable filesystem) 65->88 74 dbus-daemon false 68->74         started        process14

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      z2H8jaZbYg.elf21%ReversingLabsLinux.Trojan.Mirai
      z2H8jaZbYg.elf25%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      		185.125.188.136
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9efalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://upx.sf.netz2H8jaZbYg.elffalse
            		high

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            126.154.219.164
            		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            207.10.82.95
            		unknownUnited States
            		7029WINDSTREAMUSfalse
            85.179.29.148
            		unknownGermany
            		6805TDDE-ASN1DEfalse
            175.37.56.197
            		unknownAustralia
            		4804MPX-ASMicroplexPTYLTDAUfalse
            153.112.208.157
            		unknownSweden
            		25252VOLVOITSEfalse
            164.200.67.157
            		unknownUnited States
            		3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
            94.192.178.255
            		unknownUnited Kingdom
            		5607BSKYB-BROADBAND-ASGBfalse
            37.21.122.154
            		unknownRussian Federation
            		12389ROSTELECOM-ASRUfalse
            143.179.241.167
            		unknownNetherlands
            		13127VERSATELASfortheTrans-EuropeanTele2IPTransportbackbofalse
            199.137.63.216
            		unknownUnited States
            		4152USDA-1USfalse
            94.220.48.93
            		unknownGermany
            		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
            58.177.230.69
            		unknownHong Kong
            		9269HKBN-AS-APHongKongBroadbandNetworkLtdHKfalse
            191.138.191.213
            		unknownBrazil
            		26615TIMSABRfalse
            200.196.209.85
            		unknownBrazil
            		14346AgenciaEstadoLtdaBRfalse
            12.5.110.185
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            194.148.145.210
            		unknownSwitzerland
            		12350VTX-NETWORKCHfalse
            72.206.56.123
            		unknownUnited States
            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
            159.70.6.29
            		unknownUnited States
            		32982DOE-HQUSfalse
            161.133.193.26
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            104.248.213.183
            		unknownUnited States
            		14061DIGITALOCEAN-ASNUSfalse
            105.110.242.64
            		unknownAlgeria
            		36947ALGTEL-ASDZfalse
            90.107.232.26
            		unknownFrance
            		3215FranceTelecom-OrangeFRfalse
            213.197.168.105
            		unknownLithuania
            		15440BALTNETACustomersASLTfalse
            79.140.94.223
            		unknownItaly
            		6762SEABONE-NETTELECOMITALIASPARKLESpAITfalse
            12.30.95.6
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            58.187.215.243
            		unknownViet Nam
            		18403FPT-AS-APTheCorporationforFinancingPromotingTechnolofalse
            146.194.216.0
            		unknownUnited Kingdom
            		25049STASCO-UK-ASManagedbySATelecom-LDMGBfalse
            4.165.28.239
            		unknownUnited States
            		3356LEVEL3USfalse
            210.77.136.11
            		unknownChina
            		4835CHINANET-IDC-SNChinaTelecomGroupCNfalse
            146.40.17.134
            		unknownUnited States
            		197938TRAVIANGAMESDEfalse
            223.139.11.78
            		unknownTaiwan; Republic of China (ROC)
            		17421EMOME-NETMobileBusinessGroupTWfalse
            13.67.228.175
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            174.54.205.135
            		unknownUnited States
            		7922COMCAST-7922USfalse
            213.73.151.82
            		unknownNetherlands
            		33915TNF-ASNLfalse
            45.48.204.112
            		unknownUnited States
            		20001TWC-20001-PACWESTUSfalse
            35.108.128.130
            		unknownUnited States
            		237MERIT-AS-14USfalse
            106.241.25.109
            		unknownKorea Republic of
            		3786LGDACOMLGDACOMCorporationKRfalse
            168.86.8.236
            		unknownUnited States
            		57717FBX-ASNLfalse
            212.255.108.216
            		unknownGermany
            		12312ECOTELDEfalse
            100.165.130.222
            		unknownUnited States
            		21928T-MOBILE-AS21928USfalse
            179.184.244.252
            		unknownBrazil
            		18881TELEFONICABRASILSABRfalse
            138.120.197.168
            		unknownUnited States
            		8983NOKIA-ASFIfalse
            8.204.245.52
            		unknownUnited States
            		3356LEVEL3USfalse
            97.0.90.108
            		unknownUnited States
            		22394CELLCOUSfalse
            195.62.59.142
            		unknownRussian Federation
            		44849SDN-SETI-ASRUfalse
            191.154.207.85
            		unknownColombia
            		26611COMCELSACOfalse
            118.33.60.208
            		unknownKorea Republic of
            		4766KIXS-AS-KRKoreaTelecomKRfalse
            73.63.223.10
            		unknownUnited States
            		7922COMCAST-7922USfalse
            4.174.10.131
            		unknownUnited States
            		3356LEVEL3USfalse
            116.76.144.123
            		unknownChina
            		17962TOPWAY-NETShenZhenTopwayVideoCommunicationCoLtdCNfalse
            206.192.104.243
            		unknownUnited States
            		3356LEVEL3USfalse
            207.78.25.197
            		unknownUnited States
            		701UUNETUSfalse
            140.121.118.47
            		unknownTaiwan; Republic of China (ROC)
            		38847NCHU-AS-TWNationalChungHsingUniversityTWfalse
            102.157.107.228
            		unknownTunisia
            		37705TOPNETTNfalse
            213.7.185.160
            		unknownCyprus
            		6866CYTA-NETWORKInternetServicesCYfalse
            154.84.81.44
            		unknownSeychelles
            		134548DXTL-HKDXTLTseungKwanOServiceHKfalse
            166.1.201.82
            		unknownUnited States
            		11798ACEDATACENTERS-AS-1USfalse
            54.197.10.235
            		unknownUnited States
            		14618AMAZON-AESUSfalse
            169.134.17.101
            		unknownUnited States
            		7270NET2PHONEUSfalse
            35.61.15.169
            		unknownUnited States
            		36375UMICH-AS-5USfalse
            168.29.62.250
            		unknownUnited States
            		3479PEACHNET-AS1USfalse
            24.87.37.1
            		unknownCanada
            		6327SHAWCAfalse
            58.125.162.192
            		unknownKorea Republic of
            		9318SKB-ASSKBroadbandCoLtdKRfalse
            163.26.215.141
            		unknownTaiwan; Republic of China (ROC)
            		1659ERX-TANET-ASN1TaiwanAcademicNetworkTANetInformationCfalse
            40.231.144.105
            		unknownUnited States
            		4249LILLY-ASUSfalse
            162.244.139.159
            		unknownUnited States
            		54858AS-SBIUSfalse
            78.87.62.168
            		unknownGreece
            		3329HOL-GRAthensGreeceGRfalse
            196.133.74.6
            		unknownEgypt
            		36935Vodafone-EGfalse
            211.11.238.95
            		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
            203.151.32.82
            		unknownThailand
            		4618INET-TH-ASInternetThailandCompanyLimitedTHfalse
            23.219.199.95
            		unknownUnited States
            		4230CLAROSABRfalse
            20.10.195.167
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            159.160.124.211
            		unknownUkraine
            		34058LIFECELL-ASUAfalse
            176.92.149.244
            		unknownGreece
            		3329HOL-GRAthensGreeceGRfalse
            60.114.218.130
            		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            115.251.91.162
            		unknownIndia
            		18101RELIANCE-COMMUNICATIONS-INRelianceCommunicationsLtdDAKCfalse
            94.82.151.14
            		unknownItaly
            		3269ASN-IBSNAZITfalse
            134.21.125.100
            		unknownSwitzerland
            		559SWITCHPeeringrequestspeeringswitchchEUfalse
            125.10.32.198
            		unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
            88.180.199.169
            		unknownFrance
            		12322PROXADFRfalse
            107.142.109.138
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            75.162.215.255
            		unknownUnited States
            		209CENTURYLINK-US-LEGACY-QWESTUSfalse
            42.228.127.138
            		unknownChina
            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
            103.67.234.220
            		unknownPhilippines
            		38719DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUfalse
            19.16.75.89
            		unknownUnited States
            		3MIT-GATEWAYSUSfalse
            46.80.138.112
            		unknownGermany
            		3320DTAGInternetserviceprovideroperationsDEfalse
            135.80.93.74
            		unknownUnited States
            		18676AVAYAUSfalse
            149.132.32.159
            		unknownItaly
            		137ASGARRConsortiumGARREUfalse
            99.181.229.184
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            192.212.104.110
            		unknownUnited States
            		7127SCEUSfalse
            192.169.143.97
            		unknownUnited States
            		26496AS-26496-GO-DADDY-COM-LLCUSfalse
            164.233.12.148
            		unknownUnited States
            		27064DNIC-ASBLK-27032-27159USfalse
            217.114.212.73
            		unknownGermany
            		31103KEYWEB-ASDEfalse
            12.139.158.36
            		unknownUnited States
            		20138UNASSIGNEDfalse
            110.221.250.140
            		unknownChina
            		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
            48.78.179.123
            		unknownUnited States
            		2686ATGS-MMD-ASUSfalse
            45.222.196.134
            		unknownGhana
            		37282MAINONENGfalse
            162.108.187.60
            		unknownUnited States
            		13325STOMIUSfalse
            18.156.142.231
            		unknownUnited States
            		16509AMAZON-02USfalse
            37.10.138.209
            		unknownSpain
            		3352TELEFONICA_DE_ESPANAESfalse

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            daisy.ubuntu.com1xkJBhWlOY.elfGet hashmaliciousMirai, MoobotBrowse
            • 185.125.188.137
            o726x137VU.elfGet hashmaliciousMirai, MoobotBrowse
            • 185.125.188.137
            iHPBoIXXUj.elfGet hashmaliciousMirai, MoobotBrowse
            • 185.125.188.137
            lOVWBcdPyr.elfGet hashmaliciousMirai, MoobotBrowse
            • 185.125.188.136
            2iQmBFGOCt.elfGet hashmaliciousMoobotBrowse
            • 185.125.188.137
            LkCjOLO6hm.elfGet hashmaliciousMirai, MoobotBrowse
            • 185.125.188.136
            MSObMZB4a6.elfGet hashmaliciousMirai, MoobotBrowse
            • 185.125.188.136
            imCzF4AwDG.elfGet hashmaliciousMirai, MoobotBrowse
            • 185.125.188.137
            1DQAkJ0DdR.elfGet hashmaliciousMirai, MoobotBrowse
            • 185.125.188.137
            YUI3lBwC8a.elfGet hashmaliciousMiraiBrowse
            • 185.125.188.136
            fc3rg4bRFc.elfGet hashmaliciousUnknownBrowse
            • 185.125.188.137
            PVbOO02JiF.elfGet hashmaliciousMiraiBrowse
            • 185.125.188.137
            AVpGrgzqpb.elfGet hashmaliciousMiraiBrowse
            • 185.125.188.136
            4gnxI6qLBx.elfGet hashmaliciousMiraiBrowse
            • 185.125.188.136
            TyWCkn4SB8.elfGet hashmaliciousUnknownBrowse
            • 185.125.188.137
            C47XS52dqY.elfGet hashmaliciousUnknownBrowse
            • 185.125.188.136
            Def2cq5wMV.elfGet hashmaliciousMiraiBrowse
            • 185.125.188.136
            sorabeam.x86.elfGet hashmaliciousMiraiBrowse
            • 185.125.188.136
            UiuZNHab2t.elfGet hashmaliciousMiraiBrowse
            • 185.125.188.137
            BmiNc3XEsd.elfGet hashmaliciousMiraiBrowse
            • 185.125.188.136

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            GIGAINFRASoftbankBBCorpJP1xkJBhWlOY.elfGet hashmaliciousMirai, MoobotBrowse
            • 220.37.49.64
            H26Oofw1d8.elfGet hashmaliciousMiraiBrowse
            • 126.68.113.74
            uz228WrlRm.elfGet hashmaliciousMiraiBrowse
            • 126.178.169.123
            KXDmIlMnn3.elfGet hashmaliciousMiraiBrowse
            • 60.144.208.71
            loligang.x86.elfGet hashmaliciousMiraiBrowse
            • 126.99.63.225
            loligang.arm.elfGet hashmaliciousMiraiBrowse
            • 126.73.80.12
            iHPBoIXXUj.elfGet hashmaliciousMirai, MoobotBrowse
            • 126.86.218.91
            lOVWBcdPyr.elfGet hashmaliciousMirai, MoobotBrowse
            • 221.55.78.252
            2iQmBFGOCt.elfGet hashmaliciousMoobotBrowse
            • 220.13.220.65
            LkCjOLO6hm.elfGet hashmaliciousMirai, MoobotBrowse
            • 126.107.109.52
            MSObMZB4a6.elfGet hashmaliciousMirai, MoobotBrowse
            • 60.99.208.246
            imCzF4AwDG.elfGet hashmaliciousMirai, MoobotBrowse
            • 221.49.48.106
            1DQAkJ0DdR.elfGet hashmaliciousMirai, MoobotBrowse
            • 221.16.22.89
            d1mhDLrdaN.elfGet hashmaliciousMiraiBrowse
            • 220.57.127.143
            Z0ZpvNkW6R.elfGet hashmaliciousMiraiBrowse
            • 126.148.46.215
            xd.x86.elfGet hashmaliciousMiraiBrowse
            • 126.158.36.184
            xd.arm7.elfGet hashmaliciousMiraiBrowse
            • 126.232.215.48
            VGm0FoCHo4.elfGet hashmaliciousMiraiBrowse
            • 219.204.231.16
            jKWf43eQS6.elfGet hashmaliciousMiraiBrowse
            • 126.11.254.53
            JCRXsip8kC.elfGet hashmaliciousMiraiBrowse
            • 126.246.128.170
            WINDSTREAMUS1xkJBhWlOY.elfGet hashmaliciousMirai, MoobotBrowse
            • 198.14.245.163
            2iQmBFGOCt.elfGet hashmaliciousMoobotBrowse
            • 66.251.7.93
            d1mhDLrdaN.elfGet hashmaliciousMiraiBrowse
            • 98.23.53.175
            jKWf43eQS6.elfGet hashmaliciousMiraiBrowse
            • 209.156.89.152
            voluptates.jsGet hashmaliciousQbotBrowse
            • 173.185.50.218
            JCRXsip8kC.elfGet hashmaliciousMiraiBrowse
            • 66.202.23.161
            l3W3iaBi23.elfGet hashmaliciousMiraiBrowse
            • 66.35.137.71
            x86-20230317-1550.elfGet hashmaliciousMiraiBrowse
            • 166.102.36.235
            fHeEAsdbaU.elfGet hashmaliciousMiraiBrowse
            • 67.214.11.228
            xS5krR1vP4.elfGet hashmaliciousMiraiBrowse
            • 74.9.188.49
            d2Xn0ZmPQd.elfGet hashmaliciousMiraiBrowse
            • 216.41.10.19
            3UQeS156pN.elfGet hashmaliciousMiraiBrowse
            • 66.16.127.126
            LKIdTAbPmn.elfGet hashmaliciousMiraiBrowse
            • 166.103.63.176
            sora.arm7.elfGet hashmaliciousMiraiBrowse
            • 75.89.210.196
            3AlUMxPHIc.elfGet hashmaliciousMiraiBrowse
            • 162.40.83.30
            z0lW2JiaTI.elfGet hashmaliciousMiraiBrowse
            • 65.23.29.96
            7GMO3hOA9b.elfGet hashmaliciousMiraiBrowse
            • 205.232.191.227
            6urRVWiI64.elfGet hashmaliciousMiraiBrowse
            • 209.86.139.206
            Omnis.htmlGet hashmaliciousHtmlDropper, QbotBrowse
            • 173.185.50.218
            bU4z0Kv6ip.elfGet hashmaliciousMiraiBrowse
            • 66.0.112.233

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

            Download File
            Process:/usr/bin/pulseaudio
            File Type:ASCII text
            Category:dropped
            Size (bytes):10
            Entropy (8bit):2.9219280948873623
            Encrypted:false
            SSDEEP:3:5bkPn:pkP
            MD5:FF001A15CE15CF062A3704CEA2991B5F
            SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
            SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
            SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:auto_null.

            /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

            Download File
            Process:/usr/bin/pulseaudio
            File Type:ASCII text
            Category:dropped
            Size (bytes):18
            Entropy (8bit):3.4613201402110088
            Encrypted:false
            SSDEEP:3:5bkrIZsXvn:pkckv
            MD5:28FE6435F34B3367707BB1C5D5F6B430
            SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
            SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
            SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:auto_null.monitor.

            /proc/6414/oom_score_adj

            Download File
            Process:/usr/bin/dbus-daemon
            File Type:very short file (no magic)
            Category:dropped
            Size (bytes):1
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:3:V:V
            MD5:CFCD208495D565EF66E7DFF9F98764DA
            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
            Malicious:false
            Reputation:high, very likely benign file
            Preview:0

            /run/gdm3.pid

            Download File
            Process:/usr/sbin/gdm3
            File Type:ASCII text
            Category:dropped
            Size (bytes):5
            Entropy (8bit):1.9219280948873623
            Encrypted:false
            SSDEEP:3:Wt:Wt
            MD5:DF6A4FCF8DCE63670ABBC919E8E1DC8F
            SHA1:2336853DC9CAD24A3BFF259D1C3AE23AA516ACD3
            SHA-256:7F0C46101CA984B832CE4CC7BE844E2C3F9B52DB024EFE082189DBE9CD4A7031
            SHA-512:56F71995C4C8E5B27715C338D2C6566E8DE6AD6C94210289E08D5842BD95549589BD04D812B7687DD2D2E378DF3C5DE1BA68B8BCA6D45A103CD3CB76CFA871B7
            Malicious:false
            Reputation:low
            Preview:6388.

            /run/systemd/journal/streams/.#9:760703gd2L1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):223
            Entropy (8bit):5.523309049940359
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmpl+dfdl+YRqjs7Lbr:SbFuFyLVIg1BG+f+MsNRqji4s
            MD5:9EC1A480450F167AE739CA8F1C4431DC
            SHA1:F83D88E0669B0D227E100A9B381C3508A50032F9
            SHA-256:EFCF59B9C604AC9F9A788D4B3EDDC3F090C3BADD7598FA5F520B296438D96A29
            SHA-512:D24D184B1A496DEF0B58AE7F701D3EE62C90D6C4B79E9D563C84FEF09300B5800AA08790142E945A4D522D7921748D9FE2A0877536C15BFFD4704080BD812FBC
            Malicious:false
            Reputation:low
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=c3546a459e364f0aa874c7487309d925.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

            /run/systemd/journal/streams/.#9:7607988WWP2

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):208
            Entropy (8bit):5.337093723223138
            Encrypted:false
            SSDEEP:6:SbFuFyLVIg1BG+f+MuXdzmdLNc7jdCLKzK:qgFq6g10+f+MEiXcdCLAK
            MD5:42C675EDB71B152D6300EA1DDB9DCB0C
            SHA1:FE517A3DE94D4683A9E4727BDA3003F7E4A4E238
            SHA-256:E43A54485A2005F0C9E43EB2B750A2A984C72A23790A152D6D9CBB004720BC6E
            SHA-512:A13B1FCA0BBC85C2264DACFB867D8820929BBBB7EF52FE6458730E0A3EDB47B7A356B7D88A2903305D5E5EA04751D11EF7F0117B76A5363431FCD45B10CE7485
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=da9afa9e82d04e86baa1f99839a0a377.IDENTIFIER=whoopsie.UNIT=whoopsie.service.

            /run/systemd/journal/streams/.#9:76085rRBkfZ

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):207
            Entropy (8bit):5.416118462269791
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmoBcBROWaUnZ1F2jsc:SbFuFyLVIg1BG+f+MoqOvUnh2josQu
            MD5:606DE68676E78D00634EDAE8B24AE2EB
            SHA1:829B9F309033F5D4035F2D7F5F49A28B779DE28B
            SHA-256:3E1FEA6A53AEDA5C0B0BD7F79C5FEC791743A14397F3018C136F152FE2F7D1BD
            SHA-512:BA81213BBEF545AEF36565FF7E2204B7AE137DD8124B3501362348D8137226DF8BD14B2796DB53807C6BA815AFE23F5DD21F5C572123EB1E1C8816183004FE0A
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b249d4362322491bb0a883c0d256bd0f.IDENTIFIER=dbus-daemon.UNIT=dbus.service.

