Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
x86_64.elf

Overview

General Information

Sample name:x86_64.elf
Analysis ID:1580048
MD5:530102aa1fcf93a075b18f08c3b62a6d
SHA1:3bb762f6b1b48ebf7a17721251960c305bd0ac6a
SHA256:4b2fc4692187d29b7f4360fdf8f12c808125943837085f1d77fc9d2d6918b712
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Machine Learning detection for sample
Reads system files that contain records of logged in users
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1580048
Start date and time:2024-12-23 19:51:05 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 11s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:x86_64.elf
Detection:MAL
Classification:mal84.spre.troj.linELF@0/13@1/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown
  • VT rate limit hit for: x86_64.elf

Process Tree

  • system is lnxubuntu20
  • x86_64.elf (PID: 6255, Parent: 6180, MD5: 530102aa1fcf93a075b18f08c3b62a6d) Arguments: /tmp/x86_64.elf
  • udisksd New Fork (PID: 6272, Parent: 799)
  • dumpe2fs (PID: 6272, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • sh (PID: 6315, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 6315, Parent: 1477, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • systemd New Fork (PID: 6322, Parent: 1)
  • upowerd (PID: 6322, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • sh (PID: 6340, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 6340, Parent: 1477, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • wrapper-2.0 (PID: 6344, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • udisksd New Fork (PID: 6352, Parent: 799)
  • dumpe2fs (PID: 6352, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • wrapper-2.0 (PID: 6362, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • sh (PID: 6370, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • gsd-keyboard (PID: 6370, Parent: 1477, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
  • sh (PID: 6380, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
  • gsd-smartcard (PID: 6380, Parent: 1477, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
  • Default (PID: 6384, Parent: 1809, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PostSession/Default
  • sh (PID: 6385, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 6385, Parent: 1477, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • sh (PID: 6386, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • sh (PID: 6387, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
  • gsd-datetime (PID: 6387, Parent: 1477, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
  • gdm3 New Fork (PID: 6388, Parent: 1320)
  • Default (PID: 6388, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • sh (PID: 6389, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
  • gsd-screensaver-proxy (PID: 6389, Parent: 1477, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
  • udisksd New Fork (PID: 6391, Parent: 799)
  • dumpe2fs (PID: 6391, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • sh (PID: 6393, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
  • gsd-a11y-settings (PID: 6393, Parent: 1477, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
  • sh (PID: 6394, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
  • gsd-sound (PID: 6394, Parent: 1477, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
  • sh (PID: 6395, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 6395, Parent: 1477, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • sh (PID: 6396, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • gsd-media-keys (PID: 6396, Parent: 1477, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
  • sh (PID: 6397, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
  • gsd-color (PID: 6397, Parent: 1477, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
  • udisksd New Fork (PID: 6398, Parent: 799)
  • dumpe2fs (PID: 6398, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • sh (PID: 6399, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
  • gsd-power (PID: 6399, Parent: 1477, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
  • Xorg New Fork (PID: 6402, Parent: 1465)
  • sh (PID: 6402, Parent: 1465, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    • sh New Fork (PID: 6406, Parent: 6402)
    • xkbcomp (PID: 6406, Parent: 6402, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
  • systemd New Fork (PID: 6434, Parent: 1)
  • systemd-hostnamed (PID: 6434, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • false (PID: 6587, Parent: 6586, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
  • Xorg New Fork (PID: 6589, Parent: 1465)
  • sh (PID: 6589, Parent: 1465, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    • sh New Fork (PID: 6595, Parent: 6589)
    • xkbcomp (PID: 6595, Parent: 6589, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
  • systemd New Fork (PID: 6590, Parent: 1)
  • systemd-user-runtime-dir (PID: 6590, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 1000
  • systemd New Fork (PID: 6632, Parent: 1)
  • accounts-daemon (PID: 6632, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6647, Parent: 6632, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6648, Parent: 6647, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6650, Parent: 6648, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6651, Parent: 6650)
          • locale (PID: 6651, Parent: 6650, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6652, Parent: 6650)
          • grep (PID: 6652, Parent: 6650, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6633, Parent: 1)
  • colord (PID: 6633, Parent: 1, MD5: 70861d1b2818c9279cd4a5c9035dac1f) Arguments: /usr/libexec/colord
    • colord New Fork (PID: 6660, Parent: 6633)
    • colord-sane (PID: 6660, Parent: 6633, MD5: 5f98d754a07bf1385c3ff001cde3882e) Arguments: /usr/libexec/colord-sane
  • systemd New Fork (PID: 6661, Parent: 1)
  • systemd-localed (PID: 6661, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • gdm3 New Fork (PID: 6794, Parent: 1320)
  • Default (PID: 6794, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6795, Parent: 1320)
  • Default (PID: 6795, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
x86_64.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0x6d30:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
x86_64.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0x751f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
x86_64.elfLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x45be:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0x46cc:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
x86_64.elfLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0x9cae:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
x86_64.elfLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0x70df:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 6 entries

