Mar 3 12:31:57 pop-os/192.168.3.99 THOR: Notice: MODULE: Init MESSAGE: Some modules and features are not available in Lite version and will be disabled SCANID: S-JxdnP711ONI Mar 3 12:31:57 pop-os/192.168.3.99 THOR: Notice: MODULE: Startup MESSAGE: This THOR Lite license permits non-commercial use only. It is strictly prohibited to sell THOR Lite or sell services that include the use of THOR Lite. For details, see the EULA in the ./docs folder. For a special license that covers these cases, allows Sigma scanning and suppresses this message, please contact our sales via https://www.nextron-systems.com/get-started/ SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Thor Version: 10.7.20 SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Thor Build: 0527b3525298 (2025-02-17 02:38:33) SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Run on system: pop-os SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Running as user: root SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: User has admin rights: yes SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Working Directory: /home/fab4/Downloads/Thor/thor10.7lite-linux-pack SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Thor Scan started SCANID: S-JxdnP711ONI START_TIME: Mon Mar 3 05:32:02 2025 HOSTNAME: pop-os Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Effective argument list: [--alldrives --follow-symlinks --intense --nocpulimit --allfiles --ads --full-proc-integrity --allreasons --resume --vtkey 126e0... --vtmode full] SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Platform: Pop!_OS 22.04 LTS SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Platform DeepEval SCANID: S-JxdnP711ONI NAME: Pop!_OS 22.04 LTS KERNEL_NAME: Linux KERNEL_VERSION: 6.9.3-76060903-generic PROC: x86_64 ARCH: x86_64 Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Language: en_US, Zone: MST SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: System Uptime: 0.02 days SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: CPU Count: 4 SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Memory in Megabyte: 15683 SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Signature Database: 2025/02/28-182121 SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Successfully compiled 0 false positive filters SCANID: S-JxdnP711ONI TYPE: log filter Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Writing report file to: pop-os_thor_2025-03-03_0531.txt SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Writing csv report file to: pop-os_files_md5s.csv SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: No json report file will be written SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Writing html report file to: pop-os_thor_2025-03-03_0531.html SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: Syslog Export: off SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: IP Address 1: 192.168.3.99 SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: IP Address 2: 172.17.0.1 SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: IP Address 3: 172.18.0.1 SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: ScanID: S-JxdnP711ONI SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Startup MESSAGE: System is not a domain controller SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Intense Scan Mode SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Max. file size to be scanned is 209.7 MB, use --max_file_size to increase the limit SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Selected modules: Autoruns, Cron, EnvCheck, Filescan, Firewall, Hosts, Integritycheck, LoggedIn, ProcessCheck, Rootkit, ServiceCheck, Timestomp, UserDir, Users SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Deselected modules: Artifact-Collector, DeepDive, Dropzone, Thunderstorm SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Selected features: Amcache, Archive, ArchiveScan, AtJobs, Auditlog, AuthorizedKeys, Bifrost2, BulkScan, C2, CheckString, CronParser, DoublePulsar, DumpScan, ETL, EVTX, Eml, EnrichFileInfo, ExeDecompress, FilenameIOCs, Filescan, GroupsXML, KeywordIOCs, Lnk, LogScan, Logger, MagicHeader, OLE, ParseCobaltStrike, Prefetch, ProcessConnections, ProcessHandles, ProcessIntegrity, ProgressTracker, RecycleBin, RegistryHive, Rescontrol, SHIMCache, Sigma, SignalHandler, Stix, TeamViewer, ThorDB, VirusTotal, VulnerabilityCheck, WER, WMIPersistence, WebdirScan, WorkerProgressTracker, Yara SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Deselected features: AuditTrail, AuditTrailWriter, Bifrost, CPULimit SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: System Type: Server SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: License file found SCANID: S-JxdnP711ONI LICENSE: thor-lite-a55d055c-e3809116-20250127-20250730.lic OWNER: [email protected] TYPE: Lite STARTS: 2025/01/27 EXPIRES: 2025/07/30 SCANNER: THOR Lite VALID: true Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module EnvCheck due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module Firewall due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module Integritycheck due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module LoggedIn due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module ServiceCheck due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module UserDir due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module Cron due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module Hosts due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module Rootkit due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module Timestomp due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling module Users due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Sigma due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature TeamViewer due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature ArchiveScan due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Auditlog due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature DoublePulsar due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Eml due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Archive due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature VirusTotal due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature VulnerabilityCheck due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature AuthorizedKeys due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature BulkScan due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature GroupsXML due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature ProgressTracker due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature CronParser due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature EVTX due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature MagicHeader due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Stix due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature WMIPersistence due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Amcache due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Logger due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature RecycleBin due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature RegistryHive due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature WorkerProgressTracker due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature SHIMCache due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature WebdirScan due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature AtJobs due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature DumpScan due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature ExeDecompress due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Lnk due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature OLE due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature SignalHandler due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Bifrost2 due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature Prefetch due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Disabling feature WER due to Lite version SCANID: S-JxdnP711ONI Mar 3 12:32:02 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from thor-lite-all.yas as 'default' type SCANID: S-JxdnP711ONI Mar 3 12:32:05 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from thor-lite-deepscan-selectors.yasx as 'meta' type SCANID: S-JxdnP711ONI Mar 3 12:32:05 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from thor-lite-keywords.yas as 'keyword' type SCANID: S-JxdnP711ONI Mar 3 12:32:05 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from thor-lite-log-sigs.yas as 'log' type SCANID: S-JxdnP711ONI Mar 3 12:32:05 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from thor-lite-meta.yas as 'meta' type SCANID: S-JxdnP711ONI Mar 3 12:32:05 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from thor-lite-peids.yas as 'default' type SCANID: S-JxdnP711ONI Mar 3 12:32:05 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from thor-lite-process-memory-sigs.yas as 'process' type SCANID: S-JxdnP711ONI Mar 3 12:32:05 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from thor-lite-registry.yas as 'registry' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from animalfarm.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from badiis.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from prikormka.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from invisimole.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from keydnap.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from kobalos.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from linux-moose.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from mozi.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from mumblehard_packer.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from rich_headers_iconicpayloads_3cx.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from potaonew.yara as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from rakos.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from redline.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from sparklinggoblin.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from sshdoor.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from stantinko.yar as 'default' and 'custom' type SCANID: S-JxdnP711ONI Mar 3 12:32:06 pop-os/192.168.3.99 THOR: Info: MODULE: Init MESSAGE: Adding rule set from ta410.yar as 'default