            /run/systemd/journal/streams/.#9:76100feueR1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):188
            Entropy (8bit):5.368271495562698
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm9+QsRRA42W6Ag2jsO:SbFuFyLVIg1BG+f+MSyNW68jtWL0
            MD5:C58CCDB4538EFEC4778C71C1E6968EDB
            SHA1:0C3FB6899550C420C99A4016F92EB19561AF46E1
            SHA-256:C61DAA8A3FA2A992656A7057785B36EFEBC322450DB80FF299B7499103503643
            SHA-512:4F23C3F828F37F7E44B8E9805FDBC4B9803E1DD4E7D289A5ECD70B69700B76F3771645CA6BDFB80D5065D946B32A28F7D25D0C113F9C59E56DCE2A7A36DF386E
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=79a4db8356584863b76d45507be872c5.IDENTIFIER=pulseaudio.

            /run/systemd/journal/streams/.#9:76101SGztf1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):220
            Entropy (8bit):5.488474129337535
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmroQqc9dSHWKiY+sje:SbFuFyLVIg1BG+f+M0An90jZcHcljX+
            MD5:118936196D82F6BEA27F414A24B33A9E
            SHA1:AB9E798D61F7DA617C36B561C5D431A0DD336D9B
            SHA-256:D32331FD121CFF63D65A7F4A6143C7096720FF3262A78E17242628AA7B19215A
            SHA-512:4444155AF8049EF87940DA4CF6D998EA540A4761743D7D4B8F5C0AB34AADB6159CBA3833CC2DA8C7D26B38F3E2F878614F50393B71699E9530CDFAF192EE574E
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=aadba765d7b14e9fa585bc571359af23.IDENTIFIER=systemd-logind.UNIT=systemd-logind.service.

            /run/systemd/journal/streams/.#9:76102yA1jaZ

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):216
            Entropy (8bit):5.422111243092987
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmyakYWDaVRhiQvXsja:SbFuFyLVIg1BG+f+My1kiQv8jNE
            MD5:9E9C893CF38258B84B38E725036DFF80
            SHA1:F28F2669027E6BC15636B9BDA05CE093E09A89AF
            SHA-256:BCC2A6C1C0C2E218713FC2179B2666D8705F91C154CBFF842B5F0FAA20770771
            SHA-512:9FE209724A2BFFB537DFB58A7722CEDCCE6D34A8548B38A3EAB3AA0A54B132555B2222CE98693D60254F96DCD797BCEFE50683A1F9BF0032C5EBC08DB8A7E2BF
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=8ffebcf77e194831bd9fc0ccfe574a71.IDENTIFIER=rtkit-daemon.UNIT=rtkit-daemon.service.

            /run/systemd/journal/streams/.#9:76103tS6Us1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):205
            Entropy (8bit):5.384267018723624
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmv4XzhcplwvJATjshP:SbFuFyLVIg1BG+f+MaK0vCTjbVC
            MD5:03CDB497EE3BF6BA54F06ADAE9DDE85E
            SHA1:330AFF9042355F47F49E8AC442EC32831ABE473B
            SHA-256:E68475D41E49AB82A447CD812297211FB3289ED3FCF5018997737C6224138539
            SHA-512:2F3F973F9E3027DDEC9F34B1EE45D5B08F8D0495793B0821FDB5E43A53052B75E9D4383B18D5D68A9F4B229754889A083D3716B839A6584070E66055DA903B48
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=edf4977d3d234ba795ad18e4f7f0d404.IDENTIFIER=polkitd.UNIT=polkit.service.

            /run/systemd/journal/streams/.#9:76104HVXhf0

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):208
            Entropy (8bit):5.4123984745666345
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmrk1h8SBwsjswkClr+:SbFuFyLVIg1BG+f+Mg1nZjLkGq
            MD5:D4FED49320B593C1C061CD7AE03E393B
            SHA1:627D345D725375F4BEB37999744F456AB5EC0512
            SHA-256:BC90CC1EC91528F82A0A5E838DEEEAE04B702E89A4C501977D39D35D78542E5C
            SHA-512:2290278BCAE484E91F5840AF8D075429DE045C17A2098AB15988B79A030A1AEE5D70D38A60F6094BFD57508027B2D43C7868F07C9819E5EB158D3FE8CE4DF54A
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a14b8fc263844d8aae3cb4fbe1cd7792.IDENTIFIER=agetty.UNIT=getty@tty2.service.

            /run/systemd/journal/streams/.#9:76105LJL2c1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):228
            Entropy (8bit):5.469195674014826
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm62Ko+wTNYuqjsmNzC:SbFuFyLVIg1BG+f+M6WLYTjdCt/rRMtq
            MD5:EEE62834D6F0AEBF2C5E11C38F34ECF9
            SHA1:A51DBD129E1FA6C647D073DBB287669C137C0368
            SHA-256:50BCDF0B7E1E3A960A9C50480EFA473B5D85A45E53EB46128D343FA8ABBB93F0
            SHA-512:6F41F78E3FA2C27F9002F11C79DBA065779497DA08BACEB40D4B08D89F89CB93931751FD37308CD294FAB2895CB1946D095F0C4C6109645E2E06322085303264
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=0fdd15a9155943bfbb0c8195c42b56f4.IDENTIFIER=whoopsie-upload-all.UNIT=apport-autoreport.service.

            /run/systemd/journal/streams/.#9:76106XU9jf0

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):210
            Entropy (8bit):5.402943448463517
            Encrypted:false
            SSDEEP:6:SbFuFyLVIg1BAf+MuBT1EyaEUTjNALyAZD:qgFq6g1af+M2xsZFIZD
            MD5:2F564606BA702249B479146D77945C1B
            SHA1:2070E02DC85E55A6361C973454FFD588AE445247
            SHA-256:94CBA1FE64FA312C79EF30C0A7CD0705D72E3A926CD2CB259E1FD028417C6A06
            SHA-512:146915FA94E376C36E9E8FB8BF55C4D5BEA6FC04B10C73B67938D7EEDEBD9B897EF7E3FDC839F2B509A8239B295EB2CC38524273BEBBB5FFAF24B06DC36E8EA7
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=dd5a8b6c6e024e4ca9f49623fe303ee3.IDENTIFIER=generate-config.UNIT=gdm.service.

            /run/systemd/journal/streams/.#9:76107UpIrfZ

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):223
            Entropy (8bit):5.468420214618003
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5oGXR9EvrIDpjs7LH:SbFuFyLVIg1BG+f+Me0WIDpji4s
            MD5:437892847A33653150D49FD086082115
            SHA1:65FE6ABC14F0F68187C89E7AE6E37C7636F998B1
            SHA-256:2946C0D24BE5366BA0CCEC8EC094A16E7DD77D9B283EE2AFFFDD217D880CFA86
            SHA-512:7CD0E6D981EFAE8E74965DD4DDECA2C3C2204C829C6E15700AE72BAEBA1DE9AD437ECB1AD171A6C8BE2FA8E72EB908C2AB913F998253C7894B6594FCDE87B01C
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=32944ba9fda24a118e4e2d2b3a231afe.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

            /run/systemd/journal/streams/.#9:76108DSzByZ

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):211
            Entropy (8bit):5.433410088851785
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxmv/WWWXTSz+N2js2BbQL:SbFuFyLVIg1BAf+MWDSzrjNdQIeXD
            MD5:4E655CCA5267ECDAB41FEB951D9B7529
            SHA1:B6E3793120283056D1B6BFAE89D7C8A904D9875D
            SHA-256:F8775F14BE981519FC508B725C43EC8A23424CBBB907641220BBC243053FB367
            SHA-512:A3039A1964D44A872AB3B2426760E85CEF9E0D277197ACEAE6165FB5B16A59BC4EED2D0A8A74F34044C81D67494B3C1118EFFD95A40A2606FCAA02E2E07F1A8E
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=e8e7da18be634811a06d834eb55caf35.IDENTIFIER=gdm-wait-for-drm.UNIT=gdm.service.

            /run/systemd/journal/streams/.#9:76142xBYZO1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):199
            Entropy (8bit):5.414954723037587
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxm7dx3NEvTwHa4+sjs2BP:SbFuFyLVIg1BAf+MJRNEFUjNTZD
            MD5:15605AB3F74837B81AAFA3CE6EC84CE4
            SHA1:B247534ACC39028CD6F116EA0E17BE17DDE343D8
            SHA-256:5E316FB8530643E3EABB860BD4C168C652BDD7734F6B32CFFE25C43AF3524EE0
            SHA-512:AA2A27F5775706CEBF72CAF92784FC8CB49AB45F0DF1A9B35890A5B7A0F51686AC2405E089A7B7EF07438AE14B94DD6CFB370C2864DCBE2E97B5F1930C4A5785
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=12a402ce108f4189a645d07b5b4421fb.IDENTIFIER=gdm3.UNIT=gdm.service.

            /run/systemd/journal/streams/.#9:76164Hk88V1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):222
            Entropy (8bit):5.459690048773107
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmv2TWCN2UHW2lsjswq:SbFuFyLVIg1BG+f+MbCFHX2jLTTIWTIL
            MD5:76DC2C5C5E02DE24A77C30D11BF945AD
            SHA1:36497E41D8607139520C86D31E60AF085646C3BD
            SHA-256:B03A4AEBF160D1523FA6214D23DD69F5C85B2B1B2DF0E15B71A2CEB777B7A8F4
            SHA-512:0106FF5AC0D11B9AD7410D14E27B437093DADA071DA28ED882BF035CBB7373DFDCC065C25461A8E1D281C4C575130BB260DDC1DA234D1B7FC27EEBBB232F9522
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=e685618bfbb2412c8269acf978b091b0.IDENTIFIER=accounts-daemon.UNIT=accounts-daemon.service.

            /run/systemd/journal/streams/.#9:76180Xn1Ls1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):195
            Entropy (8bit):5.449703806600098
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm9AiNXemc5THjs2q:SbFuFyLVK6g7/+BG+f+M6Lmc5LjNq
            MD5:89600C1AAC5CEA22C31C89E72FBDB66C
            SHA1:DACB493625C9AE8D0BEB444BBE531DCA27D71CE6
            SHA-256:5286C94E5A968D73F4A9A772685629D366E90B88C0CBE6FDECA0CBA8C7FD1FD9
            SHA-512:B6791C2AAE91BC60241A1CBD837427B84EFA34947279F96EB502455DE4EE5531E8E9F4B4338A709B7E8B9C815DD9AB89C2AE8704CE0F2989A6E5C4A383993E01
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7cb0edd22fdf426681342159a2cebf37.IDENTIFIER=gdm-session-worker.

            /run/systemd/journal/streams/.#9:76181dEb7k3

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):195
            Entropy (8bit):5.337395424395534
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmuyAeZ97DqK8js2q:SbFuFyLVI6g7/+BG+f+MuAqpjNq
            MD5:74127A73FE9431E2D83FC02B27EDA3B4
            SHA1:FF4AFBA4C9C13873265C1F181BBB272978CD6B67
            SHA-256:6E8061D3414E346EF2D10C02B54D83B5E3F524525BE759D846FB6FF8FCE2EB6B
            SHA-512:3ACEC1A02773802F71ABC5A9AE83A9F625D2B14054173E2D2F172E2EEFECFB8CE612ACB89CE5FE02AA06B1512F793663FC75156879A8181D05C7B499C35F3F7C
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=dcad508d94b04ee1b1e02e0abe9f519e.IDENTIFIER=gdm-session-worker.

            /run/systemd/journal/streams/.#9:76203NyxNn1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):210
            Entropy (8bit):5.508600827996176
            Encrypted:false
            SSDEEP:6:SbFuFyLVK6g7/+BG+f+M+7A580jFQMzKaBu:qgFqo6g7/+0+f+Ms8Tmh
            MD5:B657FCF057898483EBD3C1CD32B31DC1
            SHA1:5159F8C192A2D7BA5A5EA1B0B773F84643702633
            SHA-256:0852DC7977CCE1F39A20935F010A9E4411CEC0A0C4D2042C33450E8BF9AE1F96
            SHA-512:D4BABAD958AA9D176DF8364A00B6FB4BC187188A98D2526125E6F985340FE4BBDCCBBBF33D914CF1043AE33DF3AEDEC67D941CA27868C844CF256F3910FC0D37
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=4d83140b10af4a339da7be82c95614a0.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.

            /run/systemd/journal/streams/.#9:762050gDtO0

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):210
            Entropy (8bit):5.547846422854204
            Encrypted:false
            SSDEEP:6:SbFuFyLVI6g7/+BG+f+MkAhC2DGTjFQMzKaBu:qgFqdg7/+0+f+MkAsNTmh
            MD5:63FEF2286B78D7267FCCD3BABDA9C0B8
            SHA1:B17BF9CAF9BFE162C393CF4AEB06A48569E618C1
            SHA-256:6890C8BFFE94191618731E1A9F35F460007C28F8DAC8F127D2FF2285C9E4070E
            SHA-512:932608D9C1D48EC2B149DE9D4A998443009689E19775DAAE4CC1636BC16DB4FF16B76E4B59825D00F600AE83933FDAE1B6714DE43FEBCF9DB447D889B44C9DD6
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3261c769fb084371a2bcf2de4dffa517.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.

            /run/systemd/journal/streams/.#9:76275q8RFn0

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):189
            Entropy (8bit):5.326052570742073
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm7zmRVShilsjs1Han:SbFuFyLVIg1BG+f+M24hi2joa
            MD5:9EA96A9B981D8BE73FEF3859C683F46B
            SHA1:BD6C745755BC634DD96218BD2E1696981F065CB0
            SHA-256:2E949D04AAC76F7522C2613457339540CE4A62DAF31E25D5C552E3F792D88DBC
            SHA-512:0C4C9113E9CC015318A60A7FFB30F5609CB592E1CECB52FB16AE60076CBB59D03EE325AD52203634E50EDE4CB750D3A70462EC4F02A92A863A0124607F99E1A4
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=1a14f64ed408480bae7c0ee474b53b4c.IDENTIFIER=dbus-daemon.

            /run/systemd/journal/streams/.#9:76288lH4sP1

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:ASCII text
            Category:dropped
            Size (bytes):188
            Entropy (8bit):5.3387416073483696
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5jmsHUlX17cXUExJQ:SbFuFyLVIg1BG+f+MIselM6jtWL0
            MD5:17B6BDBBD497C5FE2809C54861456B2C
            SHA1:C0FD56503F0F0998F01D365B561A94D139EB859A
            SHA-256:02E0C233F727BF8651486E0A8E4BD81361A500C1E59835FE064E781DF9B15F5B
            SHA-512:34D3527E469D4452DDB259E7AA0E2FF9CBEAE5C8D0A800DB96C0117E6A13F07BBAC2BD7BC714290FFE95649BFF8550B81B7B6EC256CC964F6E80710AFD7C6786
            Malicious:false
            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3ec232f7a9b14f238f5bae82921a5a22.IDENTIFIER=pulseaudio.

            /run/systemd/seats/.#seat048NGIp

            Download File
            Process:/lib/systemd/systemd-logind
            File Type:ASCII text
            Category:dropped
            Size (bytes):116
            Entropy (8bit):4.957035419463244
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
            MD5:66D114877B3B4DB3BDD8A3AD4F5E7421
            SHA1:62E0CB0F51E0E3F97BE251CB917968DFF69ED344
            SHA-256:A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
            SHA-512:5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
            Malicious:false
            Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.

            /run/systemd/seats/.#seat0hzqgsq

            Download File
            Process:/lib/systemd/systemd-logind
            File Type:ASCII text
            Category:dropped
            Size (bytes):95
            Entropy (8bit):4.921230646592726
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
            MD5:BE58CCABC942125F5E27AF6EB1BA2F88
            SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
            SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
            SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
            Malicious:false
            Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.

            /run/systemd/users/.#1277Ga0sq

            Download File
            Process:/lib/systemd/systemd-logind
            File Type:ASCII text
            Category:dropped
            Size (bytes):282
            Entropy (8bit):5.281010581089377
            Encrypted:false
            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6EJgG+qTGQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBVgc4thQHtPYq9M
            MD5:119A0A16A447099B08C190BC26B7D361
            SHA1:D37DF7F22365DC3D5B0C2617BCCE9029FF529967
            SHA-256:9214DC5F73D3DBFEEF22C23E363A1DF9F849E6E9AD4308A808F0103F984AEBA7
            SHA-512:252CB6C31BB8C05C550F2A46CF4E4054BED246201489FDDB0175DE224588E48C304D15E7D94E4BB2A83A0C490729C8E5A4EC9D12FDFCDE3FDEABD6133A29D6F0
            Malicious:false
            Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12106.REALTIME=1679112742192691.MONOTONIC=454081153.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

            /run/systemd/users/.#127RDlG6q

            Download File
            Process:/lib/systemd/systemd-logind
            File Type:ASCII text
            Category:dropped
            Size (bytes):174
            Entropy (8bit):5.304343391195471
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMs5BuSgdNR2sKiYiesnAv/XSHxJgPC3rqWVdNQI6H206qodedVv:SbFuFyL3BVgdL87iesnAiRJgG+qTat6a
            MD5:5AA8C24DFD75CFF1A583F2F113E541B5
            SHA1:EFF574599BDEA0CB9DBEA7939C7A47CFA25DB152
            SHA-256:5F19EEA9F68598BB77FC96C7055A61D9F18F00B7C73D2DBE7A35DABACC5276D4
            SHA-512:C2CDCFB564913B295D691F8F08A113E323DD2C3524B4F0D7CAD3DA3F54FDCA9820D7D5A61F0EB95D890DFD7681EF0102F2CF693B279D6E1A4C753073B4BB758D
            Malicious:false
            Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.REALTIME=1679112742192691.MONOTONIC=454081153.LAST_SESSION_TIMESTAMP=454168642.

            /run/systemd/users/.#127W8qVvr

            Download File
            Process:/lib/systemd/systemd-logind
            File Type:ASCII text
            Category:dropped
            Size (bytes):188
            Entropy (8bit):4.928997328913428
            Encrypted:false
            SSDEEP:3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
            MD5:065A3AD1A34A9903F536410ECA748105
            SHA1:21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
            SHA-256:E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
            SHA-512:DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
            Malicious:false
            Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

            /run/systemd/users/.#127b4iMFq

            Download File
            Process:/lib/systemd/systemd-logind
            File Type:ASCII text
            Category:dropped
            Size (bytes):223
            Entropy (8bit):5.45078332422295
            Encrypted:false
            SSDEEP:6:SbFuFyL3BVgdL87ynAir/0Ixff6GgG+qTat6onv:qgFq30dABibBtgcaIa
            MD5:FBC602585E664DFEAF26EE4A3FB2642E
            SHA1:BA3C5CE08BA6A9136B11750BC5D2516FD124F542
            SHA-256:33D35F1A2E017FDBA0ABD56E549B23BF832C81B9CF65E36ACBC77459B163EE29
            SHA-512:931BA413BD14E4C0F380E3CF595C278E25ED829C0E630C6B383EC1CAD8D206A8511D31FBF3F809B96AE2A4294E9AB97ED440977C8F974832E54CF7CB2B957132
            Malicious:false
            Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12168.REALTIME=1679112742192691.MONOTONIC=454081153.LAST_SESSION_TIMESTAMP=454168642.

            /run/systemd/users/.#127boNQ4p

            Download File
            Process:/lib/systemd/systemd-logind
            File Type:ASCII text
            Category:dropped
            Size (bytes):282
            Entropy (8bit):5.281010581089377
            Encrypted:false
            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6EJgG+qTGQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBVgc4thQHtPYq9M
            MD5:119A0A16A447099B08C190BC26B7D361
            SHA1:D37DF7F22365DC3D5B0C2617BCCE9029FF529967
            SHA-256:9214DC5F73D3DBFEEF22C23E363A1DF9F849E6E9AD4308A808F0103F984AEBA7
            SHA-512:252CB6C31BB8C05C550F2A46CF4E4054BED246201489FDDB0175DE224588E48C304D15E7D94E4BB2A83A0C490729C8E5A4EC9D12FDFCDE3FDEABD6133A29D6F0
            Malicious:false
            Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12106.REALTIME=1679112742192691.MONOTONIC=454081153.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

            /run/user/1000/pulse/pid

            Download File
            Process:/usr/bin/pulseaudio
            File Type:ASCII text
            Category:dropped
            Size (bytes):5
            Entropy (8bit):1.9219280948873623
            Encrypted:false
            SSDEEP:3:kn:kn
            MD5:D610F5FCF38E1022DF82774BDA8D7C2C
            SHA1:ADA259F88865A134BBF0694C866EAE8947A09013
            SHA-256:7DF4A24CADB6E042319D83098F9BAB21B43E2C017A010AFF52834E761521075E
            SHA-512:49D4FD9E585CFDD1EA32E16BA05EC7AC7B255AB80FA435F628BB22D435AFA078CA7B029BA6BC80AD2FB5CB54459940569EA2B310C60227B251C384A03B1B3FBB
            Malicious:false
            Preview:6443.

            /run/utmp

            Download File
            Process:/sbin/agetty
            File Type:data
            Category:dropped
            Size (bytes):384
            Entropy (8bit):0.6775035134351415
            Encrypted:false
            SSDEEP:3:50sXlXEWtl/+YBHltl:n+ylWYlX
            MD5:CF9EDCAFABD18562AD8E25176BA02AE5
            SHA1:CC59FC70EFE1C54E60811A2AA2197A5AD452BB77
            SHA-256:E8CC1B0AAAA929F2AC1FB2BB6C7E2563DB0506DB57091D2667E8B4294E986D88
            SHA-512:071989494688BF57402899808674A92E92B4EC9A0B819FD956FDB0096CD966E2174DB2ED3F990395661C1D4E1B16EABFD4D4E995CCEE1B69F77D28FEC110D1EF
            Malicious:false
            Preview:........tty2.tty2.......................tty2LOGIN....................................................................................................................................................................................................................................................................................................:.d.Q......................................

            /tmp/qemu-open.c1cS4O (deleted)

            Download File
            Process:/tmp/z2H8jaZbYg.elf
            File Type:data
            Category:dropped
            Size (bytes):20
            Entropy (8bit):4.221928094887362
            Encrypted:false
            SSDEEP:3:Tg/Uo3:Tgcu
            MD5:59C16A5B82DDECDDF31A1142E40758FE
            SHA1:FB612F0D20AC480062D32E8A84B91B04FC104282
            SHA-256:F43597A1A152931A322414D421C05E7007D63D41DF0721075B6437DD3986D58F
            SHA-512:2DD71F0EC67B148C9DA54376A22644D26D91E762109326D079F0B0D3B6A7B57FA637C58E7286AAE7F0BCC801F1EE4CAE1C3063144E589B27987DB56BB62CE052
            Malicious:false
            Preview:/tmp/z2H8jaZbYg.elf.

            /tmp/qemu-open.fDwK6M (deleted)

            Download File
            Process:/tmp/z2H8jaZbYg.elf
            File Type:data
            Category:dropped
            Size (bytes):20
            Entropy (8bit):4.221928094887362
            Encrypted:false
            SSDEEP:3:Tg/Uo3:Tgcu
            MD5:59C16A5B82DDECDDF31A1142E40758FE
            SHA1:FB612F0D20AC480062D32E8A84B91B04FC104282
            SHA-256:F43597A1A152931A322414D421C05E7007D63D41DF0721075B6437DD3986D58F
            SHA-512:2DD71F0EC67B148C9DA54376A22644D26D91E762109326D079F0B0D3B6A7B57FA637C58E7286AAE7F0BCC801F1EE4CAE1C3063144E589B27987DB56BB62CE052
            Malicious:false
            Preview:/tmp/z2H8jaZbYg.elf.

            /tmp/qemu-open.x8J3mN (deleted)

            Download File
            Process:/tmp/z2H8jaZbYg.elf
            File Type:ASCII text
            Category:dropped
            Size (bytes):208
            Entropy (8bit):2.7878062383875
            Encrypted:false
            SSDEEP:3:FVetQ3f/FVLAHT/VVdf/FVCVqib/VVdf/FVLADsVHI1v/VVdf/FVWAfDDXtj/VVZ:UKAz/V+h/VjmsVot/VOArB/VH
            MD5:CB0E29FFBD48A89EB71F11C24CA9B287
            SHA1:AB0217BF8524015FB5CB0AF878D3ECBA26514668
            SHA-256:B7382705295125CEE160AD858EA111B723E6BBBB99B556E3EA2D8E258CCC050C
            SHA-512:B6786F21B4F60301807B1B2048CEC3F80A83E50C9C2EF9D802A6B2E5A9248AF14BFC58986B2931E4E651AD60ED83F6900ABE8CF3C7D0B4D23EBDACC613CDDA2D
            Malicious:false
            Preview:8000-1a000 r-xp 00000000 00:00 0 .21000-25000 rw-p 00000000 00:00 0 .25000-27000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

            /var/lib/AccountsService/users/gdm.Q8IC21

            Download File
            Process:/usr/lib/accountsservice/accounts-daemon
            File Type:ASCII text
            Category:dropped
            Size (bytes):61
            Entropy (8bit):4.66214589518167
            Encrypted:false
            SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
            MD5:542BA3FB41206AE43928AF1C5E61FEBC
            SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
            SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
            SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
            Malicious:false
            Preview:[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.

            /var/lib/ubuntu-drivers-common/last_gfx_boot

            Download File
            Process:/usr/bin/gpu-manager
            File Type:ASCII text
            Category:dropped
            Size (bytes):25
            Entropy (8bit):2.7550849518197795
            Encrypted:false
            SSDEEP:3:JoT/V9fDVbn:M/V3n
            MD5:078760523943E160756979906B85FB5E
            SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
            SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
            SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
            Malicious:false
            Preview:15ad:0405;0000:00:0f:0;1.

            /var/log/gpu-manager.log

            Download File
            Process:/usr/bin/gpu-manager
            File Type:ASCII text
            Category:dropped
            Size (bytes):1371
            Entropy (8bit):4.8296848499188485
            Encrypted:false
            SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
            MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
            SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
            SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
            SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
            Malicious:false
            Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

            /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:data
            Category:dropped
            Size (bytes):240
            Entropy (8bit):1.4595260194504922
            Encrypted:false
            SSDEEP:3:F31HlgyWnQ4yWnAl/l:F3QyWnbyWnAt
            MD5:AFB9F36E213FEBAFF8E66D86BEEF91D0
            SHA1:57572685B6BBDC2CF1520C1198A8F89AAF760C81
            SHA-256:B81F9819702DCBE01EA6DE8E002311961FA52E8DCE2DDEDCEF5073951BBDC29E
            SHA-512:C00A0C93BFF1B2B41C096C585D3615DD395AA8684010E0226751E8F0D8E8DA5DEE706E6B797C3818DC54816C02ABF85FEE50F3841B35908893BDE1F7C75BFC56
            Malicious:false
            Preview:LPKSHHRH....................C2......'}....................................C2......'}........................................................................................................................................................

            /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal

            Download File
            Process:/lib/systemd/systemd-journald
            File Type:data
            Category:dropped
            Size (bytes):240
            Entropy (8bit):1.4595260194504922
            Encrypted:false
            SSDEEP:3:F31HlCbIysXlKbIy0:F3KIyI
            MD5:1BD5BBFC61348068C1CCF37EDEFB2C31
            SHA1:03C4752D7E1B612131D97E7B48E2440E6B014C0F
            SHA-256:868D764FC4C788E180CD501ACBE70D91585C30909D2802A5F1667B7CAC9B3317
            SHA-512:DCF4B2E2E95F7448F2FAA4CE5922F3FD90A60D604CDCD49E84D44990F620BB7DD4CD33D65E4C058D7F76BE5FE545B4F63D6CC91D74DED4057B5B6F2F518FEFF8
            Malicious:false
            Preview:LPKSHHRH................?F..rCm../Y....................................?F..rCm../Y............................................................................................................................................................

            /var/log/wtmp

            Download File
            Process:/sbin/agetty
            File Type:data
            Category:dropped
            Size (bytes):384
            Entropy (8bit):0.6775035134351415
            Encrypted:false
            SSDEEP:3:50sXlXEWtl/+YBHltl:n+ylWYlX
            MD5:CF9EDCAFABD18562AD8E25176BA02AE5
            SHA1:CC59FC70EFE1C54E60811A2AA2197A5AD452BB77
            SHA-256:E8CC1B0AAAA929F2AC1FB2BB6C7E2563DB0506DB57091D2667E8B4294E986D88
            SHA-512:071989494688BF57402899808674A92E92B4EC9A0B819FD956FDB0096CD966E2174DB2ED3F990395661C1D4E1B16EABFD4D4E995CCEE1B69F77D28FEC110D1EF
            Malicious:true
            Preview:........tty2.tty2.......................tty2LOGIN....................................................................................................................................................................................................................................................................................................:.d.Q......................................

            Static File Info

            General

            File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, no section header
            Entropy (8bit):7.765256396621554
            TrID:
            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
            File name:z2H8jaZbYg.elf
            File size:36924
            MD5:fff0456162bbf2cdc65a2f401353770e
            SHA1:2b5ee940dbba4727f3d7fc8419d98a111fe0c9c2
            SHA256:47f7d03ddaabdbdf160606362082790c43d3df876d2391497b293af746c78d57
            SHA512:0846fabda87d5c86b9911f95d633e0f5788bff0f001d32d83c43327b437af6bc56dc97ebe544d1e392f758997ed33892983be1f978b1315f1149cdfe57e4b288
            SSDEEP:768:h46nYPVnpQ8YwkM/FDtZZBjdjU3F8U+pbT7kbEKjOeuYqhcVTyI9ntHVNdRSC:h46AYbQFZfLBbXkbEXeWKLt1jRSC
            TLSH:D9F2E121B143FA2FF3D09E73979C716F6E87976E41868717A8878057409E01BBBAC464
            File Content Preview:.ELF...a..........(.........4...........4. ...(.....................C...C................>...>...>..................Q.td............................~..vUPX!X...................[.........ELF.ra....(........4.....[... ..............P..6.....T.l...p.....&...

            Static ELF Info

            ELF header

            Class:
            Data:
            Version:
            Machine:
            Version Number:
            Type:
            OS/ABI:
            ABI Version:
            Entry Point Address:
            Flags:
            ELF Header Size:
            Program Header Offset:
            Program Header Size:
            Number of Program Headers:
            Section Header Offset:
            Section Header Size:
            Number of Section Headers:
            Header String Table Index:

            Program Segments

            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
            LOAD0x00x80000x80000x8f430x8f437.76780x5R E0x8000
            LOAD0x3e140x23e140x23e140x00x00.00000x6RW 0x8000
            GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Mar 18, 2023 04:11:44.312665939 CET4456055650192.168.2.2337.49.229.52
            Mar 18, 2023 04:11:44.319555998 CET153872323192.168.2.23142.2.23.205
            Mar 18, 2023 04:11:44.319734097 CET1538723192.168.2.2325.222.171.56
            Mar 18, 2023 04:11:44.319734097 CET1538723192.168.2.23211.64.156.64
            Mar 18, 2023 04:11:44.319734097 CET153872323192.168.2.2369.18.22.216
            Mar 18, 2023 04:11:44.319750071 CET1538723192.168.2.23123.208.44.93
            Mar 18, 2023 04:11:44.319750071 CET1538723192.168.2.2346.80.138.112
            Mar 18, 2023 04:11:44.319756985 CET1538723192.168.2.2399.181.229.184
            Mar 18, 2023 04:11:44.319899082 CET1538723192.168.2.2337.10.138.209
            Mar 18, 2023 04:11:44.319904089 CET1538723192.168.2.2352.59.222.73
            Mar 18, 2023 04:11:44.319904089 CET1538723192.168.2.23163.227.248.25
            Mar 18, 2023 04:11:44.319957972 CET1538723192.168.2.23199.38.24.220
            Mar 18, 2023 04:11:44.319977999 CET1538723192.168.2.2346.117.218.177
            Mar 18, 2023 04:11:44.319977999 CET1538723192.168.2.231.159.32.107
            Mar 18, 2023 04:11:44.319983959 CET1538723192.168.2.2358.202.55.104
            Mar 18, 2023 04:11:44.319992065 CET1538723192.168.2.2343.127.192.155
            Mar 18, 2023 04:11:44.319992065 CET1538723192.168.2.23187.96.83.42
            Mar 18, 2023 04:11:44.320008993 CET153872323192.168.2.23100.165.130.222
            Mar 18, 2023 04:11:44.320017099 CET1538723192.168.2.23195.25.131.37
            Mar 18, 2023 04:11:44.320017099 CET1538723192.168.2.23153.7.187.162
            Mar 18, 2023 04:11:44.320046902 CET1538723192.168.2.23176.75.110.218
            Mar 18, 2023 04:11:44.320069075 CET1538723192.168.2.23130.81.248.114
            Mar 18, 2023 04:11:44.320173025 CET1538723192.168.2.2317.105.150.191
            Mar 18, 2023 04:11:44.320173979 CET1538723192.168.2.2331.113.195.47
            Mar 18, 2023 04:11:44.320187092 CET1538723192.168.2.23125.58.140.209
            Mar 18, 2023 04:11:44.320187092 CET1538723192.168.2.23157.128.21.142
            Mar 18, 2023 04:11:44.320187092 CET1538723192.168.2.23161.249.151.52
            Mar 18, 2023 04:11:44.320198059 CET1538723192.168.2.23146.194.216.0
            Mar 18, 2023 04:11:44.320207119 CET1538723192.168.2.2337.16.82.22
            Mar 18, 2023 04:11:44.320207119 CET1538723192.168.2.23130.53.192.86
            Mar 18, 2023 04:11:44.320219040 CET1538723192.168.2.23165.115.107.118
            Mar 18, 2023 04:11:44.320230007 CET1538723192.168.2.232.225.10.150
            Mar 18, 2023 04:11:44.320236921 CET1538723192.168.2.2346.2.220.139
            Mar 18, 2023 04:11:44.320236921 CET1538723192.168.2.23101.7.218.189
            Mar 18, 2023 04:11:44.320236921 CET1538723192.168.2.23147.111.79.171
            Mar 18, 2023 04:11:44.320245981 CET1538723192.168.2.2350.47.168.120
            Mar 18, 2023 04:11:44.320247889 CET1538723192.168.2.23199.116.104.228
            Mar 18, 2023 04:11:44.320247889 CET1538723192.168.2.2318.117.238.76
            Mar 18, 2023 04:11:44.320247889 CET1538723192.168.2.23164.200.67.157
            Mar 18, 2023 04:11:44.320283890 CET153872323192.168.2.23140.17.106.48
            Mar 18, 2023 04:11:44.320399046 CET1538723192.168.2.2320.142.93.132
            Mar 18, 2023 04:11:44.320399046 CET1538723192.168.2.2312.30.95.6
            Mar 18, 2023 04:11:44.320401907 CET1538723192.168.2.23210.27.251.88
            Mar 18, 2023 04:11:44.320415974 CET1538723192.168.2.23104.83.36.210
            Mar 18, 2023 04:11:44.320415974 CET1538723192.168.2.2388.180.199.169
            Mar 18, 2023 04:11:44.320415974 CET153872323192.168.2.23101.198.45.74
            Mar 18, 2023 04:11:44.320415974 CET1538723192.168.2.23110.209.88.47
            Mar 18, 2023 04:11:44.320415974 CET1538723192.168.2.2373.35.71.216
            Mar 18, 2023 04:11:44.320415974 CET1538723192.168.2.2391.164.70.235
            Mar 18, 2023 04:11:44.320420027 CET1538723192.168.2.23148.82.199.157
            Mar 18, 2023 04:11:44.320420027 CET1538723192.168.2.231.103.211.25
            Mar 18, 2023 04:11:44.320420027 CET153872323192.168.2.2387.97.253.99
            Mar 18, 2023 04:11:44.320425987 CET1538723192.168.2.23191.81.124.202
            Mar 18, 2023 04:11:44.320425987 CET1538723192.168.2.2393.195.254.172
            Mar 18, 2023 04:11:44.320461035 CET1538723192.168.2.2339.113.191.165
            Mar 18, 2023 04:11:44.320485115 CET1538723192.168.2.23106.62.249.120
            Mar 18, 2023 04:11:44.320504904 CET1538723192.168.2.2398.92.115.9
            Mar 18, 2023 04:11:44.320605993 CET1538723192.168.2.2371.95.28.119
            Mar 18, 2023 04:11:44.320605993 CET1538723192.168.2.2376.190.216.123
            Mar 18, 2023 04:11:44.320605993 CET1538723192.168.2.23137.23.143.140
            Mar 18, 2023 04:11:44.320605993 CET1538723192.168.2.2385.81.160.19
            Mar 18, 2023 04:11:44.320607901 CET1538723192.168.2.23156.137.71.95
            Mar 18, 2023 04:11:44.320607901 CET1538723192.168.2.2390.107.232.26
            Mar 18, 2023 04:11:44.320609093 CET1538723192.168.2.23131.176.186.245
            Mar 18, 2023 04:11:44.320630074 CET1538723192.168.2.23188.63.218.86
            Mar 18, 2023 04:11:44.320630074 CET1538723192.168.2.23107.142.109.138
            Mar 18, 2023 04:11:44.320630074 CET1538723192.168.2.23213.218.36.5
            Mar 18, 2023 04:11:44.320630074 CET1538723192.168.2.23183.239.220.125
            Mar 18, 2023 04:11:44.320631981 CET1538723192.168.2.23110.17.123.121
            Mar 18, 2023 04:11:44.320630074 CET1538723192.168.2.234.246.179.178
            Mar 18, 2023 04:11:44.320631981 CET1538723192.168.2.23161.69.98.28
            Mar 18, 2023 04:11:44.320630074 CET1538723192.168.2.23157.83.91.72
            Mar 18, 2023 04:11:44.320631981 CET1538723192.168.2.23137.167.62.79
            Mar 18, 2023 04:11:44.320657969 CET1538723192.168.2.23123.63.56.217
            Mar 18, 2023 04:11:44.320678949 CET1538723192.168.2.2378.87.62.168
            Mar 18, 2023 04:11:44.320678949 CET153872323192.168.2.23219.174.97.116
            Mar 18, 2023 04:11:44.320682049 CET1538723192.168.2.2358.177.230.69
            Mar 18, 2023 04:11:44.320682049 CET1538723192.168.2.23106.168.13.44
            Mar 18, 2023 04:11:44.320689917 CET1538723192.168.2.2365.214.97.163
            Mar 18, 2023 04:11:44.320689917 CET1538723192.168.2.2373.105.209.13
            Mar 18, 2023 04:11:44.320689917 CET1538723192.168.2.23112.81.64.128
            Mar 18, 2023 04:11:44.320691109 CET153872323192.168.2.23147.222.30.87
            Mar 18, 2023 04:11:44.320692062 CET1538723192.168.2.23125.198.110.58
            Mar 18, 2023 04:11:44.320692062 CET1538723192.168.2.23138.120.197.168
            Mar 18, 2023 04:11:44.320692062 CET1538723192.168.2.2334.162.141.39
            Mar 18, 2023 04:11:44.320700884 CET1538723192.168.2.2336.51.189.204
            Mar 18, 2023 04:11:44.320700884 CET153872323192.168.2.23206.192.104.243
            Mar 18, 2023 04:11:44.320700884 CET1538723192.168.2.2376.5.41.7
            Mar 18, 2023 04:11:44.320700884 CET1538723192.168.2.23199.137.63.216
            Mar 18, 2023 04:11:44.320724010 CET153872323192.168.2.23189.188.177.3
            Mar 18, 2023 04:11:44.320724010 CET1538723192.168.2.23213.197.168.105
            Mar 18, 2023 04:11:44.320724010 CET1538723192.168.2.2364.38.125.175
            Mar 18, 2023 04:11:44.320724010 CET1538723192.168.2.23145.52.182.109
            Mar 18, 2023 04:11:44.320724964 CET1538723192.168.2.2396.112.168.232
            Mar 18, 2023 04:11:44.320724964 CET1538723192.168.2.23157.95.5.248
            Mar 18, 2023 04:11:44.320735931 CET1538723192.168.2.2389.132.65.157
            Mar 18, 2023 04:11:44.320739985 CET1538723192.168.2.238.147.112.65
            Mar 18, 2023 04:11:44.320739985 CET1538723192.168.2.23107.156.143.65
            Mar 18, 2023 04:11:44.320744991 CET1538723192.168.2.23216.10.62.123
            Mar 18, 2023 04:11:44.320754051 CET1538723192.168.2.2323.242.16.17
            Mar 18, 2023 04:11:44.320872068 CET1538723192.168.2.23198.96.231.103
            Mar 18, 2023 04:11:44.320872068 CET1538723192.168.2.23222.236.114.237
            Mar 18, 2023 04:11:44.320872068 CET153872323192.168.2.23220.161.76.74
            Mar 18, 2023 04:11:44.320874929 CET1538723192.168.2.2362.176.125.17
            Mar 18, 2023 04:11:44.320897102 CET1538723192.168.2.23193.139.104.117
            Mar 18, 2023 04:11:44.320943117 CET1538723192.168.2.23206.13.10.141
            Mar 18, 2023 04:11:44.320943117 CET1538723192.168.2.2350.150.96.166
            Mar 18, 2023 04:11:44.320943117 CET1538723192.168.2.23166.73.210.8
            Mar 18, 2023 04:11:44.320960045 CET1538723192.168.2.23211.251.103.75
            Mar 18, 2023 04:11:44.320960045 CET153872323192.168.2.23207.169.217.22
            Mar 18, 2023 04:11:44.320960045 CET1538723192.168.2.2358.187.215.243
            Mar 18, 2023 04:11:44.320965052 CET1538723192.168.2.23101.237.206.76
            Mar 18, 2023 04:11:44.320965052 CET1538723192.168.2.2350.0.195.52
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.2392.101.56.10
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.23152.52.157.189
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.23194.147.155.104
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.2323.219.199.95
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.2344.10.252.139
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.23129.9.142.215
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.23218.69.184.231
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.2331.124.200.115
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.2372.206.56.123
            Mar 18, 2023 04:11:44.320971966 CET1538723192.168.2.23152.219.175.173
            Mar 18, 2023 04:11:44.320981979 CET1538723192.168.2.23128.44.198.11
            Mar 18, 2023 04:11:44.320981979 CET1538723192.168.2.23210.15.100.157
            Mar 18, 2023 04:11:44.320981979 CET1538723192.168.2.23221.155.237.76
            Mar 18, 2023 04:11:44.320981979 CET1538723192.168.2.2320.189.248.13
            Mar 18, 2023 04:11:44.320981979 CET153872323192.168.2.23200.11.186.71
            Mar 18, 2023 04:11:44.320981979 CET1538723192.168.2.23151.225.105.40
            Mar 18, 2023 04:11:44.320981979 CET1538723192.168.2.23210.120.173.129
            Mar 18, 2023 04:11:44.320982933 CET153872323192.168.2.23114.201.197.13
            Mar 18, 2023 04:11:44.321063042 CET1538723192.168.2.23181.113.98.148
            Mar 18, 2023 04:11:44.321259022 CET153872323192.168.2.23192.144.219.48
            Mar 18, 2023 04:11:44.321259975 CET1538723192.168.2.234.14.253.12
            Mar 18, 2023 04:11:44.321259975 CET1538723192.168.2.2362.59.102.249
            Mar 18, 2023 04:11:44.321259022 CET1538723192.168.2.23178.128.183.56
            Mar 18, 2023 04:11:44.321259975 CET1538723192.168.2.2360.159.40.53
            Mar 18, 2023 04:11:44.321261883 CET1538723192.168.2.23223.2.37.107
            Mar 18, 2023 04:11:44.321259022 CET1538723192.168.2.2323.185.108.121
            Mar 18, 2023 04:11:44.321261883 CET1538723192.168.2.2318.156.142.231
            Mar 18, 2023 04:11:44.321259022 CET1538723192.168.2.2364.144.150.125
            Mar 18, 2023 04:11:44.321274042 CET1538723192.168.2.23164.77.183.201
            Mar 18, 2023 04:11:44.321274042 CET1538723192.168.2.2367.189.95.31
            Mar 18, 2023 04:11:44.321315050 CET1538723192.168.2.2371.212.209.122
            Mar 18, 2023 04:11:44.321315050 CET1538723192.168.2.23168.71.218.18
            Mar 18, 2023 04:11:44.321315050 CET1538723192.168.2.2385.215.106.250
            Mar 18, 2023 04:11:44.321321964 CET1538723192.168.2.2379.140.94.223
            Mar 18, 2023 04:11:44.321321964 CET1538723192.168.2.23140.232.49.117
            Mar 18, 2023 04:11:44.321327925 CET1538723192.168.2.23150.237.7.217
            Mar 18, 2023 04:11:44.321338892 CET1538723192.168.2.23140.210.8.9
            Mar 18, 2023 04:11:44.321341991 CET153872323192.168.2.23139.185.53.144
            Mar 18, 2023 04:11:44.321341991 CET1538723192.168.2.23100.150.22.174
            Mar 18, 2023 04:11:44.321352005 CET1538723192.168.2.2398.43.76.156
            Mar 18, 2023 04:11:44.321352005 CET1538723192.168.2.2371.71.91.186
            Mar 18, 2023 04:11:44.321352005 CET1538723192.168.2.23142.3.180.193
            Mar 18, 2023 04:11:44.321391106 CET1538723192.168.2.2380.207.105.68
            Mar 18, 2023 04:11:44.321391106 CET1538723192.168.2.232.139.135.169
            Mar 18, 2023 04:11:44.321391106 CET1538723192.168.2.23177.154.171.16
            Mar 18, 2023 04:11:44.321391106 CET1538723192.168.2.2360.44.16.1
            Mar 18, 2023 04:11:44.321537971 CET1538723192.168.2.23167.50.88.120
            Mar 18, 2023 04:11:44.321537971 CET1538723192.168.2.23140.15.95.242
            Mar 18, 2023 04:11:44.340459108 CET556504456037.49.229.52192.168.2.23
            Mar 18, 2023 04:11:44.584260941 CET2315387221.155.237.76192.168.2.23
            Mar 18, 2023 04:11:44.613033056 CET232315387114.201.197.13192.168.2.23
            Mar 18, 2023 04:11:44.843075991 CET42836443192.168.2.2391.189.91.43
            Mar 18, 2023 04:11:45.322618961 CET153872323192.168.2.2343.243.56.98
            Mar 18, 2023 04:11:45.322628021 CET1538723192.168.2.23155.169.48.125
            Mar 18, 2023 04:11:45.322638035 CET1538723192.168.2.23162.244.139.159
            Mar 18, 2023 04:11:45.322679043 CET1538723192.168.2.23112.143.155.12
            Mar 18, 2023 04:11:45.322683096 CET1538723192.168.2.2361.160.240.231
            Mar 18, 2023 04:11:45.322680950 CET1538723192.168.2.23201.71.31.98
            Mar 18, 2023 04:11:45.322698116 CET1538723192.168.2.23156.190.228.243
            Mar 18, 2023 04:11:45.322701931 CET1538723192.168.2.23213.217.238.162
            Mar 18, 2023 04:11:45.322741032 CET1538723192.168.2.23187.48.59.134
            Mar 18, 2023 04:11:45.322741032 CET1538723192.168.2.23148.16.93.170
            Mar 18, 2023 04:11:45.322750092 CET1538723192.168.2.234.170.141.170
            Mar 18, 2023 04:11:45.322748899 CET1538723192.168.2.23180.138.51.186
            Mar 18, 2023 04:11:45.322751999 CET1538723192.168.2.2332.131.81.53
            Mar 18, 2023 04:11:45.322748899 CET153872323192.168.2.2345.216.85.209
            Mar 18, 2023 04:11:45.322748899 CET1538723192.168.2.23221.47.91.67
            Mar 18, 2023 04:11:45.322772026 CET1538723192.168.2.2373.205.68.21
            Mar 18, 2023 04:11:45.322784901 CET1538723192.168.2.23168.131.182.98
            Mar 18, 2023 04:11:45.322787046 CET1538723192.168.2.23221.237.157.234
            Mar 18, 2023 04:11:45.322798967 CET1538723192.168.2.2376.105.44.26
            Mar 18, 2023 04:11:45.322801113 CET1538723192.168.2.23117.187.19.39
            Mar 18, 2023 04:11:45.322808981 CET153872323192.168.2.23148.59.167.249
            Mar 18, 2023 04:11:45.322827101 CET1538723192.168.2.2348.136.16.201
            Mar 18, 2023 04:11:45.322854042 CET1538723192.168.2.23184.117.149.189
            Mar 18, 2023 04:11:45.322859049 CET1538723192.168.2.2336.75.88.18
            Mar 18, 2023 04:11:45.322869062 CET1538723192.168.2.23101.145.161.110
            Mar 18, 2023 04:11:45.322881937 CET1538723192.168.2.23156.21.246.197
            Mar 18, 2023 04:11:45.322886944 CET1538723192.168.2.23167.84.72.137
            Mar 18, 2023 04:11:45.322899103 CET1538723192.168.2.2341.193.66.47
            Mar 18, 2023 04:11:45.322902918 CET1538723192.168.2.232.202.245.235
            Mar 18, 2023 04:11:45.322911978 CET153872323192.168.2.2358.163.248.20
            Mar 18, 2023 04:11:45.322923899 CET1538723192.168.2.23205.83.226.187
            Mar 18, 2023 04:11:45.322937012 CET1538723192.168.2.2320.10.195.167
            Mar 18, 2023 04:11:45.322959900 CET1538723192.168.2.23164.186.228.180
            Mar 18, 2023 04:11:45.322985888 CET1538723192.168.2.2313.24.209.248
            Mar 18, 2023 04:11:45.322995901 CET1538723192.168.2.23212.116.22.155
            Mar 18, 2023 04:11:45.323004961 CET1538723192.168.2.23174.148.215.118
            Mar 18, 2023 04:11:45.323013067 CET1538723192.168.2.23114.204.20.11
            Mar 18, 2023 04:11:45.323028088 CET153872323192.168.2.2314.68.194.178
            Mar 18, 2023 04:11:45.323038101 CET1538723192.168.2.23201.223.114.182
            Mar 18, 2023 04:11:45.323045015 CET1538723192.168.2.23104.52.140.206
            Mar 18, 2023 04:11:45.323052883 CET1538723192.168.2.2364.138.45.193
            Mar 18, 2023 04:11:45.323075056 CET1538723192.168.2.2393.253.242.248
            Mar 18, 2023 04:11:45.323091030 CET1538723192.168.2.2345.48.204.112
            Mar 18, 2023 04:11:45.323101044 CET1538723192.168.2.2399.87.49.206
            Mar 18, 2023 04:11:45.323115110 CET153872323192.168.2.23218.172.110.6
            Mar 18, 2023 04:11:45.323115110 CET1538723192.168.2.23131.112.243.195
            Mar 18, 2023 04:11:45.323122978 CET1538723192.168.2.2351.28.88.130
            Mar 18, 2023 04:11:45.323132038 CET1538723192.168.2.2366.166.237.42
            Mar 18, 2023 04:11:45.323147058 CET1538723192.168.2.2380.218.241.254
            Mar 18, 2023 04:11:45.323178053 CET1538723192.168.2.23174.43.100.246
            Mar 18, 2023 04:11:45.323185921 CET1538723192.168.2.2313.25.211.29
            Mar 18, 2023 04:11:45.323185921 CET153872323192.168.2.23222.201.177.38
            Mar 18, 2023 04:11:45.323185921 CET1538723192.168.2.23104.248.213.183
            Mar 18, 2023 04:11:45.323185921 CET1538723192.168.2.2366.87.101.225
            Mar 18, 2023 04:11:45.323185921 CET1538723192.168.2.23112.179.115.72
            Mar 18, 2023 04:11:45.323185921 CET1538723192.168.2.23155.212.240.122
            Mar 18, 2023 04:11:45.323185921 CET1538723192.168.2.23218.232.102.191
            Mar 18, 2023 04:11:45.323185921 CET1538723192.168.2.23159.160.124.211
            Mar 18, 2023 04:11:45.323185921 CET1538723192.168.2.2364.114.33.159
            Mar 18, 2023 04:11:45.323185921 CET1538723192.168.2.2369.174.172.215
            Mar 18, 2023 04:11:45.323194981 CET1538723192.168.2.2351.220.80.162
            Mar 18, 2023 04:11:45.323210001 CET1538723192.168.2.23124.255.96.112
            Mar 18, 2023 04:11:45.323211908 CET1538723192.168.2.2385.31.72.212
            Mar 18, 2023 04:11:45.323225975 CET1538723192.168.2.23107.216.139.237
            Mar 18, 2023 04:11:45.323246956 CET1538723192.168.2.2372.50.50.36
            Mar 18, 2023 04:11:45.323255062 CET1538723192.168.2.2391.150.10.73
            Mar 18, 2023 04:11:45.323261023 CET153872323192.168.2.23137.81.2.228
            Mar 18, 2023 04:11:45.323271036 CET1538723192.168.2.2325.245.246.222
            Mar 18, 2023 04:11:45.323276997 CET1538723192.168.2.23175.37.56.197
            Mar 18, 2023 04:11:45.323283911 CET1538723192.168.2.23188.238.220.247
            Mar 18, 2023 04:11:45.323297977 CET1538723192.168.2.23207.78.25.197
            Mar 18, 2023 04:11:45.323298931 CET1538723192.168.2.23138.166.20.183
            Mar 18, 2023 04:11:45.323299885 CET1538723192.168.2.23213.94.123.23
            Mar 18, 2023 04:11:45.323299885 CET1538723192.168.2.23180.26.106.102
            Mar 18, 2023 04:11:45.323299885 CET1538723192.168.2.23217.114.212.73
            Mar 18, 2023 04:11:45.323299885 CET1538723192.168.2.2314.220.146.90
            Mar 18, 2023 04:11:45.323307991 CET1538723192.168.2.2383.13.124.137
            Mar 18, 2023 04:11:45.323319912 CET1538723192.168.2.23136.71.119.32
            Mar 18, 2023 04:11:45.323328972 CET1538723192.168.2.23207.137.123.41
            Mar 18, 2023 04:11:45.323338032 CET153872323192.168.2.23182.56.159.130
            Mar 18, 2023 04:11:45.323344946 CET1538723192.168.2.2354.197.10.235
            Mar 18, 2023 04:11:45.323352098 CET1538723192.168.2.23118.26.103.117
            Mar 18, 2023 04:11:45.323369026 CET1538723192.168.2.2347.201.160.243
            Mar 18, 2023 04:11:45.323371887 CET1538723192.168.2.23133.117.248.188
            Mar 18, 2023 04:11:45.323388100 CET1538723192.168.2.2338.123.204.57
            Mar 18, 2023 04:11:45.323390961 CET1538723192.168.2.23168.166.50.167
            Mar 18, 2023 04:11:45.323406935 CET1538723192.168.2.23100.218.49.176
            Mar 18, 2023 04:11:45.323410034 CET1538723192.168.2.23192.175.171.151
            Mar 18, 2023 04:11:45.323415041 CET153872323192.168.2.23100.169.221.183
            Mar 18, 2023 04:11:45.323430061 CET1538723192.168.2.23176.92.149.244
            Mar 18, 2023 04:11:45.323437929 CET1538723192.168.2.2390.183.136.197
            Mar 18, 2023 04:11:45.323451996 CET1538723192.168.2.2323.243.102.147
            Mar 18, 2023 04:11:45.323460102 CET1538723192.168.2.23219.239.93.191
