Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
mipsel.elf

Overview

General Information

Sample name:mipsel.elf
Analysis ID:1580051
MD5:9127887b8e1abaa9f2903ab60a693039
SHA1:452fe3f0c0117f29fbf5c005e8dd7a4eb4376e22
SHA256:5c18e76f211f0304e220cfd88899abd9e09f4b8622c1ddf87404f32071f1e692
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1580051
Start date and time:2024-12-23 19:51:13 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 56s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mipsel.elf
Detection:MAL
Classification:mal64.spre.troj.linELF@0/0@2/0
  • VT rate limit hit for: mipsel.elf
Command:/tmp/mipsel.elf
PID:5531
Exit Code:139
Exit Code Info:SIGSEGV (11) Segmentation fault invalid memory reference
Killed:False
Standard Output:
listening to tun0
Standard Error:qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  • system is lnxubuntu20
  • mipsel.elf (PID: 5531, Parent: 5449, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/mipsel.elf
  • sh (PID: 5557, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 5557, Parent: 1498, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • sh (PID: 5564, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 5564, Parent: 1498, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • fusermount (PID: 5565, Parent: 3044, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5567, Parent: 1)
  • upowerd (PID: 5567, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • sh (PID: 5570, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • gsd-keyboard (PID: 5570, Parent: 1498, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
  • sh (PID: 5591, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 5591, Parent: 1498, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • wrapper-2.0 (PID: 5596, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5621, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • sh (PID: 5627, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
  • gsd-smartcard (PID: 5627, Parent: 1498, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
  • sh (PID: 5628, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
  • gsd-datetime (PID: 5628, Parent: 1498, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
  • wrapper-2.0 (PID: 5629, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
  • sh (PID: 5630, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • gsd-media-keys (PID: 5630, Parent: 1498, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
  • systemd New Fork (PID: 5631, Parent: 1)
  • upowerd (PID: 5631, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • wrapper-2.0 (PID: 5669, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • sh (PID: 5670, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
  • gsd-screensaver-proxy (PID: 5670, Parent: 1498, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
  • wrapper-2.0 (PID: 5671, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • sh (PID: 5675, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
  • gsd-sound (PID: 5675, Parent: 1498, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
  • sh (PID: 5676, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 5676, Parent: 1498, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • systemd New Fork (PID: 5677, Parent: 1)
  • upowerd (PID: 5677, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • sh (PID: 5715, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
  • gsd-power (PID: 5715, Parent: 1498, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
  • sh (PID: 5716, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
  • gsd-color (PID: 5716, Parent: 1498, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
  • systemd New Fork (PID: 5719, Parent: 1)
  • upowerd (PID: 5719, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 5759, Parent: 1)
  • upowerd (PID: 5759, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: mipsel.elfAvira: detected
Source: mipsel.elfReversingLabs: Detection: 52%
Source: /tmp/mipsel.elf (PID: 5531)Socket: 127.0.0.1:6628Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

barindex
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 794, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 800, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 803, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1445, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1479, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1484, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1486, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1498, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1509, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1588, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1591, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1595, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1603, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1615, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1623, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1659, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1660, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1666, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1669, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1679, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1690, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1692, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1695, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1701, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1704, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1729, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1730, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1732, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1762, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1806, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1867, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3027, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3062, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3064, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3183, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3192, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3197, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3205, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3210, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3249, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3250, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3251, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3252, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3253, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3255, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3272, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3274, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3298, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3303, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3316, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3332, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3368, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3379, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3394, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3399, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3419, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3440, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3456, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3461, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3465, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3469, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3475, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3488, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3714, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5557, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5564, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5567, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5596, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5606, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5615, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5570, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5591, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5621, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5627, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5628, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5629, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5631, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5669, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5671, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5672, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5630, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5670, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5677, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5675, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5676, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5715, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5716, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5719, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5759, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: /bin/busybox
Source: Initial sampleString containing 'busybox' found: '//proc/self/exe/bin/busybox/proc/%d/etc/systmp.d/proc//exe%s/lib/systemd/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-server/usr/lib/openssh/sftp-server/sys/system/dvr/main/usr/mnt/mtd/org/userfs/home/process/net_process/var/tmp/sonia/usr/sbin/usr/bin/mnt/gm/bin/var/Sofia/usr/sbin/sshd/usr/sbin/ntpd/usr/sbin/cupsd/usr/lib/apt/methods/http/usr/sbin/crond/usr/sbin/rsyslogd/usr/sbin/inetd/usr/sbin/dnsmasq/usr/bin/DVRServer/usr/bin/DVRShell/usr/bin/DVRControl/usr/bin/DVRRemoteAgent/usr/bin/DVRNetService/root/binw
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 794, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 800, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 803, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1445, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1479, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1484, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1486, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1498, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1509, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1588, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1591, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1595, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1603, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1615, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1623, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1659, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1660, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1666, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1669, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1679, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1690, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1692, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1695, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1701, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1704, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1729, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1730, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1732, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1762, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1806, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 1867, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3027, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3062, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3064, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3183, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3192, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3197, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3205, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3210, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3249, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3250, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3251, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3252, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3253, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3255, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3272, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3274, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3298, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3303, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3316, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3332, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3368, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3379, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3394, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3399, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3419, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3440, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3456, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3461, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3465, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3469, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3475, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3488, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 3714, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5557, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5564, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5567, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5596, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5606, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5615, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5570, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5591, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5621, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5627, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5628, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5629, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5631, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5669, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5671, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5672, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5630, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5670, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5677, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5675, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5676, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5715, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5716, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5719, result: successfulJump to behavior
Source: /tmp/mipsel.elf (PID: 5533)SIGKILL sent: pid: 5759, result: successfulJump to behavior
Source: classification engineClassification label: mal64.spre.troj.linELF@0/0@2/0

