Linux
Analysis Report
rep.ppc.elf
Overview
General Information
Sample name: | rep.ppc.elf |
Analysis ID: | 1653457 |
MD5: | e9082b6cc402fc736c9193d14ae6d5f4 |
SHA1: | 7778718ba1f24d948a6e8ac4cc1c54bf31722ee6 |
SHA256: | a187c42abbd1f889f24e082a5b436a614d09bfea86271e5bfcae1a08b9d4381a |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Mirai
Score: | 80 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings indicative of password brute-forcing capabilities
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1653457 |
Start date and time: | 2025-04-01 09:40:22 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | rep.ppc.elf |
Detection: | MAL |
Classification: | mal80.spre.troj.linELF@0/0@9/0 |
Command: | /tmp/rep.ppc.elf |
PID: | 5429 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | The Peoples Bank of China. |
Standard Error: |
- system is lnxubuntu20
- rep.ppc.elf New Fork (PID: 5431, Parent: 5429)
- rep.ppc.elf New Fork (PID: 5433, Parent: 5431)
- rep.ppc.elf New Fork (PID: 5435, Parent: 5431)
- rep.ppc.elf New Fork (PID: 5437, Parent: 5431)
- gdm3 New Fork (PID: 5458, Parent: 1400)
- xfce4-session New Fork (PID: 5462, Parent: 2984)
- gdm3 New Fork (PID: 5466, Parent: 1400)
- xfce4-session New Fork (PID: 5467, Parent: 2984)
- xfce4-session New Fork (PID: 5468, Parent: 2984)
- xfce4-session New Fork (PID: 5469, Parent: 2984)
- xfce4-session New Fork (PID: 5470, Parent: 2984)
- xfce4-session New Fork (PID: 5472, Parent: 2984)
- xfce4-session New Fork (PID: 5474, Parent: 2984)
- xfce4-session New Fork (PID: 5475, Parent: 2984)
- xfce4-session New Fork (PID: 5476, Parent: 2984)
- xfce4-session New Fork (PID: 5478, Parent: 2984)
- xfce4-session New Fork (PID: 5480, Parent: 2984)
- systemd New Fork (PID: 5492, Parent: 1)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | ||
Click to see the 1 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Spreading
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | String: |
Networking |
---|
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | String containing potential weak password found: | ||
Source: | String containing potential weak password found: | ||
Source: | String containing potential weak password found: | ||
Source: | String containing potential weak password found: | ||
Source: | String containing potential weak password found: | ||
Source: | String containing potential weak password found: | ||
Source: | String containing potential weak password found: | ||
Source: | String containing potential weak password found: | ||
Source: | String containing potential weak password found: | ||
Source: | String containing potential weak password found: |
Source: | .symtab present: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 File Deletion | 1 Brute Force | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | 1 Service Stop |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | Virustotal | Browse | ||
47% | ReversingLabs | Linux.Exploit.Mirai | ||
100% | Avira | EXP/ELF.Mirai.W |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cuttiecats.ru | 45.135.194.73 | true | false | high | |
qittler.ru. [malformed] | unknown | unknown | false | high | |
cuttiecats.ru. [malformed] | unknown | unknown | false | high | |
cat-are-here.ru. [malformed] | unknown | unknown | false | high | |
mykittler.ru. [malformed] | unknown | unknown | false | high | |
polizei.su. [malformed] | unknown | unknown | false | high | |
kittlez.ru. [malformed] | unknown | unknown | false | high | |
kittlerer.ru. [malformed] | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
41.140.224.47 | unknown | Morocco | 36903 | MT-MPLSMA | false | |
130.97.240.159 | unknown | United States | 13326 | TUFTS-UNIVERSITYUS | false | |
68.51.53.16 | unknown | United States | 7922 | COMCAST-7922US | false | |
97.51.54.229 | unknown | United States | 22394 | CELLCOUS | false | |
45.135.194.73 | cuttiecats.ru | Germany | 213030 | SKYLINKCZ | false | |
129.247.171.52 | unknown | Germany | 680 | DFNVereinzurFoerderungeinesDeutschenForschungsnetzese | false | |
218.59.146.160 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
20.252.72.121 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