            Mar 18, 2023 04:11:45.323463917 CET1538723192.168.2.2386.198.137.42
            Mar 18, 2023 04:11:45.323470116 CET1538723192.168.2.23122.236.231.222
            Mar 18, 2023 04:11:45.323477983 CET1538723192.168.2.2360.133.156.111
            Mar 18, 2023 04:11:45.323491096 CET153872323192.168.2.23100.209.55.184
            Mar 18, 2023 04:11:45.323508024 CET1538723192.168.2.23202.206.109.9
            Mar 18, 2023 04:11:45.323515892 CET1538723192.168.2.2331.93.68.163
            Mar 18, 2023 04:11:45.323519945 CET1538723192.168.2.2342.166.73.119
            Mar 18, 2023 04:11:45.323527098 CET1538723192.168.2.23166.1.201.82
            Mar 18, 2023 04:11:45.323543072 CET1538723192.168.2.2370.201.86.56
            Mar 18, 2023 04:11:45.323549986 CET1538723192.168.2.23102.62.167.22
            Mar 18, 2023 04:11:45.323550940 CET1538723192.168.2.23154.33.108.192
            Mar 18, 2023 04:11:45.323550940 CET1538723192.168.2.23188.19.107.134
            Mar 18, 2023 04:11:45.323550940 CET1538723192.168.2.23103.36.218.42
            Mar 18, 2023 04:11:45.323550940 CET1538723192.168.2.23131.226.16.34
            Mar 18, 2023 04:11:45.323550940 CET1538723192.168.2.23141.88.159.116
            Mar 18, 2023 04:11:45.323550940 CET1538723192.168.2.23211.71.12.209
            Mar 18, 2023 04:11:45.323564053 CET153872323192.168.2.23139.156.21.112
            Mar 18, 2023 04:11:45.323575974 CET1538723192.168.2.2352.242.208.190
            Mar 18, 2023 04:11:45.323575974 CET1538723192.168.2.234.163.26.251
            Mar 18, 2023 04:11:45.323581934 CET1538723192.168.2.23192.104.33.119
            Mar 18, 2023 04:11:45.323590994 CET1538723192.168.2.2313.171.110.216
            Mar 18, 2023 04:11:45.323615074 CET1538723192.168.2.23100.53.223.48
            Mar 18, 2023 04:11:45.323622942 CET1538723192.168.2.23179.59.161.66
            Mar 18, 2023 04:11:45.323622942 CET1538723192.168.2.2367.206.247.109
            Mar 18, 2023 04:11:45.323626041 CET1538723192.168.2.23164.233.12.148
            Mar 18, 2023 04:11:45.323637962 CET1538723192.168.2.2313.203.206.68
            Mar 18, 2023 04:11:45.323647976 CET153872323192.168.2.23197.58.176.102
            Mar 18, 2023 04:11:45.323652029 CET1538723192.168.2.23126.68.133.147
            Mar 18, 2023 04:11:45.323659897 CET1538723192.168.2.23171.105.167.252
            Mar 18, 2023 04:11:45.323667049 CET1538723192.168.2.234.165.28.239
            Mar 18, 2023 04:11:45.323672056 CET1538723192.168.2.2339.115.204.3
            Mar 18, 2023 04:11:45.323681116 CET1538723192.168.2.2317.237.82.66
            Mar 18, 2023 04:11:45.323688030 CET1538723192.168.2.23209.50.206.235
            Mar 18, 2023 04:11:45.323697090 CET1538723192.168.2.23216.21.203.20
            Mar 18, 2023 04:11:45.323703051 CET1538723192.168.2.2320.197.78.220
            Mar 18, 2023 04:11:45.323718071 CET153872323192.168.2.2363.41.185.255
            Mar 18, 2023 04:11:45.323726892 CET1538723192.168.2.2376.195.240.53
            Mar 18, 2023 04:11:45.323733091 CET1538723192.168.2.2393.171.5.23
            Mar 18, 2023 04:11:45.323743105 CET1538723192.168.2.2353.13.176.25
            Mar 18, 2023 04:11:45.323753119 CET1538723192.168.2.23216.185.167.173
            Mar 18, 2023 04:11:45.323760986 CET1538723192.168.2.23121.8.90.216
            Mar 18, 2023 04:11:45.323776960 CET1538723192.168.2.23163.82.183.55
            Mar 18, 2023 04:11:45.323784113 CET1538723192.168.2.23115.102.90.141
            Mar 18, 2023 04:11:45.323796034 CET153872323192.168.2.23107.214.171.17
            Mar 18, 2023 04:11:45.323800087 CET1538723192.168.2.23182.97.46.106
            Mar 18, 2023 04:11:45.323807955 CET1538723192.168.2.2348.78.179.123
            Mar 18, 2023 04:11:45.323815107 CET1538723192.168.2.23199.167.3.123
            Mar 18, 2023 04:11:45.323827028 CET1538723192.168.2.2391.39.6.181
            Mar 18, 2023 04:11:45.323834896 CET1538723192.168.2.2341.152.11.18
            Mar 18, 2023 04:11:45.323843956 CET1538723192.168.2.2347.81.226.235
            Mar 18, 2023 04:11:45.323858023 CET1538723192.168.2.23149.10.170.14
            Mar 18, 2023 04:11:45.323874950 CET1538723192.168.2.23134.21.125.100
            Mar 18, 2023 04:11:45.323874950 CET153872323192.168.2.23193.121.109.73
            Mar 18, 2023 04:11:45.323883057 CET1538723192.168.2.23164.243.42.195
            Mar 18, 2023 04:11:45.323893070 CET1538723192.168.2.23149.132.32.159
            Mar 18, 2023 04:11:45.323909998 CET1538723192.168.2.23177.226.113.208
            Mar 18, 2023 04:11:45.323913097 CET1538723192.168.2.2312.145.150.95
            Mar 18, 2023 04:11:45.323930979 CET1538723192.168.2.2312.139.158.36
            Mar 18, 2023 04:11:45.323936939 CET1538723192.168.2.2367.52.54.163
            Mar 18, 2023 04:11:45.323939085 CET1538723192.168.2.2338.104.233.35
            Mar 18, 2023 04:11:45.323939085 CET1538723192.168.2.23126.107.226.84
            Mar 18, 2023 04:11:45.323939085 CET1538723192.168.2.2370.182.109.195
            Mar 18, 2023 04:11:45.323939085 CET1538723192.168.2.23163.26.215.141
            Mar 18, 2023 04:11:45.323939085 CET1538723192.168.2.2397.78.100.80
            Mar 18, 2023 04:11:45.323939085 CET1538723192.168.2.23179.184.244.252
            Mar 18, 2023 04:11:45.323939085 CET1538723192.168.2.23112.6.101.61
            Mar 18, 2023 04:11:45.323946953 CET1538723192.168.2.23167.21.55.231
            Mar 18, 2023 04:11:45.368268013 CET2315387188.238.220.247192.168.2.23
            Mar 18, 2023 04:11:45.559895992 CET2315387201.71.31.98192.168.2.23
            Mar 18, 2023 04:11:45.610842943 CET2315387112.6.101.61192.168.2.23
            Mar 18, 2023 04:11:45.611023903 CET1538723192.168.2.23112.6.101.61
            Mar 18, 2023 04:11:45.611038923 CET4251680192.168.2.23109.202.202.202
            Mar 18, 2023 04:11:46.325557947 CET153872323192.168.2.23166.98.78.236
            Mar 18, 2023 04:11:46.325587988 CET1538723192.168.2.2375.24.97.141
            Mar 18, 2023 04:11:46.325597048 CET1538723192.168.2.2323.48.128.32
            Mar 18, 2023 04:11:46.325649023 CET1538723192.168.2.23125.53.213.244
            Mar 18, 2023 04:11:46.325654030 CET1538723192.168.2.23140.121.118.47
            Mar 18, 2023 04:11:46.325674057 CET1538723192.168.2.23140.97.237.9
            Mar 18, 2023 04:11:46.325681925 CET1538723192.168.2.2332.69.112.36
            Mar 18, 2023 04:11:46.325692892 CET1538723192.168.2.23165.174.198.160
            Mar 18, 2023 04:11:46.325692892 CET1538723192.168.2.23168.161.236.224
            Mar 18, 2023 04:11:46.325753927 CET1538723192.168.2.2354.163.2.93
            Mar 18, 2023 04:11:46.325764894 CET1538723192.168.2.2389.68.208.195
            Mar 18, 2023 04:11:46.325818062 CET153872323192.168.2.23106.174.168.190
            Mar 18, 2023 04:11:46.325818062 CET1538723192.168.2.2379.75.208.103
            Mar 18, 2023 04:11:46.325822115 CET1538723192.168.2.23166.135.85.194
            Mar 18, 2023 04:11:46.325867891 CET1538723192.168.2.2338.132.35.226
            Mar 18, 2023 04:11:46.325886011 CET1538723192.168.2.23166.59.243.141
            Mar 18, 2023 04:11:46.325895071 CET1538723192.168.2.2342.114.63.56
            Mar 18, 2023 04:11:46.325895071 CET1538723192.168.2.23147.228.194.122
            Mar 18, 2023 04:11:46.325906992 CET1538723192.168.2.23186.228.232.34
            Mar 18, 2023 04:11:46.325948000 CET153872323192.168.2.23143.179.241.167
            Mar 18, 2023 04:11:46.325952053 CET1538723192.168.2.2338.105.68.133
            Mar 18, 2023 04:11:46.325953007 CET1538723192.168.2.23140.151.163.189
            Mar 18, 2023 04:11:46.325963020 CET1538723192.168.2.23133.67.37.64
            Mar 18, 2023 04:11:46.325988054 CET1538723192.168.2.2351.185.137.41
            Mar 18, 2023 04:11:46.325990915 CET1538723192.168.2.23138.86.108.217
            Mar 18, 2023 04:11:46.325994968 CET1538723192.168.2.23115.197.121.29
            Mar 18, 2023 04:11:46.325994968 CET1538723192.168.2.23223.209.160.242
            Mar 18, 2023 04:11:46.326000929 CET1538723192.168.2.2395.141.124.150
            Mar 18, 2023 04:11:46.326011896 CET1538723192.168.2.23168.218.254.17
            Mar 18, 2023 04:11:46.326011896 CET1538723192.168.2.2386.9.34.245
            Mar 18, 2023 04:11:46.326118946 CET153872323192.168.2.23172.130.246.255
            Mar 18, 2023 04:11:46.326122046 CET1538723192.168.2.2342.11.97.197
            Mar 18, 2023 04:11:46.326122046 CET1538723192.168.2.23175.115.222.163
            Mar 18, 2023 04:11:46.326136112 CET1538723192.168.2.23154.246.96.185
            Mar 18, 2023 04:11:46.326136112 CET153872323192.168.2.23141.162.240.235
            Mar 18, 2023 04:11:46.326139927 CET1538723192.168.2.23189.144.225.145
            Mar 18, 2023 04:11:46.326189995 CET1538723192.168.2.23194.175.67.249
            Mar 18, 2023 04:11:46.326190948 CET1538723192.168.2.2338.27.124.135
            Mar 18, 2023 04:11:46.326190948 CET1538723192.168.2.23171.218.19.242
            Mar 18, 2023 04:11:46.326203108 CET1538723192.168.2.23206.128.9.225
            Mar 18, 2023 04:11:46.326210022 CET1538723192.168.2.238.115.33.4
            Mar 18, 2023 04:11:46.326210976 CET1538723192.168.2.2324.184.85.113
            Mar 18, 2023 04:11:46.326210976 CET153872323192.168.2.23173.76.223.186
            Mar 18, 2023 04:11:46.326215029 CET1538723192.168.2.2357.100.29.247
            Mar 18, 2023 04:11:46.326215029 CET1538723192.168.2.23110.221.250.140
            Mar 18, 2023 04:11:46.326236010 CET1538723192.168.2.23164.144.12.168
            Mar 18, 2023 04:11:46.326244116 CET1538723192.168.2.23212.169.15.226
            Mar 18, 2023 04:11:46.326246023 CET1538723192.168.2.2363.127.235.32
            Mar 18, 2023 04:11:46.326246023 CET1538723192.168.2.2364.246.173.153
            Mar 18, 2023 04:11:46.326260090 CET1538723192.168.2.23153.137.46.0
            Mar 18, 2023 04:11:46.326261044 CET1538723192.168.2.23108.121.43.189
            Mar 18, 2023 04:11:46.326261044 CET1538723192.168.2.2341.178.61.106
            Mar 18, 2023 04:11:46.326287031 CET1538723192.168.2.2365.232.199.187
            Mar 18, 2023 04:11:46.326293945 CET1538723192.168.2.23122.29.6.70
            Mar 18, 2023 04:11:46.326293945 CET1538723192.168.2.23138.164.164.213
            Mar 18, 2023 04:11:46.326293945 CET1538723192.168.2.2317.146.179.188
            Mar 18, 2023 04:11:46.326297045 CET1538723192.168.2.23105.110.242.64
            Mar 18, 2023 04:11:46.326297998 CET1538723192.168.2.2358.180.92.254
            Mar 18, 2023 04:11:46.326297998 CET1538723192.168.2.23176.98.143.59
            Mar 18, 2023 04:11:46.326297998 CET1538723192.168.2.231.42.112.41
            Mar 18, 2023 04:11:46.326317072 CET153872323192.168.2.2359.199.240.207
            Mar 18, 2023 04:11:46.326383114 CET1538723192.168.2.23106.90.148.213
            Mar 18, 2023 04:11:46.326384068 CET1538723192.168.2.23212.252.198.119
            Mar 18, 2023 04:11:46.326395988 CET1538723192.168.2.2368.36.193.78
            Mar 18, 2023 04:11:46.326410055 CET1538723192.168.2.23181.125.191.56
            Mar 18, 2023 04:11:46.326410055 CET1538723192.168.2.2313.67.228.175
            Mar 18, 2023 04:11:46.326411963 CET1538723192.168.2.23207.141.17.205
            Mar 18, 2023 04:11:46.326445103 CET1538723192.168.2.23188.32.175.136
            Mar 18, 2023 04:11:46.326498985 CET1538723192.168.2.2335.93.32.44
            Mar 18, 2023 04:11:46.326498985 CET1538723192.168.2.23118.210.242.200
            Mar 18, 2023 04:11:46.326509953 CET153872323192.168.2.23132.216.5.213
            Mar 18, 2023 04:11:46.326528072 CET1538723192.168.2.23172.239.28.146
            Mar 18, 2023 04:11:46.326571941 CET1538723192.168.2.23101.197.71.37
            Mar 18, 2023 04:11:46.326592922 CET1538723192.168.2.234.174.10.131
            Mar 18, 2023 04:11:46.326606989 CET1538723192.168.2.2335.61.15.169
            Mar 18, 2023 04:11:46.326653957 CET1538723192.168.2.2389.2.112.11
            Mar 18, 2023 04:11:46.326653004 CET1538723192.168.2.2394.213.52.109
            Mar 18, 2023 04:11:46.326711893 CET1538723192.168.2.23134.107.151.150
            Mar 18, 2023 04:11:46.326715946 CET153872323192.168.2.2381.249.205.45
            Mar 18, 2023 04:11:46.326724052 CET1538723192.168.2.23174.94.78.123
            Mar 18, 2023 04:11:46.326724052 CET1538723192.168.2.2345.54.32.220
            Mar 18, 2023 04:11:46.326736927 CET1538723192.168.2.23146.148.181.141
            Mar 18, 2023 04:11:46.326756954 CET1538723192.168.2.2380.139.120.75
            Mar 18, 2023 04:11:46.327661991 CET1538723192.168.2.23166.108.170.148
            Mar 18, 2023 04:11:46.327692032 CET1538723192.168.2.23103.67.234.220
            Mar 18, 2023 04:11:46.327704906 CET1538723192.168.2.23119.144.207.129
            Mar 18, 2023 04:11:46.327734947 CET1538723192.168.2.2396.115.124.52
            Mar 18, 2023 04:11:46.327747107 CET1538723192.168.2.2366.103.122.196
            Mar 18, 2023 04:11:46.327781916 CET1538723192.168.2.23217.155.157.182
            Mar 18, 2023 04:11:46.327785969 CET1538723192.168.2.23221.110.65.192
            Mar 18, 2023 04:11:46.327788115 CET153872323192.168.2.23100.54.227.147
            Mar 18, 2023 04:11:46.327814102 CET1538723192.168.2.23139.150.116.61
            Mar 18, 2023 04:11:46.327827930 CET1538723192.168.2.23156.96.178.175
            Mar 18, 2023 04:11:46.327836990 CET1538723192.168.2.2323.9.28.129
            Mar 18, 2023 04:11:46.327841997 CET1538723192.168.2.2378.219.223.233
            Mar 18, 2023 04:11:46.327884912 CET1538723192.168.2.23178.203.213.127
            Mar 18, 2023 04:11:46.327888966 CET1538723192.168.2.2312.154.74.242
            Mar 18, 2023 04:11:46.327903986 CET1538723192.168.2.23168.29.62.250
            Mar 18, 2023 04:11:46.327929974 CET1538723192.168.2.23163.91.60.120
            Mar 18, 2023 04:11:46.327941895 CET1538723192.168.2.23125.74.206.103
            Mar 18, 2023 04:11:46.327964067 CET153872323192.168.2.23123.127.110.34
            Mar 18, 2023 04:11:46.327991009 CET1538723192.168.2.23102.157.107.228
            Mar 18, 2023 04:11:46.327991962 CET1538723192.168.2.23133.105.19.79
            Mar 18, 2023 04:11:46.328053951 CET1538723192.168.2.23123.62.16.227
            Mar 18, 2023 04:11:46.328097105 CET1538723192.168.2.23144.116.155.254
            Mar 18, 2023 04:11:46.328099966 CET1538723192.168.2.2334.103.100.195
            Mar 18, 2023 04:11:46.328145981 CET1538723192.168.2.23181.128.118.53
            Mar 18, 2023 04:11:46.328150988 CET1538723192.168.2.2368.81.232.154
            Mar 18, 2023 04:11:46.328169107 CET1538723192.168.2.23223.139.11.78
            Mar 18, 2023 04:11:46.328188896 CET1538723192.168.2.23116.76.144.123
            Mar 18, 2023 04:11:46.328212023 CET153872323192.168.2.2352.59.61.106
            Mar 18, 2023 04:11:46.328233004 CET1538723192.168.2.2318.244.31.65
            Mar 18, 2023 04:11:46.328233004 CET1538723192.168.2.2332.133.160.40
            Mar 18, 2023 04:11:46.328270912 CET1538723192.168.2.23134.82.243.188
            Mar 18, 2023 04:11:46.328285933 CET1538723192.168.2.23222.229.83.146
            Mar 18, 2023 04:11:46.328308105 CET1538723192.168.2.2332.4.77.97
            Mar 18, 2023 04:11:46.328360081 CET1538723192.168.2.23118.33.60.208
            Mar 18, 2023 04:11:46.328361034 CET1538723192.168.2.2372.135.142.189
            Mar 18, 2023 04:11:46.328419924 CET1538723192.168.2.23150.195.143.228
            Mar 18, 2023 04:11:46.328419924 CET1538723192.168.2.2373.63.223.10
            Mar 18, 2023 04:11:46.328434944 CET153872323192.168.2.23136.99.195.131
            Mar 18, 2023 04:11:46.328453064 CET1538723192.168.2.23174.54.205.135
            Mar 18, 2023 04:11:46.328495026 CET1538723192.168.2.23193.43.15.82
            Mar 18, 2023 04:11:46.328500986 CET1538723192.168.2.2352.185.125.19
            Mar 18, 2023 04:11:46.328531027 CET1538723192.168.2.23181.53.178.180
            Mar 18, 2023 04:11:46.328541994 CET1538723192.168.2.2388.52.113.235
            Mar 18, 2023 04:11:46.328576088 CET1538723192.168.2.2376.228.251.19
            Mar 18, 2023 04:11:46.328600883 CET1538723192.168.2.2344.103.159.133
            Mar 18, 2023 04:11:46.328627110 CET1538723192.168.2.23212.235.120.43
            Mar 18, 2023 04:11:46.328640938 CET1538723192.168.2.2370.24.47.196
            Mar 18, 2023 04:11:46.328646898 CET153872323192.168.2.2387.216.44.53
            Mar 18, 2023 04:11:46.328676939 CET1538723192.168.2.2394.23.124.47
            Mar 18, 2023 04:11:46.328695059 CET1538723192.168.2.23201.155.77.127
            Mar 18, 2023 04:11:46.328718901 CET1538723192.168.2.2353.136.73.225
            Mar 18, 2023 04:11:46.328738928 CET1538723192.168.2.23121.246.178.142
            Mar 18, 2023 04:11:46.328762054 CET1538723192.168.2.23142.26.108.217
            Mar 18, 2023 04:11:46.328774929 CET1538723192.168.2.23177.191.161.124
            Mar 18, 2023 04:11:46.328795910 CET1538723192.168.2.23217.111.180.248
            Mar 18, 2023 04:11:46.328802109 CET1538723192.168.2.23180.78.235.32
            Mar 18, 2023 04:11:46.328830957 CET1538723192.168.2.23178.206.139.151
            Mar 18, 2023 04:11:46.328855991 CET153872323192.168.2.23134.115.177.141
            Mar 18, 2023 04:11:46.328880072 CET1538723192.168.2.23221.218.87.93
            Mar 18, 2023 04:11:46.328902006 CET1538723192.168.2.23209.11.45.147
            Mar 18, 2023 04:11:46.328926086 CET1538723192.168.2.23188.23.77.45
            Mar 18, 2023 04:11:46.328947067 CET1538723192.168.2.23182.151.213.219
            Mar 18, 2023 04:11:46.328978062 CET1538723192.168.2.23154.53.145.143
            Mar 18, 2023 04:11:46.328978062 CET1538723192.168.2.23179.104.160.1
            Mar 18, 2023 04:11:46.328995943 CET1538723192.168.2.23168.86.8.236
            Mar 18, 2023 04:11:46.329016924 CET1538723192.168.2.23112.35.144.97
            Mar 18, 2023 04:11:46.329018116 CET1538723192.168.2.23159.50.90.185
            Mar 18, 2023 04:11:46.329046011 CET153872323192.168.2.23140.118.78.131
            Mar 18, 2023 04:11:46.329080105 CET1538723192.168.2.23167.238.211.9
            Mar 18, 2023 04:11:46.329091072 CET1538723192.168.2.23140.246.231.246
            Mar 18, 2023 04:11:46.329118013 CET1538723192.168.2.23189.59.19.122
            Mar 18, 2023 04:11:46.329133034 CET1538723192.168.2.2393.113.132.104
            Mar 18, 2023 04:11:46.329153061 CET1538723192.168.2.23179.53.36.176
            Mar 18, 2023 04:11:46.329159975 CET1538723192.168.2.23200.196.209.85
            Mar 18, 2023 04:11:46.329168081 CET1538723192.168.2.23175.147.110.226
            Mar 18, 2023 04:11:46.329169989 CET1538723192.168.2.23135.106.149.105
            Mar 18, 2023 04:11:46.329205036 CET1538723192.168.2.23198.172.160.14
            Mar 18, 2023 04:11:46.341631889 CET4456255650192.168.2.2337.49.229.52
            Mar 18, 2023 04:11:46.359625101 CET2315387217.111.180.248192.168.2.23
            Mar 18, 2023 04:11:46.369244099 CET556504456237.49.229.52192.168.2.23
            Mar 18, 2023 04:11:46.515747070 CET2315387146.148.181.141192.168.2.23
            Mar 18, 2023 04:11:46.515839100 CET1538723192.168.2.23146.148.181.141
            Mar 18, 2023 04:11:47.330611944 CET153872323192.168.2.2325.130.80.3
            Mar 18, 2023 04:11:47.330722094 CET1538723192.168.2.23169.184.123.188
            Mar 18, 2023 04:11:47.330741882 CET1538723192.168.2.23212.114.49.128
            Mar 18, 2023 04:11:47.330741882 CET1538723192.168.2.23193.29.109.81
            Mar 18, 2023 04:11:47.330750942 CET1538723192.168.2.23199.203.135.3
            Mar 18, 2023 04:11:47.330764055 CET1538723192.168.2.235.223.135.134
            Mar 18, 2023 04:11:47.330763102 CET1538723192.168.2.23152.250.92.107
            Mar 18, 2023 04:11:47.330811977 CET1538723192.168.2.2312.5.110.185
            Mar 18, 2023 04:11:47.330843925 CET1538723192.168.2.23138.219.146.110
            Mar 18, 2023 04:11:47.330902100 CET1538723192.168.2.23192.169.143.97
            Mar 18, 2023 04:11:47.330976963 CET153872323192.168.2.23182.24.11.212
            Mar 18, 2023 04:11:47.331027031 CET1538723192.168.2.2343.79.135.100
            Mar 18, 2023 04:11:47.331046104 CET1538723192.168.2.23154.149.123.42
            Mar 18, 2023 04:11:47.331053972 CET1538723192.168.2.2371.255.120.150
            Mar 18, 2023 04:11:47.331056118 CET1538723192.168.2.23185.17.106.221
            Mar 18, 2023 04:11:47.331060886 CET1538723192.168.2.23106.235.56.61
            Mar 18, 2023 04:11:47.331079006 CET1538723192.168.2.23148.211.20.168
            Mar 18, 2023 04:11:47.331105947 CET1538723192.168.2.2320.205.60.143
            Mar 18, 2023 04:11:47.331115007 CET1538723192.168.2.23106.104.242.2
            Mar 18, 2023 04:11:47.331140041 CET1538723192.168.2.23174.21.184.13
            Mar 18, 2023 04:11:47.331161976 CET153872323192.168.2.2397.26.156.236
            Mar 18, 2023 04:11:47.331183910 CET1538723192.168.2.23131.14.247.209
            Mar 18, 2023 04:11:47.331213951 CET1538723192.168.2.23123.239.158.133
            Mar 18, 2023 04:11:47.331255913 CET1538723192.168.2.23194.162.210.139
            Mar 18, 2023 04:11:47.331274986 CET1538723192.168.2.2318.131.229.157
            Mar 18, 2023 04:11:47.331300974 CET1538723192.168.2.23177.58.124.160
            Mar 18, 2023 04:11:47.331357002 CET1538723192.168.2.2397.0.90.108
            Mar 18, 2023 04:11:47.331379890 CET1538723192.168.2.2346.245.166.118
            Mar 18, 2023 04:11:47.331391096 CET1538723192.168.2.2314.134.119.119
            Mar 18, 2023 04:11:47.331413984 CET1538723192.168.2.2318.203.149.224
            Mar 18, 2023 04:11:47.331430912 CET153872323192.168.2.23187.155.173.172
            Mar 18, 2023 04:11:47.331460953 CET1538723192.168.2.2376.195.43.2
            Mar 18, 2023 04:11:47.331465960 CET1538723192.168.2.23218.4.232.55
            Mar 18, 2023 04:11:47.331505060 CET1538723192.168.2.23177.7.199.101
            Mar 18, 2023 04:11:47.331517935 CET1538723192.168.2.23166.147.199.124
            Mar 18, 2023 04:11:47.331518888 CET1538723192.168.2.23211.108.94.36
            Mar 18, 2023 04:11:47.331557035 CET1538723192.168.2.2359.144.9.205
            Mar 18, 2023 04:11:47.331585884 CET1538723192.168.2.23188.81.82.100
            Mar 18, 2023 04:11:47.331590891 CET1538723192.168.2.2399.10.21.85
            Mar 18, 2023 04:11:47.331598043 CET1538723192.168.2.23169.121.189.181
            Mar 18, 2023 04:11:47.331629992 CET153872323192.168.2.2386.251.172.122
            Mar 18, 2023 04:11:47.331649065 CET1538723192.168.2.23198.99.11.199
            Mar 18, 2023 04:11:47.331676960 CET1538723192.168.2.23211.39.179.224
            Mar 18, 2023 04:11:47.331722021 CET1538723192.168.2.23211.83.30.136
            Mar 18, 2023 04:11:47.331705093 CET1538723192.168.2.23222.56.36.204
            Mar 18, 2023 04:11:47.331741095 CET1538723192.168.2.23121.245.37.94
            Mar 18, 2023 04:11:47.331758022 CET1538723192.168.2.23218.211.107.134
            Mar 18, 2023 04:11:47.331782103 CET1538723192.168.2.23189.135.19.18
            Mar 18, 2023 04:11:47.331803083 CET1538723192.168.2.2340.211.229.186
            Mar 18, 2023 04:11:47.331825972 CET1538723192.168.2.2335.162.111.54
            Mar 18, 2023 04:11:47.331852913 CET153872323192.168.2.2345.165.33.129
            Mar 18, 2023 04:11:47.331860065 CET1538723192.168.2.23181.28.108.82
            Mar 18, 2023 04:11:47.331892967 CET1538723192.168.2.2381.205.25.235
            Mar 18, 2023 04:11:47.331899881 CET1538723192.168.2.23114.109.220.95
            Mar 18, 2023 04:11:47.331901073 CET1538723192.168.2.238.52.225.9
            Mar 18, 2023 04:11:47.331933022 CET1538723192.168.2.23167.141.63.203
            Mar 18, 2023 04:11:47.331983089 CET1538723192.168.2.23216.104.131.194
            Mar 18, 2023 04:11:47.331993103 CET1538723192.168.2.23138.15.166.138
            Mar 18, 2023 04:11:47.332015991 CET1538723192.168.2.23154.156.97.108
            Mar 18, 2023 04:11:47.332050085 CET1538723192.168.2.23195.200.153.116
            Mar 18, 2023 04:11:47.332057953 CET153872323192.168.2.23220.130.97.78
            Mar 18, 2023 04:11:47.332087994 CET1538723192.168.2.23145.206.95.240
            Mar 18, 2023 04:11:47.332094908 CET1538723192.168.2.23154.84.81.44
            Mar 18, 2023 04:11:47.332122087 CET1538723192.168.2.23220.116.223.198
            Mar 18, 2023 04:11:47.332148075 CET1538723192.168.2.23135.172.147.227
            Mar 18, 2023 04:11:47.332163095 CET1538723192.168.2.23119.251.160.4
            Mar 18, 2023 04:11:47.332185984 CET1538723192.168.2.23112.55.54.40
            Mar 18, 2023 04:11:47.332214117 CET1538723192.168.2.2367.149.50.44
            Mar 18, 2023 04:11:47.332226038 CET1538723192.168.2.23103.14.184.205
            Mar 18, 2023 04:11:47.332253933 CET153872323192.168.2.2375.48.88.22
            Mar 18, 2023 04:11:47.332262993 CET1538723192.168.2.23117.46.27.174
            Mar 18, 2023 04:11:47.332264900 CET1538723192.168.2.2382.19.228.96
            Mar 18, 2023 04:11:47.332266092 CET1538723192.168.2.2362.215.233.90
            Mar 18, 2023 04:11:47.332282066 CET1538723192.168.2.2313.198.41.232
            Mar 18, 2023 04:11:47.332299948 CET1538723192.168.2.23210.166.184.82
            Mar 18, 2023 04:11:47.332324982 CET1538723192.168.2.23191.124.143.101
            Mar 18, 2023 04:11:47.332345009 CET1538723192.168.2.23196.77.250.210
            Mar 18, 2023 04:11:47.332375050 CET1538723192.168.2.2359.3.96.137
            Mar 18, 2023 04:11:47.332417011 CET1538723192.168.2.2389.227.161.211
            Mar 18, 2023 04:11:47.332437992 CET1538723192.168.2.23175.67.138.106
            Mar 18, 2023 04:11:47.332530975 CET1538723192.168.2.23128.146.205.100
            Mar 18, 2023 04:11:47.332534075 CET1538723192.168.2.2350.172.186.33
            Mar 18, 2023 04:11:47.332534075 CET1538723192.168.2.23151.178.134.119
            Mar 18, 2023 04:11:47.332547903 CET153872323192.168.2.23146.93.167.205
            Mar 18, 2023 04:11:47.332547903 CET1538723192.168.2.2379.153.175.193
            Mar 18, 2023 04:11:47.332573891 CET1538723192.168.2.23197.103.219.14
            Mar 18, 2023 04:11:47.332577944 CET1538723192.168.2.23184.197.196.133
            Mar 18, 2023 04:11:47.332593918 CET1538723192.168.2.23223.19.77.3
            Mar 18, 2023 04:11:47.332617044 CET1538723192.168.2.2369.25.62.145
            Mar 18, 2023 04:11:47.332653046 CET1538723192.168.2.23174.214.135.101
            Mar 18, 2023 04:11:47.332679987 CET153872323192.168.2.23186.75.174.207
            Mar 18, 2023 04:11:47.332681894 CET1538723192.168.2.23174.82.43.254
            Mar 18, 2023 04:11:47.332720041 CET1538723192.168.2.23106.160.159.233
            Mar 18, 2023 04:11:47.332739115 CET1538723192.168.2.23188.186.76.33
            Mar 18, 2023 04:11:47.332742929 CET1538723192.168.2.23124.233.29.39
            Mar 18, 2023 04:11:47.332781076 CET1538723192.168.2.23161.175.57.250
            Mar 18, 2023 04:11:47.332779884 CET1538723192.168.2.2318.119.102.220
            Mar 18, 2023 04:11:47.332818031 CET1538723192.168.2.23129.165.171.107
            Mar 18, 2023 04:11:47.332832098 CET1538723192.168.2.23119.159.208.145
            Mar 18, 2023 04:11:47.332847118 CET1538723192.168.2.2318.112.118.32
            Mar 18, 2023 04:11:47.332859039 CET153872323192.168.2.2359.226.106.26
            Mar 18, 2023 04:11:47.332885027 CET1538723192.168.2.2389.20.255.35
            Mar 18, 2023 04:11:47.332921982 CET1538723192.168.2.2346.143.73.198
            Mar 18, 2023 04:11:47.332950115 CET1538723192.168.2.23204.233.144.125
            Mar 18, 2023 04:11:47.333010912 CET1538723192.168.2.2332.26.137.49
            Mar 18, 2023 04:11:47.333033085 CET1538723192.168.2.23139.73.88.233
            Mar 18, 2023 04:11:47.333045006 CET1538723192.168.2.23192.212.104.110
            Mar 18, 2023 04:11:47.333056927 CET1538723192.168.2.23115.58.174.77
            Mar 18, 2023 04:11:47.333101034 CET1538723192.168.2.2360.114.218.130
            Mar 18, 2023 04:11:47.333101034 CET1538723192.168.2.23106.241.25.109
            Mar 18, 2023 04:11:47.333112001 CET1538723192.168.2.2338.77.56.199
            Mar 18, 2023 04:11:47.333117962 CET1538723192.168.2.23159.70.6.29
            Mar 18, 2023 04:11:47.333117962 CET153872323192.168.2.2314.206.250.62
            Mar 18, 2023 04:11:47.333131075 CET1538723192.168.2.2398.37.27.62
            Mar 18, 2023 04:11:47.333148956 CET1538723192.168.2.23147.16.27.126
            Mar 18, 2023 04:11:47.333175898 CET1538723192.168.2.2394.220.48.93
            Mar 18, 2023 04:11:47.333185911 CET1538723192.168.2.23143.239.92.250
            Mar 18, 2023 04:11:47.333188057 CET1538723192.168.2.2342.44.161.202
            Mar 18, 2023 04:11:47.333209038 CET1538723192.168.2.23152.124.75.235
            Mar 18, 2023 04:11:47.333239079 CET1538723192.168.2.2390.5.85.128
            Mar 18, 2023 04:11:47.333262920 CET153872323192.168.2.23221.45.246.3
            Mar 18, 2023 04:11:47.333295107 CET1538723192.168.2.23112.197.138.221
            Mar 18, 2023 04:11:47.333343029 CET1538723192.168.2.23174.34.247.149
            Mar 18, 2023 04:11:47.333344936 CET1538723192.168.2.2371.195.148.0
            Mar 18, 2023 04:11:47.333375931 CET1538723192.168.2.23124.126.145.224
            Mar 18, 2023 04:11:47.333398104 CET1538723192.168.2.23149.20.205.60
            Mar 18, 2023 04:11:47.333420038 CET1538723192.168.2.23169.134.17.101
            Mar 18, 2023 04:11:47.333432913 CET1538723192.168.2.2323.233.235.128
            Mar 18, 2023 04:11:47.333453894 CET1538723192.168.2.2398.229.47.164
            Mar 18, 2023 04:11:47.333487988 CET1538723192.168.2.2354.254.213.30
            Mar 18, 2023 04:11:47.333496094 CET153872323192.168.2.23103.29.128.152
            Mar 18, 2023 04:11:47.333523989 CET1538723192.168.2.2386.81.151.160
            Mar 18, 2023 04:11:47.333539963 CET1538723192.168.2.2343.79.163.132
            Mar 18, 2023 04:11:47.333554029 CET1538723192.168.2.23194.48.110.158
            Mar 18, 2023 04:11:47.333600998 CET1538723192.168.2.23156.179.241.156
            Mar 18, 2023 04:11:47.333612919 CET1538723192.168.2.23210.240.178.185
            Mar 18, 2023 04:11:47.333647966 CET1538723192.168.2.2324.87.37.1
            Mar 18, 2023 04:11:47.333658934 CET1538723192.168.2.23181.60.226.208
            Mar 18, 2023 04:11:47.333678961 CET1538723192.168.2.23104.84.243.29
            Mar 18, 2023 04:11:47.333714962 CET1538723192.168.2.23213.236.162.34
            Mar 18, 2023 04:11:47.333736897 CET153872323192.168.2.2318.53.144.192
            Mar 18, 2023 04:11:47.333745003 CET1538723192.168.2.2368.213.1.135
            Mar 18, 2023 04:11:47.333781958 CET1538723192.168.2.23162.133.143.186
            Mar 18, 2023 04:11:47.333796024 CET1538723192.168.2.23152.42.113.3
            Mar 18, 2023 04:11:47.333817959 CET1538723192.168.2.2339.146.250.159
            Mar 18, 2023 04:11:47.333837986 CET1538723192.168.2.23106.213.145.224
            Mar 18, 2023 04:11:47.333868027 CET1538723192.168.2.23132.108.7.185
            Mar 18, 2023 04:11:47.333884954 CET1538723192.168.2.2344.250.204.104
            Mar 18, 2023 04:11:47.333915949 CET1538723192.168.2.23156.170.95.37
            Mar 18, 2023 04:11:47.333915949 CET1538723192.168.2.23113.64.57.238
            Mar 18, 2023 04:11:47.333965063 CET1538723192.168.2.23216.22.200.140
            Mar 18, 2023 04:11:47.333997965 CET153872323192.168.2.23121.130.193.218
            Mar 18, 2023 04:11:47.334008932 CET1538723192.168.2.23181.52.249.106
            Mar 18, 2023 04:11:47.334012985 CET1538723192.168.2.2343.246.185.242
            Mar 18, 2023 04:11:47.334048033 CET1538723192.168.2.23125.10.32.198
            Mar 18, 2023 04:11:47.334060907 CET1538723192.168.2.2396.173.183.53
            Mar 18, 2023 04:11:47.334080935 CET1538723192.168.2.2338.180.102.147
            Mar 18, 2023 04:11:47.334106922 CET1538723192.168.2.23165.177.255.3
            Mar 18, 2023 04:11:47.334132910 CET1538723192.168.2.23191.119.249.105
            Mar 18, 2023 04:11:47.334160089 CET1538723192.168.2.2325.156.131.66
            Mar 18, 2023 04:11:47.369584084 CET4456455650192.168.2.2337.49.229.52
            Mar 18, 2023 04:11:47.397156954 CET556504456437.49.229.52192.168.2.23
            Mar 18, 2023 04:11:47.494259119 CET2315387192.169.143.97192.168.2.23
            Mar 18, 2023 04:11:47.529720068 CET2315387115.58.174.77192.168.2.23
            Mar 18, 2023 04:11:47.545558929 CET231538754.254.213.30192.168.2.23
            Mar 18, 2023 04:11:47.635694027 CET231538760.114.218.130192.168.2.23
            Mar 18, 2023 04:11:48.335589886 CET153872323192.168.2.2369.252.156.238
            Mar 18, 2023 04:11:48.335599899 CET1538723192.168.2.2350.67.11.227
            Mar 18, 2023 04:11:48.335680008 CET1538723192.168.2.23202.243.18.84
            Mar 18, 2023 04:11:48.335680008 CET1538723192.168.2.2370.127.144.51
            Mar 18, 2023 04:11:48.335680008 CET1538723192.168.2.23115.251.91.162
            Mar 18, 2023 04:11:48.335680008 CET1538723192.168.2.23161.133.193.26
            Mar 18, 2023 04:11:48.335680008 CET1538723192.168.2.23152.137.64.123
            Mar 18, 2023 04:11:48.335700035 CET1538723192.168.2.23178.87.51.148
            Mar 18, 2023 04:11:48.335705996 CET1538723192.168.2.23131.246.147.119
            Mar 18, 2023 04:11:48.335712910 CET1538723192.168.2.2364.11.214.140
            Mar 18, 2023 04:11:48.335727930 CET153872323192.168.2.2363.211.226.229
            Mar 18, 2023 04:11:48.335731983 CET1538723192.168.2.23105.229.126.218
            Mar 18, 2023 04:11:48.335747004 CET1538723192.168.2.2339.252.31.54
            Mar 18, 2023 04:11:48.335784912 CET1538723192.168.2.2337.21.122.154
            Mar 18, 2023 04:11:48.335824966 CET1538723192.168.2.2369.72.86.208
            Mar 18, 2023 04:11:48.335832119 CET1538723192.168.2.23141.220.121.191
            Mar 18, 2023 04:11:48.335832119 CET1538723192.168.2.23191.154.207.85
            Mar 18, 2023 04:11:48.335874081 CET1538723192.168.2.2344.8.186.207
            Mar 18, 2023 04:11:48.335876942 CET153872323192.168.2.2361.110.200.73
            Mar 18, 2023 04:11:48.335891962 CET1538723192.168.2.23158.171.77.251
            Mar 18, 2023 04:11:48.335920095 CET1538723192.168.2.23145.236.89.235
            Mar 18, 2023 04:11:48.335920095 CET1538723192.168.2.2384.212.2.118
            Mar 18, 2023 04:11:48.335938931 CET1538723192.168.2.23171.95.87.152
            Mar 18, 2023 04:11:48.335946083 CET1538723192.168.2.2339.169.113.218
            Mar 18, 2023 04:11:48.335977077 CET1538723192.168.2.2362.221.208.73
            Mar 18, 2023 04:11:48.336014032 CET1538723192.168.2.2393.112.132.72
            Mar 18, 2023 04:11:48.336015940 CET1538723192.168.2.23165.236.170.46
            Mar 18, 2023 04:11:48.336040974 CET1538723192.168.2.23125.247.245.98
            Mar 18, 2023 04:11:48.336040974 CET1538723192.168.2.23116.44.231.25
            Mar 18, 2023 04:11:48.336061001 CET153872323192.168.2.23174.17.42.243
            Mar 18, 2023 04:11:48.336095095 CET1538723192.168.2.23102.131.213.60
            Mar 18, 2023 04:11:48.336096048 CET1538723192.168.2.23177.117.81.16
            Mar 18, 2023 04:11:48.336096048 CET1538723192.168.2.23191.203.31.159
            Mar 18, 2023 04:11:48.336136103 CET1538723192.168.2.23153.51.160.66
            Mar 18, 2023 04:11:48.336136103 CET1538723192.168.2.23104.71.101.224
            Mar 18, 2023 04:11:48.336163044 CET1538723192.168.2.2358.125.162.192
            Mar 18, 2023 04:11:48.336163044 CET1538723192.168.2.23115.15.122.42
            Mar 18, 2023 04:11:48.336195946 CET1538723192.168.2.2375.162.215.255
            Mar 18, 2023 04:11:48.336196899 CET1538723192.168.2.2362.93.71.66
            Mar 18, 2023 04:11:48.336206913 CET1538723192.168.2.23174.221.145.205
            Mar 18, 2023 04:11:48.336265087 CET1538723192.168.2.2398.123.142.126
            Mar 18, 2023 04:11:48.336276054 CET153872323192.168.2.23145.63.0.5
            Mar 18, 2023 04:11:48.336294889 CET1538723192.168.2.23128.20.135.77
            Mar 18, 2023 04:11:48.336297989 CET1538723192.168.2.2370.246.176.240
            Mar 18, 2023 04:11:48.336314917 CET1538723192.168.2.23164.35.48.71
            Mar 18, 2023 04:11:48.336333990 CET1538723192.168.2.2362.122.20.139
            Mar 18, 2023 04:11:48.336365938 CET1538723192.168.2.2387.2.88.90
            Mar 18, 2023 04:11:48.336366892 CET1538723192.168.2.2332.43.68.158
            Mar 18, 2023 04:11:48.336384058 CET1538723192.168.2.2381.98.43.210
            Mar 18, 2023 04:11:48.336385965 CET1538723192.168.2.23223.106.60.24
            Mar 18, 2023 04:11:48.336396933 CET1538723192.168.2.2369.230.93.189
            Mar 18, 2023 04:11:48.336421013 CET153872323192.168.2.23121.39.42.189
            Mar 18, 2023 04:11:48.336488962 CET1538723192.168.2.2312.0.243.163
            Mar 18, 2023 04:11:48.336488962 CET1538723192.168.2.23213.7.185.160
            Mar 18, 2023 04:11:48.336498976 CET1538723192.168.2.23106.247.229.172
            Mar 18, 2023 04:11:48.336523056 CET1538723192.168.2.23222.248.198.31
            Mar 18, 2023 04:11:48.336524010 CET1538723192.168.2.23171.179.186.36
            Mar 18, 2023 04:11:48.336540937 CET1538723192.168.2.23100.197.22.117
            Mar 18, 2023 04:11:48.336549997 CET1538723192.168.2.2338.45.228.191
            Mar 18, 2023 04:11:48.336591959 CET1538723192.168.2.23203.151.32.82
            Mar 18, 2023 04:11:48.336746931 CET1538723192.168.2.23160.105.8.133
            Mar 18, 2023 04:11:48.336747885 CET1538723192.168.2.2320.115.189.31
            Mar 18, 2023 04:11:48.336750031 CET1538723192.168.2.23175.181.174.103
            Mar 18, 2023 04:11:48.336750031 CET1538723192.168.2.2363.17.238.209
            Mar 18, 2023 04:11:48.336750984 CET1538723192.168.2.23106.91.96.34
            Mar 18, 2023 04:11:48.336751938 CET153872323192.168.2.2331.202.83.96
            Mar 18, 2023 04:11:48.336796045 CET153872323192.168.2.23220.215.21.111
            Mar 18, 2023 04:11:48.336800098 CET1538723192.168.2.23131.56.226.126
            Mar 18, 2023 04:11:48.336800098 CET1538723192.168.2.2378.179.1.219
            Mar 18, 2023 04:11:48.336802006 CET1538723192.168.2.23181.247.198.248
            Mar 18, 2023 04:11:48.336802006 CET1538723192.168.2.2358.137.139.76
            Mar 18, 2023 04:11:48.336802006 CET1538723192.168.2.23199.148.119.235
            Mar 18, 2023 04:11:48.336812019 CET1538723192.168.2.23221.203.159.217
            Mar 18, 2023 04:11:48.336812973 CET1538723192.168.2.2366.173.195.93
            Mar 18, 2023 04:11:48.336815119 CET1538723192.168.2.2364.95.87.247
            Mar 18, 2023 04:11:48.336815119 CET1538723192.168.2.238.204.245.52
            Mar 18, 2023 04:11:48.336816072 CET1538723192.168.2.2387.115.222.252
            Mar 18, 2023 04:11:48.336812019 CET1538723192.168.2.2384.238.70.57
            Mar 18, 2023 04:11:48.336831093 CET1538723192.168.2.2312.114.47.178
            Mar 18, 2023 04:11:48.336831093 CET1538723192.168.2.2364.181.23.216
            Mar 18, 2023 04:11:48.336827993 CET1538723192.168.2.23211.198.145.14
            Mar 18, 2023 04:11:48.336846113 CET153872323192.168.2.23163.145.24.111
            Mar 18, 2023 04:11:48.336858034 CET1538723192.168.2.23126.154.219.164
            Mar 18, 2023 04:11:48.336858034 CET1538723192.168.2.2314.7.172.103
            Mar 18, 2023 04:11:48.336874962 CET1538723192.168.2.23158.91.44.255
            Mar 18, 2023 04:11:48.336879969 CET1538723192.168.2.23207.10.82.95
            Mar 18, 2023 04:11:48.336896896 CET1538723192.168.2.23101.71.100.166
            Mar 18, 2023 04:11:48.336929083 CET1538723192.168.2.23199.27.36.171
            Mar 18, 2023 04:11:48.336932898 CET1538723192.168.2.23209.113.112.246
            Mar 18, 2023 04:11:48.336950064 CET153872323192.168.2.23148.146.22.8
            Mar 18, 2023 04:11:48.336975098 CET1538723192.168.2.23166.204.140.208
            Mar 18, 2023 04:11:48.336977005 CET1538723192.168.2.23135.111.180.213
            Mar 18, 2023 04:11:48.336993933 CET1538723192.168.2.2361.100.133.84
            Mar 18, 2023 04:11:48.337019920 CET1538723192.168.2.23121.145.42.42
            Mar 18, 2023 04:11:48.337019920 CET1538723192.168.2.2375.180.30.29
            Mar 18, 2023 04:11:48.337029934 CET1538723192.168.2.23123.164.71.83
            Mar 18, 2023 04:11:48.337044954 CET1538723192.168.2.2346.166.250.119
            Mar 18, 2023 04:11:48.337075949 CET1538723192.168.2.2394.151.181.3
            Mar 18, 2023 04:11:48.337088108 CET1538723192.168.2.2336.132.88.61
            Mar 18, 2023 04:11:48.337119102 CET153872323192.168.2.2376.97.69.221
            Mar 18, 2023 04:11:48.337165117 CET1538723192.168.2.2319.15.63.200
            Mar 18, 2023 04:11:48.337167025 CET1538723192.168.2.2350.48.238.209
            Mar 18, 2023 04:11:48.337171078 CET1538723192.168.2.2351.95.136.55
            Mar 18, 2023 04:11:48.337177992 CET1538723192.168.2.23142.246.234.100
            Mar 18, 2023 04:11:48.337177992 CET1538723192.168.2.2337.163.35.88
            Mar 18, 2023 04:11:48.337205887 CET1538723192.168.2.2399.241.209.8
            Mar 18, 2023 04:11:48.337234020 CET1538723192.168.2.2345.222.196.134
            Mar 18, 2023 04:11:48.337271929 CET1538723192.168.2.23117.188.19.195
            Mar 18, 2023 04:11:48.337271929 CET1538723192.168.2.2347.108.255.169
            Mar 18, 2023 04:11:48.337280989 CET1538723192.168.2.23180.254.95.87
            Mar 18, 2023 04:11:48.337307930 CET153872323192.168.2.2325.131.123.87
            Mar 18, 2023 04:11:48.337352037 CET1538723192.168.2.23110.10.214.126
            Mar 18, 2023 04:11:48.337383986 CET1538723192.168.2.23199.116.180.247
            Mar 18, 2023 04:11:48.337388039 CET1538723192.168.2.23169.103.120.72
            Mar 18, 2023 04:11:48.337426901 CET1538723192.168.2.23157.119.100.208
            Mar 18, 2023 04:11:48.337426901 CET1538723192.168.2.2388.86.74.248
            Mar 18, 2023 04:11:48.337455988 CET1538723192.168.2.23203.196.138.254
            Mar 18, 2023 04:11:48.337455988 CET1538723192.168.2.2391.239.223.193
            Mar 18, 2023 04:11:48.337466002 CET1538723192.168.2.23104.76.133.111