Persistence and Installation Behavior

barindex
Source: /bin/fusermount (PID: 5565)File: /proc/5565/mountsJump to behavior
Source: /tmp/mipsel.elf (PID: 5531)Queries kernel information via 'uname': Jump to behavior
Source: mipsel.elf, 5531.1.000055e5a0200000.000055e5a0287000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
Source: mipsel.elf, 5531.1.000055e5a0200000.000055e5a0287000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mipsel
Source: mipsel.elf, 5531.1.00007ffdbe2c5000.00007ffdbe2e6000.rw-.sdmpBinary or memory string: ]x86_64/usr/bin/qemu-mipsel/tmp/mipsel.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mipsel.elf
Source: mipsel.elf, 5531.1.00007ffdbe2c5000.00007ffdbe2e6000.rw-.sdmpBinary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Source: mipsel.elf, 5531.1.00007ffdbe2c5000.00007ffdbe2e6000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Application Layer Protocol
Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
File and Directory Discovery
Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580051 Sample: mipsel.elf Startdate: 23/12/2024 Architecture: LINUX Score: 64 19 daisy.ubuntu.com 2->19 23 Antivirus / Scanner detection for submitted sample 2->23 25 Multi AV Scanner detection for submitted file 2->25 7 mipsel.elf 2->7         started        9 gvfsd-fuse fusermount 2->9         started        12 gnome-session-binary sh gsd-sharing 2->12         started        14 22 other processes 2->14 signatures3 process4 signatures5 16 mipsel.elf 7->16         started        27 Sample reads /proc/mounts (often used for finding a writable filesystem) 9->27 process6 signatures7 21 Sample tries to kill multiple processes (SIGKILL) 16->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
mipsel.elf53%ReversingLabsLinux.Trojan.Mirai
mipsel.elf100%AviraLINUX/Mirai.bonb
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.25
truefalse
    high
    No contacted IP infos
    No context
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    daisy.ubuntu.comarm6.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    jackmyi686.elfGet hashmaliciousGafgyt, MiraiBrowse
    • 162.213.35.25
    jackmyarmv5.elfGet hashmaliciousGafgyt, MiraiBrowse
    • 162.213.35.24
    jackmysparc.elfGet hashmaliciousGafgyt, MiraiBrowse
    • 162.213.35.25
    jackmyarmv6.elfGet hashmaliciousGafgyt, MiraiBrowse
    • 162.213.35.25
    jackmymips64.elfGet hashmaliciousGafgyt, MiraiBrowse
    • 162.213.35.24
    jackmymipsel.elfGet hashmaliciousGafgyt, MiraiBrowse
    • 162.213.35.25
    jackmyi586.elfGet hashmaliciousGafgyt, MiraiBrowse
    • 162.213.35.25
    arm5.nn.elfGet hashmaliciousOkiruBrowse
    • 162.213.35.25
    arm.nn-20241223-1416.elfGet hashmaliciousOkiruBrowse
    • 162.213.35.24
    No context
    No context
    No context
    No created / dropped files found
    File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
    Entropy (8bit):5.539971186547304
    TrID:
    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
    File name:mipsel.elf
    File size:68'944 bytes
    MD5:9127887b8e1abaa9f2903ab60a693039
    SHA1:452fe3f0c0117f29fbf5c005e8dd7a4eb4376e22
    SHA256:5c18e76f211f0304e220cfd88899abd9e09f4b8622c1ddf87404f32071f1e692
    SHA512:cb80142f7a8656d4dd47dbc53fbe1d102a39ad2494e385ce0f74828a94577ea171567aa573fd77712607398ed214ebec85b7c51357fba368e5a8ecb3f06330c3
    SSDEEP:1536:vMwbvC6uCjZ05hPono851FmsZTNEpsaE8:vMwT0hFs1Ys8v
    TLSH:7863B505BF914FB7DCAFDD330AA9170135CD645B12A93B3A7574C828B20A64F5AE3CA4
    File Content Preview:.ELF....................`.@.4...H.......4. ...(...............@...@...........................E...E.<...T-..........Q.td...............................<...'!......'.......................<h..'!... .........9'.. ........................<8..'!...........p.9

    ELF header

    Class:ELF32
    Data:2's complement, little endian
    Version:1 (current)
    Machine:MIPS R3000
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x400260
    Flags:0x1007
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:68424
    Section Header Size:40
    Number of Section Headers:13
    Header String Table Index:12
    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .initPROGBITS0x4000940x940x8c0x00x6AX004
    .textPROGBITS0x4001200x1200xe5c00x00x6AX0016
    .finiPROGBITS0x40e6e00xe6e00x5c0x00x6AX004
    .rodataPROGBITS0x40e7400xe7400x1a700x00x2A0016
    .ctorsPROGBITS0x4501b40x101b40x80x00x3WA004
    .dtorsPROGBITS0x4501bc0x101bc0x80x00x3WA004
    .data.rel.roPROGBITS0x4501c80x101c80x840x00x3WA004
    .dataPROGBITS0x4502500x102500x3e00x00x3WA0016
    .gotPROGBITS0x4506300x106300x4c00x40x10000003WAp0016
    .sbssNOBITS0x450af00x10af00x240x00x10000003WAp004
    .bssNOBITS0x450b200x10af00x23e80x00x3WA0016
    .shstrtabSTRTAB0x00x10af00x560x00x0001
    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x4000000x4000000x101b00x101b05.58050x5R E0x10000.init .text .fini .rodata
    LOAD0x101b40x4501b40x4501b40x93c0x2d543.79260x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sbss .bss
    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
    TimestampSource PortDest PortSource IPDest IP
    Dec 23, 2024 19:52:06.155549049 CET3790353192.168.2.151.1.1.1
    Dec 23, 2024 19:52:06.155596972 CET6098453192.168.2.151.1.1.1
    Dec 23, 2024 19:52:06.295559883 CET53609841.1.1.1192.168.2.15
    Dec 23, 2024 19:52:06.297221899 CET53379031.1.1.1192.168.2.15
    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Dec 23, 2024 19:52:06.155549049 CET192.168.2.151.1.1.10x3accStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
    Dec 23, 2024 19:52:06.155596972 CET192.168.2.151.1.1.10x8dc6Standard query (0)daisy.ubuntu.com28IN (0x0001)false
    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Dec 23, 2024 19:52:06.297221899 CET1.1.1.1192.168.2.150x3accNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
    Dec 23, 2024 19:52:06.297221899 CET1.1.1.1192.168.2.150x3accNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

    System Behavior

    Start time (UTC):18:52:02
    Start date (UTC):23/12/2024
    Path:/tmp/mipsel.elf
    Arguments:/tmp/mipsel.elf
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    Start time (UTC):18:52:02
    Start date (UTC):23/12/2024
    Path:/tmp/mipsel.elf
    Arguments:-
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    Start time (UTC):18:52:02
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:02
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:02
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-sharing
    Arguments:/usr/libexec/gsd-sharing
    File size:35424 bytes
    MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

    Start time (UTC):18:52:02
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:02
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-wacom
    Arguments:/usr/libexec/gsd-wacom
    File size:39520 bytes
    MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

    Start time (UTC):18:52:02
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gvfsd-fuse
    Arguments:-
    File size:47632 bytes
    MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

    Start time (UTC):18:52:02
    Start date (UTC):23/12/2024
    Path:/bin/fusermount
    Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
    File size:39144 bytes
    MD5 hash:576a1b135c82bdcbc97a91acea900566

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/lib/systemd/systemd
    Arguments:-
    File size:1620224 bytes
    MD5 hash:9b2bec7092a40488108543f9334aab75

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/lib/upower/upowerd
    Arguments:/usr/lib/upower/upowerd
    File size:260328 bytes
    MD5 hash:1253eea2fe5fe4017069664284e326cd
    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-keyboard
    Arguments:/usr/libexec/gsd-keyboard
    File size:39760 bytes
    MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-print-notifications
    Arguments:/usr/libexec/gsd-print-notifications
    File size:51840 bytes
    MD5 hash:71539698aa691718cee775d6b9450ae2

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/bin/xfce4-panel
    Arguments:-
    File size:375768 bytes
    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
    File size:35136 bytes
    MD5 hash:ac0b8a906f359a8ae102244738682e76

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/bin/xfce4-panel
    Arguments:-
    File size:375768 bytes
    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/bin/xfce4-panel
    Arguments:-
    File size:375768 bytes
    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
    File size:35136 bytes
    MD5 hash:ac0b8a906f359a8ae102244738682e76

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-smartcard
    Arguments:/usr/libexec/gsd-smartcard
    File size:109152 bytes
    MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-datetime
    Arguments:/usr/libexec/gsd-datetime
    File size:76736 bytes
    MD5 hash:d80d39745740de37d6634d36e344d4bc

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/bin/xfce4-panel
    Arguments:-
    File size:375768 bytes
    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    File size:35136 bytes
    MD5 hash:ac0b8a906f359a8ae102244738682e76

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-media-keys
    Arguments:/usr/libexec/gsd-media-keys
    File size:232936 bytes
    MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/lib/systemd/systemd
    Arguments:-
    File size:1620224 bytes
    MD5 hash:9b2bec7092a40488108543f9334aab75

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/lib/upower/upowerd
    Arguments:/usr/lib/upower/upowerd
    File size:260328 bytes
    MD5 hash:1253eea2fe5fe4017069664284e326cd

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/bin/xfce4-panel
    Arguments:-
    File size:375768 bytes
    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
    File size:35136 bytes
    MD5 hash:ac0b8a906f359a8ae102244738682e76

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-screensaver-proxy
    Arguments:/usr/libexec/gsd-screensaver-proxy
    File size:27232 bytes
    MD5 hash:77e309450c87dceee43f1a9e50cc0d02

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/bin/xfce4-panel
    Arguments:-
    File size:375768 bytes
    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
    File size:35136 bytes
    MD5 hash:ac0b8a906f359a8ae102244738682e76

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:03
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-sound
    Arguments:/usr/libexec/gsd-sound
    File size:31248 bytes
    MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-housekeeping
    Arguments:/usr/libexec/gsd-housekeeping
    File size:51840 bytes
    MD5 hash:b55f3394a84976ddb92a2915e5d76914

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/lib/systemd/systemd
    Arguments:-
    File size:1620224 bytes
    MD5 hash:9b2bec7092a40488108543f9334aab75

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/lib/upower/upowerd
    Arguments:/usr/lib/upower/upowerd
    File size:260328 bytes
    MD5 hash:1253eea2fe5fe4017069664284e326cd

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-power
    Arguments:/usr/libexec/gsd-power
    File size:88672 bytes
    MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/libexec/gsd-color
    Arguments:/usr/libexec/gsd-color
    File size:92832 bytes
    MD5 hash:ac2861ad93ce047283e8e87cefef9a19

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/lib/systemd/systemd
    Arguments:-
    File size:1620224 bytes
    MD5 hash:9b2bec7092a40488108543f9334aab75

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/lib/upower/upowerd
    Arguments:/usr/lib/upower/upowerd
    File size:260328 bytes
    MD5 hash:1253eea2fe5fe4017069664284e326cd

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/lib/systemd/systemd
    Arguments:-
    File size:1620224 bytes
    MD5 hash:9b2bec7092a40488108543f9334aab75

    Start time (UTC):18:52:04
    Start date (UTC):23/12/2024
    Path:/usr/lib/upower/upowerd
    Arguments:/usr/lib/upower/upowerd
    File size:260328 bytes
    MD5 hash:1253eea2fe5fe4017069664284e326cd