89.214.6.78 | unknown | Portugal | 42863 | MEO-MOVELPT | false | |
63.60.6.42 | unknown | United States | 701 | UUNETUS | false | |
12.150.166.125 | unknown | United States | 2386 | INS-ASUS | false | |
59.72.61.169 | unknown | China | 4538 | ERX-CERNET-BKBChinaEducationandResearchNetworkCenter | false | |
206.215.173.153 | unknown | United States | 11139 | CWC-ROC-11139DM | false | |
109.7.79.41 | unknown | France | 15557 | LDCOMNETFR | false | |
213.62.46.246 | unknown | European Union | 2686 | ATGS-MMD-ASUS | false | |
16.204.78.196 | unknown | United States | unknown | unknown | false | |
112.249.18.61 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
199.57.122.64 | unknown | United States | 721 | DNIC-ASBLK-00721-00726US | false | |
211.98.97.40 | unknown | China | 63711 | CTTNETChinaTieTongTelecommunicationsCorporationCN | false | |
146.89.161.198 | unknown | United States | 17153 | NMT-ASUS | false | |
108.181.143.40 | unknown | Canada | 852 | ASN852CA | false | |
221.190.48.86 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | false | |
216.152.21.20 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
43.122.107.180 | unknown | Japan | 4249 | LILLY-ASUS | false | |
157.112.89.233 | unknown | Japan | 23620 | DMMDMMcomLLCJP | false | |
220.90.22.208 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
129.210.216.127 | unknown | United States | 26488 | SCU-ASNUS | false | |
163.77.150.110 | unknown | France | 17816 | CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi | false | |
69.149.103.63 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
146.40.239.218 | unknown | United States | 197938 | TRAVIANGAMESDE | false | |
188.98.241.185 | unknown | Germany | 3209 | VODANETInternationalIP-BackboneofVodafoneDE | false | |
86.126.115.122 | unknown | Romania | 8708 | RCS-RDS73-75DrStaicoviciRO | false | |
9.87.19.223 | unknown | United States | 3356 | LEVEL3US | false | |
171.114.217.29 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
200.187.88.217 | unknown | Brazil | 28580 | CILNETComunicacaoeInformaticaLTDABR | false | |
113.143.169.220 | unknown | China | 4835 | CHINANET-IDC-SNChinaTelecomGroupCN | false | |
96.179.233.183 | unknown | United States | 7922 | COMCAST-7922US | false | |
14.162.101.86 | unknown | Viet Nam | 45899 | VNPT-AS-VNVNPTCorpVN | false | |
209.70.82.201 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false | |
48.112.235.132 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
115.165.9.124 | unknown | Japan | 9365 | ITSCOMitscommunicationsIncJP | false | |
162.142.13.217 | unknown | United States | 394283 | BEACON-HEALTH-SYSTEMUS | false | |
149.219.194.158 | unknown | Germany | 8303 | WDR-ASDE | false |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
cuttiecats.ru | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MT-MPLSMA | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CELLCOUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
COMCAST-7922US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
TUFTS-UNIVERSITYUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.372680221437675 |
TrID: |
|
File name: | rep.ppc.elf |
File size: | 93'112 bytes |
MD5: | e9082b6cc402fc736c9193d14ae6d5f4 |
SHA1: | 7778718ba1f24d948a6e8ac4cc1c54bf31722ee6 |
SHA256: | a187c42abbd1f889f24e082a5b436a614d09bfea86271e5bfcae1a08b9d4381a |
SHA512: | 6dbf5955955139c2b9035e883fe39f1dc0ccd8ce827875a7f840ee0cde06e064800d741326cb6cca65290fd647606747db9326cc603f64eef355b6b4d4d5dd25 |
SSDEEP: | 1536:T0InRoDdlHQGD0Izw+uG8rFrnruHn6O8QhR15iiBbtiCKkRQYD:T0AA/i3rJryV1EiviCKXYD |
TLSH: | 11934B4272040A33D99305B4363F1BF0A3B7A65032E1F287644EBB565DF6E33598AF99 |
File Content Preview: | .ELF...........................4..i......4. ...(......................f...f...............f...f...f.......4p........dt.Q.............................!..|......$H...H.4q...$8!. |...N.. .!..|.......?.........i...../...@..\?.....f..+../...A..$8...})....f.N.. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 92632 |
Section Header Size: | 40 |
Number of Section Headers: | 12 |
Header String Table Index: | 11 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x10000094 | 0x94 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x100000b8 | 0xb8 | 0x134c8 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x10013580 | 0x13580 | 0x20 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x100135a0 | 0x135a0 | 0x3110 | 0x0 | 0x2 | A | 0 | 0 | 8 |
.ctors | PROGBITS | 0x100266b4 | 0x166b4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x100266bc | 0x166bc | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x100266c8 | 0x166c8 | 0x280 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.sdata | PROGBITS | 0x10026948 | 0x16948 | 0x44 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.sbss | NOBITS | 0x1002698c | 0x1698c | 0x6c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x100269f8 | 0x1698c | 0x312c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x1698c | 0x4b | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x10000000 | 0x10000000 | 0x166b0 | 0x166b0 | 6.4082 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x166b4 | 0x100266b4 | 0x100266b4 | 0x2d8 | 0x3470 | 1.7242 | 0x6 | RW | 0x10000 | .ctors .dtors .data .sdata .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 84
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 1, 2025 09:41:11.791409969 CEST | 46026 | 23 | 192.168.2.13 | 86.126.115.122 |
Apr 1, 2025 09:41:11.796884060 CEST | 48564 | 23 | 192.168.2.13 | 163.77.150.110 |
Apr 1, 2025 09:41:11.800184011 CEST | 46976 | 23 | 192.168.2.13 | 211.98.97.40 |
Apr 1, 2025 09:41:11.803725958 CEST | 36956 | 23 | 192.168.2.13 | 97.51.54.229 |
Apr 1, 2025 09:41:11.807245970 CEST | 35160 | 23 | 192.168.2.13 | 43.122.107.180 |
Apr 1, 2025 09:41:11.812622070 CEST | 59658 | 23 | 192.168.2.13 | 16.204.78.196 |
Apr 1, 2025 09:41:11.815270901 CEST | 53390 | 23 | 192.168.2.13 | 157.112.89.233 |
Apr 1, 2025 09:41:11.819884062 CEST | 54394 | 23 | 192.168.2.13 | 9.87.19.223 |
Apr 1, 2025 09:41:11.823412895 CEST | 49046 | 23 | 192.168.2.13 | 89.214.6.78 |
Apr 1, 2025 09:41:11.826451063 CEST | 58216 | 23 | 192.168.2.13 | 68.51.53.16 |
Apr 1, 2025 09:41:11.829133987 CEST | 49696 | 23 | 192.168.2.13 | 113.143.169.220 |
Apr 1, 2025 09:41:11.832144022 CEST | 34400 | 23 | 192.168.2.13 | 115.165.9.124 |
Apr 1, 2025 09:41:11.836338997 CEST | 36784 | 23 | 192.168.2.13 | 14.162.101.86 |
Apr 1, 2025 09:41:11.839119911 CEST | 38442 | 23 | 192.168.2.13 | 221.190.48.86 |
Apr 1, 2025 09:41:11.842365980 CEST | 38698 | 23 | 192.168.2.13 | 108.181.143.40 |
Apr 1, 2025 09:41:11.847057104 CEST | 50528 | 23 | 192.168.2.13 | 162.142.13.217 |
Apr 1, 2025 09:41:11.850301981 CEST | 49832 | 23 | 192.168.2.13 | 63.60.6.42 |
Apr 1, 2025 09:41:11.905625105 CEST | 32920 | 23 | 192.168.2.13 | 209.70.82.201 |
Apr 1, 2025 09:41:11.915905952 CEST | 46876 | 23 | 192.168.2.13 | 12.150.166.125 |
Apr 1, 2025 09:41:12.056005001 CEST | 39384 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:12.066385031 CEST | 37272 | 23 | 192.168.2.13 | 218.59.146.160 |
Apr 1, 2025 09:41:12.072841883 CEST | 48130 | 23 | 192.168.2.13 | 41.140.224.47 |
Apr 1, 2025 09:41:12.084642887 CEST | 34000 | 23 | 192.168.2.13 | 220.90.22.208 |
Apr 1, 2025 09:41:12.088139057 CEST | 51306 | 23 | 192.168.2.13 | 146.89.161.198 |
Apr 1, 2025 09:41:12.093451023 CEST | 34132 | 23 | 192.168.2.13 | 130.97.240.159 |
Apr 1, 2025 09:41:12.097388983 CEST | 34162 | 23 | 192.168.2.13 | 69.149.103.63 |
Apr 1, 2025 09:41:12.101938963 CEST | 49594 | 23 | 192.168.2.13 | 171.114.217.29 |
Apr 1, 2025 09:41:12.109682083 CEST | 47866 | 23 | 192.168.2.13 | 20.252.72.121 |
Apr 1, 2025 09:41:12.115154982 CEST | 54024 | 23 | 192.168.2.13 | 129.210.216.127 |
Apr 1, 2025 09:41:12.139051914 CEST | 43332 | 23 | 192.168.2.13 | 200.187.88.217 |
Apr 1, 2025 09:41:12.143419027 CEST | 55392 | 23 | 192.168.2.13 | 59.72.61.169 |
Apr 1, 2025 09:41:12.149831057 CEST | 39156 | 23 | 192.168.2.13 | 216.152.21.20 |
Apr 1, 2025 09:41:12.155622959 CEST | 54704 | 23 | 192.168.2.13 | 213.62.46.246 |
Apr 1, 2025 09:41:12.183151960 CEST | 38064 | 23 | 192.168.2.13 | 149.219.194.158 |
Apr 1, 2025 09:41:12.203756094 CEST | 35692 | 23 | 192.168.2.13 | 109.7.79.41 |
Apr 1, 2025 09:41:12.210366964 CEST | 49804 | 23 | 192.168.2.13 | 206.215.173.153 |
Apr 1, 2025 09:41:12.215511084 CEST | 48072 | 23 | 192.168.2.13 | 199.57.122.64 |
Apr 1, 2025 09:41:12.225480080 CEST | 42422 | 23 | 192.168.2.13 | 129.247.171.52 |
Apr 1, 2025 09:41:12.231456041 CEST | 50366 | 23 | 192.168.2.13 | 112.249.18.61 |
Apr 1, 2025 09:41:12.239459038 CEST | 36366 | 23 | 192.168.2.13 | 96.179.233.183 |
Apr 1, 2025 09:41:12.246809006 CEST | 57412 | 23 | 192.168.2.13 | 146.40.239.218 |
Apr 1, 2025 09:41:12.252686024 CEST | 35844 | 23 | 192.168.2.13 | 48.112.235.132 |
Apr 1, 2025 09:41:12.263637066 CEST | 49312 | 23 | 192.168.2.13 | 188.98.241.185 |
Apr 1, 2025 09:41:13.084276915 CEST | 39384 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:15.100282907 CEST | 39384 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:19.260272980 CEST | 39384 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:23.173366070 CEST | 39432 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:24.188258886 CEST | 39432 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:26.204257011 CEST | 39432 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:30.268235922 CEST | 39432 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:39.187495947 CEST | 39434 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:40.192275047 CEST | 39434 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:42.204246998 CEST | 39434 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:46.396285057 CEST | 39434 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:55.201143026 CEST | 39436 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:56.224329948 CEST | 39436 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:41:58.236394882 CEST | 39436 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:02.268385887 CEST | 39436 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:11.213330030 CEST | 39438 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:12.224399090 CEST | 39438 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:14.236465931 CEST | 39438 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:18.396372080 CEST | 39438 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:27.233361006 CEST | 39440 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:28.252273083 CEST | 39440 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:30.272295952 CEST | 39440 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:34.524327040 CEST | 39440 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:43.249134064 CEST | 39442 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:44.252299070 CEST | 39442 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:46.268307924 CEST | 39442 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:50.400327921 CEST | 39442 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:42:59.261882067 CEST | 39444 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:43:00.288268089 CEST | 39444 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:43:02.300292015 CEST | 39444 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:43:06.528261900 CEST | 39444 | 34411 | 192.168.2.13 | 45.135.194.73 |
Apr 1, 2025 09:43:15.281017065 CEST | 39446 | 34411 | 192.168.2.13 | 45.135.194.73 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 1, 2025 09:41:11.796120882 CEST | 44761 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 1, 2025 09:41:11.970853090 CEST | 53 | 44761 | 8.8.8.8 | 192.168.2.13 |
Apr 1, 2025 09:41:23.078249931 CEST | 43987 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 1, 2025 09:41:23.172991037 CEST | 53 | 43987 | 8.8.8.8 | 192.168.2.13 |
Apr 1, 2025 09:41:34.181962967 CEST | 36933 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 1, 2025 09:41:50.195221901 CEST | 47103 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 1, 2025 09:42:06.211024046 CEST | 46119 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 1, 2025 09:42:22.227586031 CEST | 55657 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 1, 2025 09:42:38.247018099 CEST | 37583 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 1, 2025 09:42:54.259001970 CEST | 46240 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 1, 2025 09:43:10.275408983 CEST | 53305 | 53 | 192.168.2.13 | 8.8.8.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 1, 2025 09:41:11.796120882 CEST | 192.168.2.13 | 8.8.8.8 | 0xfb98 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 09:41:23.078249931 CEST | 192.168.2.13 | 8.8.8.8 | 0x6b92 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 09:41:34.181962967 CEST | 192.168.2.13 | 8.8.8.8 | 0x9dfa | Standard query (0) | 256 | 435 | false | |