Memory Dumps

SourceRuleDescriptionAuthorStrings
6258.1.0000000000400000.000000000040d000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0x6d30:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
6258.1.0000000000400000.000000000040d000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0x751f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
6258.1.0000000000400000.000000000040d000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x45be:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0x46cc:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
6258.1.0000000000400000.000000000040d000.r-x.sdmpLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0x9cae:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
6258.1.0000000000400000.000000000040d000.r-x.sdmpLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0x70df:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 28 entries

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-23T19:51:55.833976+010020304901Malware Command and Control Activity Detected192.168.2.234720687.120.114.3241277TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: x86_64.elfReversingLabs: Detection: 57%
Machine Learning detection for sample
Source: x86_64.elfJoe Sandbox ML: detected

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.23:47206 -> 87.120.114.32:41277
Source: global trafficTCP traffic: 192.168.2.23:47206 -> 87.120.114.32:41277
Source: /tmp/x86_64.elf (PID: 6255)Socket: 127.0.0.1:6628Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: global trafficDNS traffic detected: DNS query: fdh32fsdfhs.shop
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 789, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 796, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 799, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1349, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1389, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1463, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1465, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1477, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1489, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1579, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1582, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1586, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1594, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1599, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1623, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1627, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1629, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1632, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1639, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1642, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1648, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1654, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1656, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1661, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1664, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1668, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1698, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1699, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1809, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1888, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1890, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2009, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2018, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2025, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2033, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2038, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2077, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2078, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2079, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2080, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2083, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2084, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2114, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2128, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2129, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2156, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2180, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2195, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2208, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2226, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2235, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2242, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: /bin/busybox
Source: Initial sampleString containing 'busybox' found: /proc/self/exe/bin/busybox/proc/%d/etc/systmp.d/proc/%s/lib/systemd/usr/lib/systemd/systemd/usr/lib/openssh/sftp-server/sys/system/dvr/main/usr/mnt/mtd/org/userfs/home/process/net_process/var/tmp/sonia/usr/sbin/usr/bin/mnt/gm/bin/var/Sofia/usr/sbin/sshd/usr/sbin/ntpd/usr/sbin/cupsd/usr/lib/apt/methods/http/usr/sbin/crond/usr/sbin/rsyslogd/usr/sbin/inetd/usr/sbin/dnsmasq/usr/bin/DVRServer/usr/bin/DVRShell/usr/bin/DVRControl/usr/bin/DVRRemoteAgent/usr/bin/DVRNetService/usr/libexec/openssh/sftp-server]
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 789, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 796, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 799, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1349, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1389, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1463, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1465, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1477, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1489, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1579, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1582, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1586, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1594, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1599, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1623, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1627, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1629, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1632, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1639, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1642, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1648, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1654, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1656, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1661, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1664, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1668, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1698, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1699, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1809, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1888, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 1890, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2009, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2018, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2025, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2033, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2038, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2077, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2078, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2079, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2080, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2083, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2084, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2114, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2128, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2129, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2156, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2180, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2195, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2208, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2226, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2235, result: successfulJump to behavior
Source: /tmp/x86_64.elf (PID: 6258)SIGKILL sent: pid: 2242, result: successfulJump to behavior
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 6258.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 6255.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 6259.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: classification engineClassification label: mal84.spre.troj.linELF@0/13@1/0
Source: /usr/libexec/gsd-wacom (PID: 6315)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
Source: /usr/libexec/gsd-wacom (PID: 6315)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/upower/upowerd (PID: 6322)Directory: <invalid fd (12)>/..Jump to behavior
Source: /usr/lib/upower/upowerd (PID: 6322)Directory: <invalid fd (11)>/..Jump to behavior
Source: /usr/libexec/gsd-keyboard (PID: 6370)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
Source: /usr/libexec/gsd-keyboard (PID: 6370)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6385)Directory: <invalid fd (9)>/..Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6385)Directory: <invalid fd (8)>/..Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale/en_US.UTF-8/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale/en_US.utf8/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale/en_US/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale/en.UTF-8/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale/en.utf8/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale/en/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale-langpack/en_US/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale-langpack/en.utf8/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Directory: /usr/share/locale-langpack/en/LC_MESSAGES/.moJump to behavior
Source: /usr/libexec/gsd-color (PID: 6397)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
Source: /usr/libexec/gsd-color (PID: 6397)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
Source: /usr/libexec/gsd-power (PID: 6399)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
Source: /usr/libexec/gsd-power (PID: 6399)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6434)Directory: <invalid fd (10)>/..Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6632)Directory: /var/lib/gdm3/.pam_environmentJump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6632)Directory: /root/.cacheJump to behavior
Source: /usr/libexec/colord (PID: 6633)Directory: /var/lib/colord/.cacheJump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6402)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6589)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 6650)Shell command executed: sh -c "locale -a | grep -F .utf8 "Jump to behavior
Source: /bin/sh (PID: 6652)Grep executable: /usr/bin/grep -> grep -F .utf8Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6632)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6632)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /tmp/x86_64.elf (PID: 6259)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-wacom (PID: 6315)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-keyboard (PID: 6370)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-smartcard (PID: 6380)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 6396)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-color (PID: 6397)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-power (PID: 6399)Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6434)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/colord-sane (PID: 6660)Queries kernel information via 'uname': Jump to behavior

Language, Device and Operating System Detection

barindex
Reads system files that contain records of logged in users
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6632)Logged in records file read: /var/log/wtmpJump to behavior

Remote Access Functionality

barindex
Detected Mirai
Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path Interception1
File and Directory Permissions Modification		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Hidden Files and Directories		LSASS Memory1
System Owner/User Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580048 Sample: x86_64.elf Startdate: 23/12/2024 Architecture: LINUX Score: 84 44 fdh32fsdfhs.shop 87.120.114.32, 41277, 47206 UNACS-AS-BG8000BurgasBG Bulgaria 2->44 46 109.202.202.202, 80 INIT7CH Switzerland 2->46 48 2 other IPs or domains 2->48 50 Suricata IDS alerts for network traffic 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 Detected Mirai 2->54 56 2 other signatures 2->56 10 systemd accounts-daemon 2->10         started        13 x86_64.elf 2->13         started        15 gnome-session-binary sh gsd-print-notifications 2->15         started        17 31 other processes 2->17 signatures3 process4 signatures5 60 Reads system files that contain records of logged in users 10->60 19 accounts-daemon language-validate 10->19         started        21 x86_64.elf 13->21         started        24 x86_64.elf 13->24         started        26 gsd-print-notifications 15->26         started        28 colord colord-sane 17->28         started        30 sh xkbcomp 17->30         started        32 sh xkbcomp 17->32         started        process6 signatures7 34 language-validate language-options 19->34         started        58 Sample tries to kill multiple processes (SIGKILL) 21->58 36 gsd-print-notifications gsd-printer 26->36         started        process8 process9 38 language-options sh 34->38         started        process10 40 sh locale 38->40         started        42 sh grep 38->42         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
x86_64.elf58%ReversingLabsLinux.Backdoor.Mirai
x86_64.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
fdh32fsdfhs.shop
87.120.114.32
truetrue
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    87.120.114.32
    		fdh32fsdfhs.shopBulgaria
    		25206UNACS-AS-BG8000BurgasBGtrue
    109.202.202.202
    		unknownSwitzerland
    		13030INIT7CHfalse
    91.189.91.43
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    91.189.91.42
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    87.120.114.32mips.elfGet hashmaliciousMiraiBrowse
      109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
      • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
      91.189.91.43mipsel.nn.elfGet hashmaliciousOkiruBrowse
        arm.nn.elfGet hashmaliciousOkiruBrowse
          jackmymips.elfGet hashmaliciousGafgyt, MiraiBrowse
            jackmypowerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
              m68k.nn.elfGet hashmaliciousOkiruBrowse
                arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                  x86_32.nn.elfGet hashmaliciousOkiruBrowse
                    vlxx.ppc.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                      arm6.nn.elfGet hashmaliciousOkiruBrowse
                        mips.nn.elfGet hashmaliciousOkiruBrowse
                          91.189.91.42mipsel.nn.elfGet hashmaliciousOkiruBrowse
                            arm.nn.elfGet hashmaliciousOkiruBrowse
                              jackmymips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                jackmypowerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                  m68k.nn.elfGet hashmaliciousOkiruBrowse
                                    arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                      x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                        vlxx.ppc.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                          arm6.nn.elfGet hashmaliciousOkiruBrowse
                                            mips.nn.elfGet hashmaliciousOkiruBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              fdh32fsdfhs.shopmips.elfGet hashmaliciousMiraiBrowse
                                              • 87.120.114.32
                                              na.elfGet hashmaliciousMiraiBrowse
                                              • 93.123.39.116
                                              na.elfGet hashmaliciousMiraiBrowse
                                              • 93.123.39.116
                                              na.elfGet hashmaliciousMiraiBrowse
                                              • 93.123.39.116
                                              na.elfGet hashmaliciousMiraiBrowse
                                              • 93.123.39.116
                                              na.elfGet hashmaliciousMiraiBrowse
                                              • 93.123.39.116
                                              na.elfGet hashmaliciousMiraiBrowse
                                              • 93.123.39.116
                                              i586.elfGet hashmaliciousMiraiBrowse
                                              • 185.196.9.5
                                              i686.elfGet hashmaliciousMiraiBrowse
                                              • 185.196.9.5
                                              i686nk.elfGet hashmaliciousMiraiBrowse
                                              • 185.196.9.5

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              CANONICAL-ASGBmipsel.nn.elfGet hashmaliciousOkiruBrowse
                                              • 91.189.91.42
                                              arm.nn.elfGet hashmaliciousOkiruBrowse
                                              • 91.189.91.42
                                              jackmymips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 91.189.91.42
                                              jackmypowerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 91.189.91.42
                                              jackmymips64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 185.125.190.26
                                              arm5.nn.elfGet hashmaliciousOkiruBrowse
                                              • 185.125.190.26
                                              m68k.nn.elfGet hashmaliciousOkiruBrowse
                                              • 91.189.91.42
                                              arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 91.189.91.42
                                              x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                              • 91.189.91.42
                                              vlxx.ppc.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                              • 91.189.91.42
                                              CANONICAL-ASGBmipsel.nn.elfGet hashmaliciousOkiruBrowse
                                              • 91.189.91.42
                                              arm.nn.elfGet hashmaliciousOkiruBrowse
                                              • 91.189.91.42
                                              jackmymips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 91.189.91.42
                                              jackmypowerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 91.189.91.42
                                              jackmymips64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 185.125.190.26
                                              arm5.nn.elfGet hashmaliciousOkiruBrowse
                                              • 185.125.190.26
                                              m68k.nn.elfGet hashmaliciousOkiruBrowse
                                              • 91.189.91.42
                                              arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 91.189.91.42
                                              x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                              • 91.189.91.42
                                              vlxx.ppc.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                              • 91.189.91.42
                                              INIT7CHmipsel.nn.elfGet hashmaliciousOkiruBrowse
                                              • 109.202.202.202
                                              arm.nn.elfGet hashmaliciousOkiruBrowse
                                              • 109.202.202.202
                                              jackmymips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 109.202.202.202
                                              jackmypowerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 109.202.202.202
                                              m68k.nn.elfGet hashmaliciousOkiruBrowse
                                              • 109.202.202.202
                                              arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 109.202.202.202
                                              x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                              • 109.202.202.202
                                              vlxx.ppc.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                              • 109.202.202.202
                                              arm6.nn.elfGet hashmaliciousOkiruBrowse
                                              • 109.202.202.202
                                              mips.nn.elfGet hashmaliciousOkiruBrowse
                                              • 109.202.202.202
                                              UNACS-AS-BG8000BurgasBGbot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              • 87.120.112.234
                                              bot.m68k.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              • 87.120.112.234
                                              bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 87.120.112.234
                                              bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 87.120.112.234
                                              bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              • 87.120.112.234
                                              bot.x86_64.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              • 87.120.112.234
                                              t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                              • 87.120.125.77
                                              List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                              • 87.120.127.215
                                              g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                              • 87.120.127.215
                                              305iz8bs.exeGet hashmaliciousUnknownBrowse
                                              • 87.120.125.214

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              /run/user/127/dconf/user

                                              Download File
                                              Process:/usr/libexec/gsd-power
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3::
                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview:.

                                              /tmp/server-0.xkm

                                              Download File
                                              Process:/usr/bin/xkbcomp
                                              File Type:Compiled XKB Keymap: lsb, version 15
                                              Category:dropped
                                              Size (bytes):12060
                                              Entropy (8bit):4.8492493153178975
                                              Encrypted:false
                                              SSDEEP:192:tDyb2zOmnECQmwTVFfLaSLus4UVcqLkjoqdD//HJeCQ1+JdDx0s2T:tDyAxvYhFf+S6tUzmp7/1MJ
                                              MD5:B4E3EB0B8B6B0FC1F46740C573E18D86
                                              SHA1:7D35426357695EBA77850757E8939A62DCEFF2D1
                                              SHA-256:7951135CC89A6E89493E3A9997C3D9054439459F8BFCE3DDEC76B943DA79FA91
                                              SHA-512:8196A23E2B5E525A5581562A2D7F2EE4FF5B694FEF3E218206D52EA9BFE80600BB0C6AA8968CA58E93E1AAD478FA05E157D08DB6D4D1224DDEA6754E377BE001
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:.mkx..............D.......................h.......<.....P.@%.......&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18

                                              /var/lib/AccountsService/users/gdm.NMG1Y2

                                              Download File
                                              Process:/usr/lib/accountsservice/accounts-daemon
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):51
                                              Entropy (8bit):4.647628037922664
                                              Encrypted:false
                                              SSDEEP:3:urCLnT+PzKLrAan4R8AKn:gI+zKLrAa4M
                                              MD5:071DABFEAD25B35D415780C2CFA55287
                                              SHA1:ED08D2B2FC77EF256FF9196934A55CFE4AE1B8E3
                                              SHA-256:E778170EDFD4C9871EFF24F592FF7A23D2A08A86479A6B14E42AF5FC1094416C
                                              SHA-512:8FBC64B76E1916570726BE87A2E9FBF7BDD1B07AB64A4A007EF20846273D416C04B32F8D2B923F1FDAA82BA729F2668A402DF608F4852E7676F67247A2666668
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:[User].Icon=/var/lib/gdm3/.face.SystemAccount=true.

                                              Static File Info

                                              General

                                              File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                                              Entropy (8bit):6.257917037577103
                                              TrID:
                                              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                              File name:x86_64.elf
                                              File size:51'264 bytes
                                              MD5:530102aa1fcf93a075b18f08c3b62a6d
                                              SHA1:3bb762f6b1b48ebf7a17721251960c305bd0ac6a
                                              SHA256:4b2fc4692187d29b7f4360fdf8f12c808125943837085f1d77fc9d2d6918b712
                                              SHA512:fd27f566f1917a8233e877ea7d846e37b663df0d2bab5e774b4d503c483f6c3e5a855713aa0d4aae360ed445ff44bc5b69aa35dd25333f5985eb18e932a53a79
                                              SSDEEP:768:nHHqmdDSodln8muwr4roeuZ7YvK3VfoRYjGbWnaWUohyye43egkE6I2jvk:HKmdDSodl8m3nZsvIfurWnaEyyOr
                                              TLSH:A9334A07B96280FDC5ADC17847BAB639CD3374BE027976AA33D4FA3A6D49D211E5D800
                                              File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@...............................................P.......P..............1..............Q.td....................................................H...._........H........

                                              Static ELF Info

                                              ELF header

                                              Class:ELF64
                                              Data:2's complement, little endian
                                              Version:1 (current)
                                              Machine:Advanced Micro Devices X86-64
                                              Version Number:0x1
                                              Type:EXEC (Executable file)
                                              OS/ABI:UNIX - System V
                                              ABI Version:0
                                              Entry Point Address:0x400194
                                              Flags:0x0
                                              ELF Header Size:64
                                              Program Header Offset:64
                                              Program Header Size:56
                                              Number of Program Headers:3
                                              Section Header Offset:50624
                                              Section Header Size:64
                                              Number of Section Headers:10
                                              Header String Table Index:9

                                              Sections

                                              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                              NULL0x00x00x00x00x0000
                                              .initPROGBITS0x4000e80xe80x130x00x6AX001
                                              .textPROGBITS0x4001000x1000xa0060x00x6AX0016
                                              .finiPROGBITS0x40a1060xa1060xe0x00x6AX001
                                              .rodataPROGBITS0x40a1200xa1200x1f700x00x2A0032
                                              .ctorsPROGBITS0x50c0980xc0980x100x00x3WA008
                                              .dtorsPROGBITS0x50c0a80xc0a80x100x00x3WA008
                                              .dataPROGBITS0x50c0c00xc0c00x4c00x00x3WA0032
                                              .bssNOBITS0x50c5800xc5800x2ce80x00x3WA0032
                                              .shstrtabSTRTAB0x00xc5800x3e0x00x0001

                                              Program Segments

                                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                              LOAD0x00x4000000x4000000xc0900xc0906.35860x5R E0x100000.init .text .fini .rodata
                                              LOAD0xc0980x50c0980x50c0980x4e80x31d02.32230x6RW 0x100000.ctors .dtors .data .bss
                                              GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2024-12-23T19:51:55.833976+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.234720687.120.114.3241277TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 23, 2024 19:51:54.716468096 CET43928443192.168.2.2391.189.91.42
                                              Dec 23, 2024 19:51:55.700193882 CET4720641277192.168.2.2387.120.114.32
                                              Dec 23, 2024 19:51:55.820907116 CET412774720687.120.114.32192.168.2.23
                                              Dec 23, 2024 19:51:55.820969105 CET4720641277192.168.2.2387.120.114.32
                                              Dec 23, 2024 19:51:55.833976030 CET4720641277192.168.2.2387.120.114.32
                                              Dec 23, 2024 19:51:55.953553915 CET412774720687.120.114.32192.168.2.23
                                              Dec 23, 2024 19:51:55.999949932 CET4720641277192.168.2.2387.120.114.32
                                              Dec 23, 2024 19:51:56.164242983 CET412774720687.120.114.32192.168.2.23
                                              Dec 23, 2024 19:51:56.802926064 CET412774720687.120.114.32192.168.2.23
                                              Dec 23, 2024 19:51:56.802985907 CET4720641277192.168.2.2387.120.114.32
                                              Dec 23, 2024 19:52:00.091574907 CET42836443192.168.2.2391.189.91.43
                                              Dec 23, 2024 19:52:00.859456062 CET4251680192.168.2.23109.202.202.202
                                              Dec 23, 2024 19:52:15.193455935 CET43928443192.168.2.2391.189.91.42
                                              Dec 23, 2024 19:52:27.479737997 CET42836443192.168.2.2391.189.91.43
                                              Dec 23, 2024 19:52:31.575225115 CET4251680192.168.2.23109.202.202.202
                                              Dec 23, 2024 19:52:56.147952080 CET43928443192.168.2.2391.189.91.42

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 23, 2024 19:51:55.552649021 CET5935453192.168.2.238.8.8.8
                                              Dec 23, 2024 19:51:55.688183069 CET53593548.8.8.8192.168.2.23

                                              ICMP Packets

                                              TimestampSource IPDest IPChecksumCodeType
                                              Dec 23, 2024 19:52:03.910279036 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
                                              Dec 23, 2024 19:53:23.925152063 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Dec 23, 2024 19:51:55.552649021 CET192.168.2.238.8.8.80xb950Standard query (0)fdh32fsdfhs.shopA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Dec 23, 2024 19:51:55.688183069 CET8.8.8.8192.168.2.230xb950No error (0)fdh32fsdfhs.shop87.120.114.32A (IP address)IN (0x0001)false

                                              System Behavior

                                              General

                                              Start time (UTC):18:51:54
                                              Start date (UTC):23/12/2024
                                              Path:/tmp/x86_64.elf
                                              Arguments:/tmp/x86_64.elf
                                              File size:51264 bytes
                                              MD5 hash:530102aa1fcf93a075b18f08c3b62a6d

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:54
                                              Start date (UTC):23/12/2024
                                              Path:/tmp/x86_64.elf
                                              Arguments:-
                                              File size:51264 bytes
                                              MD5 hash:530102aa1fcf93a075b18f08c3b62a6d

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:54
                                              Start date (UTC):23/12/2024
                                              Path:/tmp/x86_64.elf
                                              Arguments:-
                                              File size:51264 bytes
                                              MD5 hash:530102aa1fcf93a075b18f08c3b62a6d

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:54
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/udisks2/udisksd
                                              Arguments:-
                                              File size:483056 bytes
                                              MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:54
                                              Start date (UTC):23/12/2024
                                              Path:/usr/sbin/dumpe2fs
                                              Arguments:dumpe2fs -h /dev/dm-0
                                              File size:31112 bytes
                                              MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:54
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:54
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-wacom
                                              Arguments:/usr/libexec/gsd-wacom
                                              File size:39520 bytes
                                              MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/upower/upowerd
                                              Arguments:/usr/lib/upower/upowerd
                                              File size:260328 bytes
                                              MD5 hash:1253eea2fe5fe4017069664284e326cd

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-sharing
                                              Arguments:/usr/libexec/gsd-sharing
                                              File size:35424 bytes
                                              MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/udisks2/udisksd
                                              Arguments:-
                                              File size:483056 bytes
                                              MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/sbin/dumpe2fs
                                              Arguments:dumpe2fs -h /dev/dm-0
                                              File size:31112 bytes
                                              MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/bin/xfce4-panel
                                              Arguments:-
                                              File size:375768 bytes
                                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                              File size:35136 bytes
                                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-keyboard
                                              Arguments:/usr/libexec/gsd-keyboard
                                              File size:39760 bytes
                                              MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-smartcard
                                              Arguments:/usr/libexec/gsd-smartcard
                                              File size:109152 bytes
                                              MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/gdm3/gdm-session-worker
                                              Arguments:-
                                              File size:293360 bytes
                                              MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/etc/gdm3/PostSession/Default
                                              Arguments:/etc/gdm3/PostSession/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-rfkill
                                              Arguments:/usr/libexec/gsd-rfkill
                                              File size:51808 bytes
                                              MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-print-notifications
                                              Arguments:/usr/libexec/gsd-print-notifications
                                              File size:51840 bytes
                                              MD5 hash:71539698aa691718cee775d6b9450ae2

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:01
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-print-notifications
                                              Arguments:-
                                              File size:51840 bytes
                                              MD5 hash:71539698aa691718cee775d6b9450ae2

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:01
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-print-notifications
                                              Arguments:-
                                              File size:51840 bytes
                                              MD5 hash:71539698aa691718cee775d6b9450ae2

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:01
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-printer
                                              Arguments:/usr/libexec/gsd-printer
                                              File size:31120 bytes
                                              MD5 hash:7995828cf98c315fd55f2ffb3b22384d

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-datetime
                                              Arguments:/usr/libexec/gsd-datetime
                                              File size:76736 bytes
                                              MD5 hash:d80d39745740de37d6634d36e344d4bc

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/sbin/gdm3
                                              Arguments:-
                                              File size:453296 bytes
                                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/etc/gdm3/PrimeOff/Default
                                              Arguments:/etc/gdm3/PrimeOff/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-screensaver-proxy
                                              Arguments:/usr/libexec/gsd-screensaver-proxy
                                              File size:27232 bytes
                                              MD5 hash:77e309450c87dceee43f1a9e50cc0d02

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/udisks2/udisksd
                                              Arguments:-
                                              File size:483056 bytes
                                              MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/sbin/dumpe2fs
                                              Arguments:dumpe2fs -h /dev/dm-0
                                              File size:31112 bytes
                                              MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-a11y-settings
                                              Arguments:/usr/libexec/gsd-a11y-settings
                                              File size:23056 bytes
                                              MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-sound
                                              Arguments:/usr/libexec/gsd-sound
                                              File size:31248 bytes
                                              MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:55
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-housekeeping
                                              Arguments:/usr/libexec/gsd-housekeeping
                                              File size:51840 bytes
                                              MD5 hash:b55f3394a84976ddb92a2915e5d76914

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-media-keys
                                              Arguments:/usr/libexec/gsd-media-keys
                                              File size:232936 bytes
                                              MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-color
                                              Arguments:/usr/libexec/gsd-color
                                              File size:92832 bytes
                                              MD5 hash:ac2861ad93ce047283e8e87cefef9a19

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/udisks2/udisksd
                                              Arguments:-
                                              File size:483056 bytes
                                              MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/sbin/dumpe2fs
                                              Arguments:dumpe2fs -h /dev/dm-0
                                              File size:31112 bytes
                                              MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/gsd-power
                                              Arguments:/usr/libexec/gsd-power
                                              File size:88672 bytes
                                              MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/xorg/Xorg
                                              Arguments:-
                                              File size:2448840 bytes
                                              MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:56
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:57
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:51:57
                                              Start date (UTC):23/12/2024
                                              Path:/usr/bin/xkbcomp
                                              Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                                              File size:217184 bytes
                                              MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:01
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:01
                                              Start date (UTC):23/12/2024
                                              Path:/lib/systemd/systemd-hostnamed
                                              Arguments:/lib/systemd/systemd-hostnamed
                                              File size:35040 bytes
                                              MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:02
                                              Start date (UTC):23/12/2024
                                              Path:/usr/bin/dbus-daemon
                                              Arguments:-
                                              File size:249032 bytes
                                              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:02
                                              Start date (UTC):23/12/2024
                                              Path:/bin/false
                                              Arguments:/bin/false
                                              File size:39256 bytes
                                              MD5 hash:3177546c74e4f0062909eae43d948bfc

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:02
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/xorg/Xorg
                                              Arguments:-
                                              File size:2448840 bytes
                                              MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:02
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:02
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:02
                                              Start date (UTC):23/12/2024
                                              Path:/usr/bin/xkbcomp
                                              Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                                              File size:217184 bytes
                                              MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:02
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:02
                                              Start date (UTC):23/12/2024
                                              Path:/lib/systemd/systemd-user-runtime-dir
                                              Arguments:/lib/systemd/systemd-user-runtime-dir stop 1000
                                              File size:22672 bytes
                                              MD5 hash:d55f4b0847f88131dbcfb07435178e54

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:08
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:08
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/accountsservice/accounts-daemon
                                              Arguments:/usr/lib/accountsservice/accounts-daemon
                                              File size:203192 bytes
                                              MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/accountsservice/accounts-daemon
                                              Arguments:-
                                              File size:203192 bytes
                                              MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/usr/share/language-tools/language-validate
                                              Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/usr/share/language-tools/language-validate
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/usr/share/language-tools/language-options
                                              Arguments:/usr/share/language-tools/language-options
                                              File size:3478464 bytes
                                              MD5 hash:16a21f464119ea7fad1d3660de963637

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/usr/share/language-tools/language-options
                                              Arguments:-
                                              File size:3478464 bytes
                                              MD5 hash:16a21f464119ea7fad1d3660de963637

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "locale -a | grep -F .utf8 "
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/usr/bin/locale
                                              Arguments:locale -a
                                              File size:58944 bytes
                                              MD5 hash:c72a78792469db86d91369c9057f20d2

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:11
                                              Start date (UTC):23/12/2024
                                              Path:/usr/bin/grep
                                              Arguments:grep -F .utf8
                                              File size:199136 bytes
                                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:09
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:09
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/colord
                                              Arguments:/usr/libexec/colord
                                              File size:346632 bytes
                                              MD5 hash:70861d1b2818c9279cd4a5c9035dac1f

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:15
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/colord
                                              Arguments:-
                                              File size:346632 bytes
                                              MD5 hash:70861d1b2818c9279cd4a5c9035dac1f

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:15
                                              Start date (UTC):23/12/2024
                                              Path:/usr/libexec/colord-sane
                                              Arguments:/usr/libexec/colord-sane
                                              File size:18736 bytes
                                              MD5 hash:5f98d754a07bf1385c3ff001cde3882e

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:16
                                              Start date (UTC):23/12/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:16
                                              Start date (UTC):23/12/2024
                                              Path:/lib/systemd/systemd-localed
                                              Arguments:/lib/systemd/systemd-localed
                                              File size:43232 bytes
                                              MD5 hash:1244af9646256d49594f2a8203329aa9

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:17
                                              Start date (UTC):23/12/2024
                                              Path:/usr/sbin/gdm3
                                              Arguments:-
                                              File size:453296 bytes
                                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:17
                                              Start date (UTC):23/12/2024
                                              Path:/etc/gdm3/PrimeOff/Default
                                              Arguments:/etc/gdm3/PrimeOff/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:17
                                              Start date (UTC):23/12/2024
                                              Path:/usr/sbin/gdm3
                                              Arguments:-
                                              File size:453296 bytes
                                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                              Chronological Activities


                                              General

                                              Start time (UTC):18:52:17
                                              Start date (UTC):23/12/2024
                                              Path:/etc/gdm3/PrimeOff/Default
                                              Arguments:/etc/gdm3/PrimeOff/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities