Combined execution of lspci (VGA and 3D controller extraction and device count) and nvidia-smi -q (product name extraction and non-empty count validation), together with kernel/architecture (uname -s -v -n -r -m) and uptime collection. This pattern reflects cross-validation of GPU presence using both PCI-level and NVIDIA driver-level queries, enriched with host system context.

Execution of uname -s -v -n -r -m to retrieve kernel and architecture details, uptime -p for human-readable system uptime, and lspci | grep VGA | cut -f5- -d ' ' to extract VGA-class PCI device information. This pattern reflects lightweight host profiling combined with basic GPU identification.

Identifies SSH sessions where the actor performs structured hardware reconnaissance including CPU core enumeration, GPU detection via nvidia-smi, VGA/3D controller inspection via lspci, system uptime queries, and kernel/architecture fingerprinting to assess computational capabilities of the compromised host.