Apr 1, 2025 09:41:50.195221901 CEST | 192.168.2.13 | 8.8.8.8 | 0xfe42 | Standard query (0) | 256 | 451 | false | |
Apr 1, 2025 09:42:06.211024046 CEST | 192.168.2.13 | 8.8.8.8 | 0xa92d | Standard query (0) | 256 | 467 | false | |
Apr 1, 2025 09:42:22.227586031 CEST | 192.168.2.13 | 8.8.8.8 | 0x1af9 | Standard query (0) | 256 | 483 | false | |
Apr 1, 2025 09:42:38.247018099 CEST | 192.168.2.13 | 8.8.8.8 | 0x9cfa | Standard query (0) | 256 | 499 | false | |
Apr 1, 2025 09:42:54.259001970 CEST | 192.168.2.13 | 8.8.8.8 | 0x266 | Standard query (0) | 256 | 259 | false | |
Apr 1, 2025 09:43:10.275408983 CEST | 192.168.2.13 | 8.8.8.8 | 0x20b3 | Standard query (0) | 256 | 275 | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 1, 2025 09:41:11.970853090 CEST | 8.8.8.8 | 192.168.2.13 | 0xfb98 | No error (0) | 45.135.194.73 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 09:41:23.172991037 CEST | 8.8.8.8 | 192.168.2.13 | 0x6b92 | No error (0) | 45.135.194.73 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 07:41:09 |
Start date (UTC): | 01/04/2025 |
Path: | /tmp/rep.ppc.elf |
Arguments: | /tmp/rep.ppc.elf |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:41:09 |
Start date (UTC): | 01/04/2025 |
Path: | /tmp/rep.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:41:09 |
Start date (UTC): | 01/04/2025 |
Path: | /tmp/rep.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:41:10 |
Start date (UTC): | 01/04/2025 |
Path: | /tmp/rep.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:41:10 |
Start date (UTC): | 01/04/2025 |
Path: | /tmp/rep.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:41:10 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/sbin/gdm3 |
Arguments: | - |
File size: | 453296 bytes |
MD5 hash: | 2492e2d8d34f9377e3e530a61a15674f |
Start time (UTC): | 07:41:10 |
Start date (UTC): | 01/04/2025 |
Path: | /etc/gdm3/PrimeOff/Default |
Arguments: | /etc/gdm3/PrimeOff/Default |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:41:10 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/sbin/gdm3 |
Arguments: | - |
File size: | 453296 bytes |
MD5 hash: | 2492e2d8d34f9377e3e530a61a15674f |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /etc/gdm3/PrimeOff/Default |
Arguments: | /etc/gdm3/PrimeOff/Default |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfwm4 |
Arguments: | xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5 |
File size: | 420424 bytes |
MD5 hash: | 59defa3c00cc30d85ed77b738d55e9da |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfdesktop |
Arguments: | xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528 |
File size: | 473520 bytes |
MD5 hash: | dfb13e1581f80065dcea16f2476f16f2 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740 |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfwm4 |
Arguments: | xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5 |
File size: | 420424 bytes |
MD5 hash: | 59defa3c00cc30d85ed77b738d55e9da |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfdesktop |
Arguments: | xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528 |
File size: | 473520 bytes |
MD5 hash: | dfb13e1581f80065dcea16f2476f16f2 |
Start time (UTC): | 07:41:11 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-session |
Arguments: | - |
File size: | 264752 bytes |
MD5 hash: | 648919f03ad356720c8c27f5aaaf75d1 |
Start time (UTC): | 07:41:12 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740 |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 07:41:21 |
Start date (UTC): | 01/04/2025 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 07:41:21 |
Start date (UTC): | 01/04/2025 |
Path: | /lib/systemd/systemd-user-runtime-dir |
Arguments: | /lib/systemd/systemd-user-runtime-dir stop 127 |
File size: | 22672 bytes |
MD5 hash: | d55f4b0847f88131dbcfb07435178e54 |