            Mar 18, 2023 04:11:48.337491035 CET1538723192.168.2.23114.157.146.146
            Mar 18, 2023 04:11:48.337554932 CET153872323192.168.2.23190.254.226.157
            Mar 18, 2023 04:11:48.337574005 CET1538723192.168.2.23162.108.187.60
            Mar 18, 2023 04:11:48.337594986 CET1538723192.168.2.2366.207.201.102
            Mar 18, 2023 04:11:48.337613106 CET1538723192.168.2.23106.97.210.155
            Mar 18, 2023 04:11:48.337613106 CET1538723192.168.2.23111.226.117.211
            Mar 18, 2023 04:11:48.337630987 CET1538723192.168.2.23204.0.12.249
            Mar 18, 2023 04:11:48.337655067 CET1538723192.168.2.2389.19.103.167
            Mar 18, 2023 04:11:48.337655067 CET1538723192.168.2.23135.207.168.32
            Mar 18, 2023 04:11:48.337685108 CET1538723192.168.2.23110.69.26.165
            Mar 18, 2023 04:11:48.337723970 CET1538723192.168.2.2394.82.151.14
            Mar 18, 2023 04:11:48.337771893 CET1538723192.168.2.23100.47.67.119
            Mar 18, 2023 04:11:48.337784052 CET1538723192.168.2.23137.93.238.48
            Mar 18, 2023 04:11:48.337809086 CET1538723192.168.2.2364.181.154.9
            Mar 18, 2023 04:11:48.337850094 CET1538723192.168.2.23101.23.55.97
            Mar 18, 2023 04:11:48.337877035 CET1538723192.168.2.235.223.16.38
            Mar 18, 2023 04:11:48.337899923 CET153872323192.168.2.2383.59.10.249
            Mar 18, 2023 04:11:48.337908030 CET1538723192.168.2.2352.96.35.232
            Mar 18, 2023 04:11:48.337913990 CET1538723192.168.2.2364.49.142.180
            Mar 18, 2023 04:11:48.337976933 CET1538723192.168.2.23101.163.55.188
            Mar 18, 2023 04:11:48.337981939 CET1538723192.168.2.2379.39.202.192
            Mar 18, 2023 04:11:48.338000059 CET153872323192.168.2.23174.121.0.92
            Mar 18, 2023 04:11:48.338032961 CET1538723192.168.2.2363.146.70.9
            Mar 18, 2023 04:11:48.338041067 CET1538723192.168.2.2375.101.5.83
            Mar 18, 2023 04:11:48.338076115 CET1538723192.168.2.23151.168.191.148
            Mar 18, 2023 04:11:48.338085890 CET1538723192.168.2.23170.3.47.24
            Mar 18, 2023 04:11:48.338085890 CET1538723192.168.2.2362.206.219.84
            Mar 18, 2023 04:11:48.338124990 CET1538723192.168.2.2359.55.26.60
            Mar 18, 2023 04:11:48.338154078 CET1538723192.168.2.2365.190.229.49
            Mar 18, 2023 04:11:48.338176012 CET1538723192.168.2.2367.118.128.207
            Mar 18, 2023 04:11:48.338198900 CET1538723192.168.2.23159.79.174.191
            Mar 18, 2023 04:11:48.338234901 CET153872323192.168.2.23169.236.151.30
            Mar 18, 2023 04:11:48.338238001 CET1538723192.168.2.23211.11.238.95
            Mar 18, 2023 04:11:48.338248968 CET1538723192.168.2.23205.75.61.105
            Mar 18, 2023 04:11:48.338294029 CET1538723192.168.2.23111.95.114.118
            Mar 18, 2023 04:11:48.338294029 CET1538723192.168.2.23182.112.147.9
            Mar 18, 2023 04:11:48.338320017 CET1538723192.168.2.2317.44.151.79
            Mar 18, 2023 04:11:48.338327885 CET1538723192.168.2.23157.142.213.39
            Mar 18, 2023 04:11:48.338391066 CET1538723192.168.2.23211.32.76.129
            Mar 18, 2023 04:11:48.338393927 CET1538723192.168.2.23152.59.38.174
            Mar 18, 2023 04:11:48.338407040 CET1538723192.168.2.23213.73.151.82
            Mar 18, 2023 04:11:48.548872948 CET2315387180.254.95.87192.168.2.23
            Mar 18, 2023 04:11:48.548980951 CET1538723192.168.2.23180.254.95.87
            Mar 18, 2023 04:11:48.603774071 CET2315387115.15.122.42192.168.2.23
            Mar 18, 2023 04:11:49.339004040 CET153872323192.168.2.2380.16.87.229
            Mar 18, 2023 04:11:49.339014053 CET1538723192.168.2.23132.102.70.56
            Mar 18, 2023 04:11:49.339059114 CET1538723192.168.2.23194.73.229.143
            Mar 18, 2023 04:11:49.339111090 CET1538723192.168.2.23187.194.207.241
            Mar 18, 2023 04:11:49.339168072 CET1538723192.168.2.2377.150.164.238
            Mar 18, 2023 04:11:49.339217901 CET1538723192.168.2.23108.60.43.225
            Mar 18, 2023 04:11:49.339237928 CET1538723192.168.2.2392.95.121.237
            Mar 18, 2023 04:11:49.339246035 CET1538723192.168.2.23145.206.202.211
            Mar 18, 2023 04:11:49.339246988 CET1538723192.168.2.2338.25.55.51
            Mar 18, 2023 04:11:49.339257956 CET1538723192.168.2.23162.207.102.204
            Mar 18, 2023 04:11:49.339276075 CET153872323192.168.2.2373.4.8.123
            Mar 18, 2023 04:11:49.339332104 CET1538723192.168.2.23143.211.73.109
            Mar 18, 2023 04:11:49.339350939 CET1538723192.168.2.23216.9.123.130
            Mar 18, 2023 04:11:49.339375019 CET1538723192.168.2.2313.101.252.6
            Mar 18, 2023 04:11:49.339390039 CET1538723192.168.2.2399.48.222.159
            Mar 18, 2023 04:11:49.339392900 CET1538723192.168.2.2336.53.43.244
            Mar 18, 2023 04:11:49.339426041 CET1538723192.168.2.23141.123.158.15
            Mar 18, 2023 04:11:49.339428902 CET1538723192.168.2.23157.228.241.42
            Mar 18, 2023 04:11:49.339451075 CET1538723192.168.2.2347.144.76.171
            Mar 18, 2023 04:11:49.339487076 CET1538723192.168.2.23166.60.60.88
            Mar 18, 2023 04:11:49.339533091 CET1538723192.168.2.23173.185.83.154
            Mar 18, 2023 04:11:49.339546919 CET153872323192.168.2.23178.79.5.207
            Mar 18, 2023 04:11:49.339576960 CET1538723192.168.2.23143.151.105.252
            Mar 18, 2023 04:11:49.339586020 CET1538723192.168.2.23196.43.255.243
            Mar 18, 2023 04:11:49.339613914 CET1538723192.168.2.2318.159.91.240
            Mar 18, 2023 04:11:49.339639902 CET1538723192.168.2.23132.7.135.105
            Mar 18, 2023 04:11:49.339668989 CET1538723192.168.2.23190.160.162.28
            Mar 18, 2023 04:11:49.339668989 CET1538723192.168.2.2342.6.157.54
            Mar 18, 2023 04:11:49.339710951 CET1538723192.168.2.2392.184.19.103
            Mar 18, 2023 04:11:49.339726925 CET1538723192.168.2.23138.51.126.98
            Mar 18, 2023 04:11:49.339788914 CET153872323192.168.2.234.110.127.28
            Mar 18, 2023 04:11:49.339796066 CET1538723192.168.2.23184.109.43.85
            Mar 18, 2023 04:11:49.339849949 CET1538723192.168.2.23170.5.8.243
            Mar 18, 2023 04:11:49.339885950 CET1538723192.168.2.2360.54.175.236
            Mar 18, 2023 04:11:49.339889050 CET1538723192.168.2.23193.49.252.73
            Mar 18, 2023 04:11:49.339889050 CET1538723192.168.2.23177.103.71.0
            Mar 18, 2023 04:11:49.339968920 CET1538723192.168.2.23185.103.92.190
            Mar 18, 2023 04:11:49.339977026 CET1538723192.168.2.23194.148.145.210
            Mar 18, 2023 04:11:49.339988947 CET153872323192.168.2.2395.159.166.210
            Mar 18, 2023 04:11:49.339996099 CET1538723192.168.2.23124.54.167.36
            Mar 18, 2023 04:11:49.340008020 CET1538723192.168.2.23160.232.127.240
            Mar 18, 2023 04:11:49.340034962 CET1538723192.168.2.2349.128.244.119
            Mar 18, 2023 04:11:49.340081930 CET1538723192.168.2.23178.222.177.100
            Mar 18, 2023 04:11:49.340097904 CET1538723192.168.2.23169.177.52.83
            Mar 18, 2023 04:11:49.340150118 CET1538723192.168.2.2332.223.148.55
            Mar 18, 2023 04:11:49.340151072 CET1538723192.168.2.2323.123.168.183
            Mar 18, 2023 04:11:49.340151072 CET1538723192.168.2.23121.88.117.195
            Mar 18, 2023 04:11:49.340178967 CET1538723192.168.2.2319.16.75.89
            Mar 18, 2023 04:11:49.340190887 CET1538723192.168.2.23191.138.191.213
            Mar 18, 2023 04:11:49.340250015 CET153872323192.168.2.2385.179.29.148
            Mar 18, 2023 04:11:49.340272903 CET1538723192.168.2.239.233.217.4
            Mar 18, 2023 04:11:49.340291023 CET1538723192.168.2.238.251.238.139
            Mar 18, 2023 04:11:49.340316057 CET1538723192.168.2.2369.130.19.20
            Mar 18, 2023 04:11:49.340346098 CET1538723192.168.2.2394.192.178.255
            Mar 18, 2023 04:11:49.340346098 CET1538723192.168.2.2343.91.85.87
            Mar 18, 2023 04:11:49.340373039 CET1538723192.168.2.2348.114.76.71
            Mar 18, 2023 04:11:49.340399981 CET1538723192.168.2.2335.108.128.130
            Mar 18, 2023 04:11:49.340424061 CET1538723192.168.2.23207.237.209.39
            Mar 18, 2023 04:11:49.340451002 CET1538723192.168.2.2337.180.215.86
            Mar 18, 2023 04:11:49.340488911 CET1538723192.168.2.2358.47.190.187
            Mar 18, 2023 04:11:49.340521097 CET153872323192.168.2.23220.184.38.62
            Mar 18, 2023 04:11:49.340564966 CET1538723192.168.2.23218.181.97.47
            Mar 18, 2023 04:11:49.340564966 CET1538723192.168.2.23170.41.120.43
            Mar 18, 2023 04:11:49.340606928 CET1538723192.168.2.2393.189.243.180
            Mar 18, 2023 04:11:49.340645075 CET1538723192.168.2.23207.127.187.182
            Mar 18, 2023 04:11:49.340682030 CET1538723192.168.2.2323.233.193.56
            Mar 18, 2023 04:11:49.340687990 CET1538723192.168.2.23141.223.196.108
            Mar 18, 2023 04:11:49.340697050 CET1538723192.168.2.23207.115.46.199
            Mar 18, 2023 04:11:49.340771914 CET1538723192.168.2.23143.198.116.234
            Mar 18, 2023 04:11:49.340778112 CET1538723192.168.2.23124.170.62.232
            Mar 18, 2023 04:11:49.340795040 CET153872323192.168.2.2320.47.101.213
            Mar 18, 2023 04:11:49.340797901 CET1538723192.168.2.23194.181.222.42
            Mar 18, 2023 04:11:49.340850115 CET1538723192.168.2.2346.181.188.45
            Mar 18, 2023 04:11:49.340883970 CET1538723192.168.2.2313.149.195.221
            Mar 18, 2023 04:11:49.340886116 CET1538723192.168.2.23159.228.155.22
            Mar 18, 2023 04:11:49.340905905 CET1538723192.168.2.2373.244.218.41
            Mar 18, 2023 04:11:49.340910912 CET1538723192.168.2.23105.234.143.56
            Mar 18, 2023 04:11:49.340935946 CET1538723192.168.2.2345.1.225.154
            Mar 18, 2023 04:11:49.340969086 CET153872323192.168.2.2386.97.91.178
            Mar 18, 2023 04:11:49.340971947 CET1538723192.168.2.23148.14.11.46
            Mar 18, 2023 04:11:49.340974092 CET1538723192.168.2.23163.192.6.230
            Mar 18, 2023 04:11:49.340986013 CET1538723192.168.2.2374.109.209.244
            Mar 18, 2023 04:11:49.341037989 CET1538723192.168.2.234.132.245.186
            Mar 18, 2023 04:11:49.341048002 CET1538723192.168.2.2383.71.207.130
            Mar 18, 2023 04:11:49.341064930 CET1538723192.168.2.2335.226.220.116
            Mar 18, 2023 04:11:49.341068983 CET1538723192.168.2.23183.213.141.47
            Mar 18, 2023 04:11:49.341083050 CET1538723192.168.2.2323.162.166.121
            Mar 18, 2023 04:11:49.341118097 CET1538723192.168.2.23201.252.226.232
            Mar 18, 2023 04:11:49.341167927 CET1538723192.168.2.23161.145.158.163
            Mar 18, 2023 04:11:49.341182947 CET1538723192.168.2.23171.15.207.15
            Mar 18, 2023 04:11:49.341219902 CET153872323192.168.2.23156.143.252.129
            Mar 18, 2023 04:11:49.341238022 CET1538723192.168.2.2384.103.99.108
            Mar 18, 2023 04:11:49.341243982 CET1538723192.168.2.23140.244.42.13
            Mar 18, 2023 04:11:49.341259956 CET1538723192.168.2.2384.21.171.52
            Mar 18, 2023 04:11:49.341280937 CET1538723192.168.2.23120.160.226.132
            Mar 18, 2023 04:11:49.341351032 CET1538723192.168.2.23146.40.17.134
            Mar 18, 2023 04:11:49.341356993 CET1538723192.168.2.23223.119.114.126
            Mar 18, 2023 04:11:49.341356993 CET1538723192.168.2.2365.49.50.135
            Mar 18, 2023 04:11:49.341381073 CET1538723192.168.2.23125.185.167.97
            Mar 18, 2023 04:11:49.341409922 CET153872323192.168.2.2345.240.12.85
            Mar 18, 2023 04:11:49.341427088 CET1538723192.168.2.23135.80.93.74
            Mar 18, 2023 04:11:49.341454029 CET1538723192.168.2.23212.190.132.110
            Mar 18, 2023 04:11:49.341486931 CET1538723192.168.2.2367.138.12.33
            Mar 18, 2023 04:11:49.341516018 CET1538723192.168.2.23150.158.89.76
            Mar 18, 2023 04:11:49.341561079 CET1538723192.168.2.23196.133.74.6
            Mar 18, 2023 04:11:49.341568947 CET1538723192.168.2.23160.129.146.134
            Mar 18, 2023 04:11:49.341598034 CET1538723192.168.2.23133.254.111.157
            Mar 18, 2023 04:11:49.341603994 CET1538723192.168.2.2364.59.197.233
            Mar 18, 2023 04:11:49.341629982 CET1538723192.168.2.23186.134.153.47
            Mar 18, 2023 04:11:49.341631889 CET1538723192.168.2.23139.248.201.53
            Mar 18, 2023 04:11:49.341634989 CET153872323192.168.2.23136.224.227.189
            Mar 18, 2023 04:11:49.341691017 CET1538723192.168.2.231.254.133.171
            Mar 18, 2023 04:11:49.341691017 CET1538723192.168.2.23134.127.252.17
            Mar 18, 2023 04:11:49.341712952 CET1538723192.168.2.23156.95.83.165
            Mar 18, 2023 04:11:49.341747999 CET1538723192.168.2.23148.192.124.94
            Mar 18, 2023 04:11:49.341784954 CET1538723192.168.2.2342.228.127.138
            Mar 18, 2023 04:11:49.341794014 CET1538723192.168.2.23195.62.59.142
            Mar 18, 2023 04:11:49.341813087 CET1538723192.168.2.2396.122.101.49
            Mar 18, 2023 04:11:49.341813087 CET1538723192.168.2.23138.107.113.110
            Mar 18, 2023 04:11:49.341835976 CET1538723192.168.2.2382.137.46.222
            Mar 18, 2023 04:11:49.341867924 CET153872323192.168.2.2346.103.46.11
            Mar 18, 2023 04:11:49.341928005 CET1538723192.168.2.2347.66.76.11
            Mar 18, 2023 04:11:49.341928005 CET1538723192.168.2.2343.15.3.170
            Mar 18, 2023 04:11:49.341944933 CET1538723192.168.2.23210.77.136.11
            Mar 18, 2023 04:11:49.342010975 CET1538723192.168.2.23172.97.73.224
            Mar 18, 2023 04:11:49.342036009 CET1538723192.168.2.23180.95.226.133
            Mar 18, 2023 04:11:49.342036009 CET1538723192.168.2.23223.153.157.0
            Mar 18, 2023 04:11:49.342036963 CET1538723192.168.2.23153.112.208.157
            Mar 18, 2023 04:11:49.342070103 CET1538723192.168.2.23192.73.158.204
            Mar 18, 2023 04:11:49.342087984 CET1538723192.168.2.23212.255.108.216
            Mar 18, 2023 04:11:49.342108011 CET1538723192.168.2.2390.141.163.29
            Mar 18, 2023 04:11:49.342108011 CET153872323192.168.2.23120.100.188.8
            Mar 18, 2023 04:11:49.342128038 CET1538723192.168.2.2353.120.50.146
            Mar 18, 2023 04:11:49.342154026 CET1538723192.168.2.2374.193.198.215
            Mar 18, 2023 04:11:49.342196941 CET1538723192.168.2.2371.143.95.157
            Mar 18, 2023 04:11:49.342220068 CET1538723192.168.2.23187.208.167.76
            Mar 18, 2023 04:11:49.342262983 CET1538723192.168.2.23146.76.88.254
            Mar 18, 2023 04:11:49.342264891 CET1538723192.168.2.2379.15.70.220
            Mar 18, 2023 04:11:49.342300892 CET1538723192.168.2.2378.209.132.173
            Mar 18, 2023 04:11:49.342334986 CET1538723192.168.2.23174.149.91.221
            Mar 18, 2023 04:11:49.342340946 CET153872323192.168.2.23115.107.199.4
            Mar 18, 2023 04:11:49.342366934 CET1538723192.168.2.2340.187.204.153
            Mar 18, 2023 04:11:49.342396021 CET1538723192.168.2.23207.50.123.4
            Mar 18, 2023 04:11:49.342402935 CET1538723192.168.2.23135.67.38.32
            Mar 18, 2023 04:11:49.342432022 CET1538723192.168.2.23135.91.31.63
            Mar 18, 2023 04:11:49.342438936 CET1538723192.168.2.23116.118.111.244
            Mar 18, 2023 04:11:49.342470884 CET1538723192.168.2.23161.194.42.23
            Mar 18, 2023 04:11:49.342472076 CET1538723192.168.2.23144.229.187.71
            Mar 18, 2023 04:11:49.342505932 CET1538723192.168.2.23121.88.228.79
            Mar 18, 2023 04:11:49.342540979 CET1538723192.168.2.23123.189.109.88
            Mar 18, 2023 04:11:49.342567921 CET153872323192.168.2.23135.75.197.191
            Mar 18, 2023 04:11:49.342607021 CET1538723192.168.2.239.41.191.9
            Mar 18, 2023 04:11:49.342639923 CET1538723192.168.2.23126.118.160.49
            Mar 18, 2023 04:11:49.342653990 CET1538723192.168.2.23186.246.157.155
            Mar 18, 2023 04:11:49.342664003 CET1538723192.168.2.23121.108.131.165
            Mar 18, 2023 04:11:49.342675924 CET1538723192.168.2.2340.231.144.105
            Mar 18, 2023 04:11:49.342696905 CET1538723192.168.2.23193.157.5.15
            Mar 18, 2023 04:11:49.342730045 CET1538723192.168.2.2312.77.104.155
            Mar 18, 2023 04:11:49.342734098 CET1538723192.168.2.23175.172.16.149
            Mar 18, 2023 04:11:49.342739105 CET1538723192.168.2.2382.138.149.217
            Mar 18, 2023 04:11:49.367372036 CET231538784.21.171.52192.168.2.23
            Mar 18, 2023 04:11:49.507328033 CET2315387175.172.16.149192.168.2.23
            Mar 18, 2023 04:11:49.533864021 CET231538765.49.50.135192.168.2.23
            Mar 18, 2023 04:11:49.579468966 CET2315387121.88.117.195192.168.2.23
            Mar 18, 2023 04:11:49.585689068 CET2315387116.118.111.244192.168.2.23
            Mar 18, 2023 04:11:49.592313051 CET2315387121.88.228.79192.168.2.23
            Mar 18, 2023 04:11:49.636970043 CET23153871.254.133.171192.168.2.23
            Mar 18, 2023 04:11:54.111628056 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:11:54.111707926 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:11:54.111948967 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.202353954 CET43928443192.168.2.2391.189.91.42
            Mar 18, 2023 04:12:00.833797932 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.833869934 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.923387051 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.923510075 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.924036026 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.924057961 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.924644947 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.924670935 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.924762011 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.924823999 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.924845934 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.924920082 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.925879002 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.925900936 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.972428083 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.972531080 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.972767115 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.972767115 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.972810030 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.972834110 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.972924948 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.972924948 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.972948074 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.972979069 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.972995996 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973009109 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.973071098 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973071098 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973100901 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.973129034 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.973170042 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973198891 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973336935 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973501921 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.973542929 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.973622084 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973654985 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973654985 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973671913 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.973716974 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.973870039 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973900080 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:00.973943949 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:00.973959923 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:01.174624920 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:01.174751997 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:01.174797058 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:01.174837112 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:01.174912930 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:01.174957037 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:01.175009012 CET56406443192.168.2.23185.125.188.137
            Mar 18, 2023 04:12:01.175040960 CET44356406185.125.188.137192.168.2.23
            Mar 18, 2023 04:12:10.441939116 CET42836443192.168.2.2391.189.91.43
            Mar 18, 2023 04:12:16.585566998 CET4251680192.168.2.23109.202.202.202
            Mar 18, 2023 04:12:41.160259962 CET43928443192.168.2.2391.189.91.42
            Mar 18, 2023 04:13:01.639153957 CET42836443192.168.2.2391.189.91.43

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Mar 18, 2023 04:11:53.069406033 CET3886553192.168.2.231.1.1.1
            Mar 18, 2023 04:11:53.069500923 CET4797653192.168.2.231.1.1.1
            Mar 18, 2023 04:11:53.087305069 CET53479761.1.1.1192.168.2.23
            Mar 18, 2023 04:11:53.087356091 CET53388651.1.1.1192.168.2.23
            Mar 18, 2023 04:11:54.083563089 CET3688053192.168.2.231.1.1.1
            Mar 18, 2023 04:11:54.101205111 CET53368801.1.1.1192.168.2.23

            ICMP Packets

            TimestampSource IPDest IPChecksumCodeType
            Mar 18, 2023 04:11:44.529491901 CET58.177.193.10192.168.2.2397d6(Time to live exceeded in transit)Time Exceeded
            Mar 18, 2023 04:11:46.368096113 CET188.23.77.45192.168.2.23b77b(Unknown)Destination Unreachable
            Mar 18, 2023 04:11:46.378870010 CET93.113.132.3192.168.2.23a1b3(Net unreachable)Destination Unreachable
            Mar 18, 2023 04:11:46.486527920 CET184.150.181.220192.168.2.234af1(Net unreachable)Destination Unreachable
            Mar 18, 2023 04:11:46.577306986 CET211.239.210.150192.168.2.23211b(Time to live exceeded in transit)Time Exceeded
            Mar 18, 2023 04:11:47.684122086 CET202.202.22.46192.168.2.23c6f1(Time to live exceeded in transit)Time Exceeded
            Mar 18, 2023 04:11:48.499341011 CET154.54.85.58192.168.2.23c2b5(Time to live exceeded in transit)Time Exceeded
            Mar 18, 2023 04:11:49.088232040 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
            Mar 18, 2023 04:11:49.378272057 CET194.81.6.182192.168.2.234ee9(Net unreachable)Destination Unreachable
            Mar 18, 2023 04:11:49.381038904 CET84.96.135.126192.168.2.238ed(Unknown)Destination Unreachable
            Mar 18, 2023 04:11:49.555461884 CET64.246.167.246192.168.2.23ae68(Host unreachable)Destination Unreachable
            Mar 18, 2023 04:11:50.595716000 CET112.188.27.114192.168.2.237c14(Host unreachable)Destination Unreachable
            Mar 18, 2023 04:11:58.383207083 CET185.107.215.169192.168.2.23ceff(Host unreachable)Destination Unreachable
            Mar 18, 2023 04:13:09.108071089 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Mar 18, 2023 04:11:53.069406033 CET192.168.2.231.1.1.10xc00bStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
            Mar 18, 2023 04:11:53.069500923 CET192.168.2.231.1.1.10x287aStandard query (0)daisy.ubuntu.com28IN (0x0001)false
            Mar 18, 2023 04:11:54.083563089 CET192.168.2.231.1.1.10xa6fdStandard query (0)daisy.ubuntu.com28IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Mar 18, 2023 04:11:53.087356091 CET1.1.1.1192.168.2.230xc00bNo error (0)daisy.ubuntu.com185.125.188.136A (IP address)IN (0x0001)false
            Mar 18, 2023 04:11:53.087356091 CET1.1.1.1192.168.2.230xc00bNo error (0)daisy.ubuntu.com185.125.188.137A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • daisy.ubuntu.com

            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination Port
            0192.168.2.2356406185.125.188.137443
            TimestampkBytes transferredDirectionData
            2023-03-18 03:12:00 UTC0OUTPOST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1
            Host: daisy.ubuntu.com
            Accept: */*
            Content-Type: application/octet-stream
            X-Whoopsie-Version: 0.2.69ubuntu0.3
            Content-Length: 164887
            Expect: 100-continue
            2023-03-18 03:12:00 UTC0INHTTP/1.1 100 Continue
            2023-03-18 03:12:00 UTC0OUTData Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61
            Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
            2023-03-18 03:12:00 UTC16OUTData Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c
            Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
            2023-03-18 03:12:00 UTC32OUTData Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20
            Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
            2023-03-18 03:12:00 UTC48OUTData Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75
            Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
            2023-03-18 03:12:00 UTC64OUTData Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34
            Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
            2023-03-18 03:12:00 UTC80OUTData Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67
            Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
            2023-03-18 03:12:00 UTC96OUTData Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37
            Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
            2023-03-18 03:12:00 UTC112OUTData Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73
            Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
            2023-03-18 03:12:00 UTC128OUTData Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72
            Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
            2023-03-18 03:12:00 UTC144OUTData Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35
            Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "_source" "server/udev"Aug 17 20:25
            2023-03-18 03:12:01 UTC160OUTData Raw: 66 72 6f 6d 20 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 6f 62 6a 65 63 74 2d 32 2e 30 2e 73 6f 2e 30 0a 67 5f 6f 62 6a 65 63 74 5f 6e 65 77 5f 77 69 74 68 5f 70 72 6f 70 65 72 74 69 65 73 20 28 29 20 66 72 6f 6d 20 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 6f 62 6a 65 63 74 2d 32 2e 30 2e 73 6f 2e 30 0a 67 5f 6f 62 6a 65 63 74 5f 6e 65 77 20 28 29 20 66 72 6f 6d 20 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 6f 62 6a 65 63 74 2d 32 2e 30 2e 73 6f 2e 30 00 02 50 72 6f 63 43 6d 64 6c 69 6e 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 53 74 61 63 6b 74 72 61 63 65 41 64 64 72 65 73 73 53 69 67 6e 61 74 75 72 65 00 1b 03 00 00 2f 75 73 72
            Data Ascii: from /lib/x86_64-linux-gnu/libgobject-2.0.so.0g_object_new_with_properties () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0g_object_new () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0ProcCmdlinelight-lockerStacktraceAddressSignature/usr
            2023-03-18 03:12:01 UTC161INHTTP/1.1 400 Bad Request
            Date: Sat, 18 Mar 2023 03:12:01 GMT
            Server: gunicorn/19.7.1
            X-Daisy-Revision-Number: 958
            X-Oops-Repository-Version: 0.0.0
            Strict-Transport-Security: max-age=2592000
            Connection: close
            Transfer-Encoding: chunked
            17
            Crash already reported.
            0


            System Behavior

            General

            Start time:04:11:42
            Start date:18/03/2023
            Path:/tmp/z2H8jaZbYg.elf
            Arguments:/tmp/z2H8jaZbYg.elf
            File size:4956856 bytes
            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/tmp/z2H8jaZbYg.elf
            Arguments:n/a
            File size:4956856 bytes
            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/z2H8jaZbYg.elf bin/systemd; chmod 777 bin/systemd"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/usr/bin/rm
            Arguments:rm -rf bin/systemd
            File size:72056 bytes
            MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/usr/bin/mkdir
            Arguments:mkdir bin
            File size:88408 bytes
            MD5 hash:088c9d1df5a28ed16c726eca15964cb7

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/usr/bin/mv
            Arguments:mv /tmp/z2H8jaZbYg.elf bin/systemd
            File size:149888 bytes
            MD5 hash:504f0590fa482d4da070a702260e3716

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/usr/bin/chmod
            Arguments:chmod 777 bin/systemd
            File size:63864 bytes
            MD5 hash:739483b900c045ae1374d6f53a86a279

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/tmp/z2H8jaZbYg.elf
            Arguments:n/a
            File size:4956856 bytes
            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/tmp/z2H8jaZbYg.elf
            Arguments:n/a
            File size:4956856 bytes
            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/tmp/z2H8jaZbYg.elf
            Arguments:n/a
            File size:4956856 bytes
            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/usr/lib/systemd/systemd
            Arguments:n/a
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Chronological Activities


            General

            Start time:04:11:43
            Start date:18/03/2023
            Path:/usr/bin/journalctl
            Arguments:/usr/bin/journalctl --smart-relinquish-var
            File size:80120 bytes
            MD5 hash:bf3a987344f3bacafc44efd882abda8b

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/usr/lib/systemd/systemd
            Arguments:n/a
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/lib/systemd/systemd-journald
            Arguments:/lib/systemd/systemd-journald
            File size:162032 bytes
            MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/usr/sbin/gdm3
            Arguments:n/a
            File size:453296 bytes
            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/etc/gdm3/PrimeOff/Default
            Arguments:/etc/gdm3/PrimeOff/Default
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/usr/lib/systemd/systemd
            Arguments:n/a
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/usr/bin/dbus-daemon
            Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
            File size:249032 bytes
            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/usr/lib/systemd/systemd
            Arguments:n/a
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/usr/bin/pulseaudio
            Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
            File size:100832 bytes
            MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/usr/sbin/gdm3
            Arguments:n/a
            File size:453296 bytes
            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/etc/gdm3/PrimeOff/Default
            Arguments:/etc/gdm3/PrimeOff/Default
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/usr/sbin/gdm3
            Arguments:n/a
            File size:453296 bytes
            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

            Chronological Activities


            General

            Start time:04:11:45
            Start date:18/03/2023
            Path:/etc/gdm3/PrimeOff/Default
            Arguments:/etc/gdm3/PrimeOff/Default
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:47
            Start date:18/03/2023
            Path:/usr/libexec/gvfsd-fuse
            Arguments:n/a
            File size:47632 bytes
            MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

            Chronological Activities


            General

            Start time:04:11:47
            Start date:18/03/2023
            Path:/bin/fusermount
            Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
            File size:39144 bytes
            MD5 hash:576a1b135c82bdcbc97a91acea900566

            Chronological Activities


            General

            Start time:04:11:50
            Start date:18/03/2023
            Path:/usr/lib/systemd/systemd
            Arguments:n/a
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Chronological Activities


            General

            Start time:04:11:50
            Start date:18/03/2023
            Path:/lib/systemd/systemd-logind
            Arguments:/lib/systemd/systemd-logind
            File size:268576 bytes
            MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

            Chronological Activities


            General

            Start time:04:11:50
            Start date:18/03/2023
            Path:/usr/lib/systemd/systemd
            Arguments:n/a
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Chronological Activities


            General

            Start time:04:11:50
            Start date:18/03/2023
            Path:/usr/libexec/rtkit-daemon
            Arguments:/usr/libexec/rtkit-daemon
            File size:68096 bytes
            MD5 hash:df0cacf1db4ec95ac70f5b6e06b8ffd7

            Chronological Activities


            General

            Start time:04:11:51
            Start date:18/03/2023
            Path:/usr/lib/systemd/systemd
            Arguments:n/a
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Chronological Activities


            General

            Start time:04:11:51
            Start date:18/03/2023
            Path:/usr/bin/gpu-manager
            Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
            File size:76616 bytes
            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

            Chronological Activities


            General

            Start time:04:11:51
            Start date:18/03/2023
            Path:/usr/bin/gpu-manager
            Arguments:n/a
            File size:76616 bytes
            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

            Chronological Activities


            General

            Start time:04:11:51
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:51
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:51
            Start date:18/03/2023
            Path:/usr/bin/grep
            Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
            File size:199136 bytes
            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

            Chronological Activities


            General

            Start time:04:11:52
            Start date:18/03/2023
            Path:/usr/bin/gpu-manager
            Arguments:n/a
            File size:76616 bytes
            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

            Chronological Activities


            General

            Start time:04:11:52
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:52
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:52
            Start date:18/03/2023
            Path:/usr/bin/grep
            Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
            File size:199136 bytes
            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

            Chronological Activities


            General

            Start time:04:11:53
            Start date:18/03/2023
            Path:/usr/bin/gpu-manager
            Arguments:n/a
            File size:76616 bytes
            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

            Chronological Activities


            General

            Start time:04:11:53
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:53
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:53
            Start date:18/03/2023
            Path:/usr/bin/grep
            Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
            File size:199136 bytes
            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

            Chronological Activities


            General

            Start time:04:11:54
            Start date:18/03/2023
            Path:/usr/bin/gpu-manager
            Arguments:n/a
            File size:76616 bytes
            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

            Chronological Activities


            General

            Start time:04:11:54
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:54
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:54
            Start date:18/03/2023
            Path:/usr/bin/grep
            Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
            File size:199136 bytes
            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

            Chronological Activities


            General

            Start time:04:11:54
            Start date:18/03/2023
            Path:/usr/bin/gpu-manager
            Arguments:n/a
            File size:76616 bytes
            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

            Chronological Activities


            General

            Start time:04:11:54
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:54
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:54
            Start date:18/03/2023
            Path:/usr/bin/grep
            Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
            File size:199136 bytes
            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

            Chronological Activities


            General

            Start time:04:11:55
            Start date:18/03/2023
            Path:/usr/bin/gpu-manager
            Arguments:n/a
            File size:76616 bytes
            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

            Chronological Activities


            General

            Start time:04:11:55
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:55
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:55
            Start date:18/03/2023
            Path:/usr/bin/grep
            Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
            File size:199136 bytes
            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

            Chronological Activities


            General

            Start time:04:11:56
            Start date:18/03/2023
            Path:/usr/bin/gpu-manager
            Arguments:n/a
            File size:76616 bytes
            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

            Chronological Activities


            General

            Start time:04:11:56
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:56
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:56
            Start date:18/03/2023
            Path:/usr/bin/grep
            Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
            File size:199136 bytes
            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

            Chronological Activities


            General

            Start time:04:11:57
            Start date:18/03/2023
            Path:/usr/bin/gpu-manager
            Arguments:n/a
            File size:76616 bytes
            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

            Chronological Activities


            General

            Start time:04:11:57
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time:04:11:57
            Start date:18/03/2023
            Path:/bin/sh
            Arguments:n/a
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities