Edit tour
Linux
Analysis Report
na.elf
Overview
General Information
Detection
Mirai
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Detected Mirai
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528726 |
Start date and time: | 2024-10-08 09:57:39 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | na.elf |
Detection: | MAL |
Classification: | mal80.spre.troj.linELF@0/0@10/0 |
Command: | /tmp/na.elf |
PID: | 5488 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | listening to tun0 |
Standard Error: |
- system is lnxubuntu20
- udisksd New Fork (PID: 5526, Parent: 803)
- gnome-session-binary New Fork (PID: 5541, Parent: 1383)
- systemd New Fork (PID: 5554, Parent: 1)
- gnome-session-binary New Fork (PID: 5586, Parent: 1383)
- gnome-session-binary New Fork (PID: 5622, Parent: 1383)
- gvfsd-fuse New Fork (PID: 5625, Parent: 3147)
- xfce4-panel New Fork (PID: 5626, Parent: 3172)
- gnome-session-binary New Fork (PID: 5627, Parent: 1383)
- udisksd New Fork (PID: 5628, Parent: 803)
- xfce4-panel New Fork (PID: 5630, Parent: 3172)
- gnome-session-binary New Fork (PID: 5631, Parent: 1383)
- gnome-session-binary New Fork (PID: 5632, Parent: 1383)
- xfce4-panel New Fork (PID: 5633, Parent: 3172)
- gnome-session-binary New Fork (PID: 5636, Parent: 1383)
- systemd New Fork (PID: 5644, Parent: 1)
- xfce4-panel New Fork (PID: 5647, Parent: 3172)
- gnome-session-binary New Fork (PID: 5683, Parent: 1383)
- xfce4-panel New Fork (PID: 5684, Parent: 3172)
- gnome-session-binary New Fork (PID: 5685, Parent: 1383)
- xfce4-panel New Fork (PID: 5686, Parent: 3172)
- gnome-session-binary New Fork (PID: 5687, Parent: 1383)
- udisksd New Fork (PID: 5691, Parent: 803)
- gnome-session-binary New Fork (PID: 5692, Parent: 1383)
- systemd New Fork (PID: 5693, Parent: 1)
- gnome-session-binary New Fork (PID: 5731, Parent: 1383)
- gnome-session-binary New Fork (PID: 5732, Parent: 1383)
- gnome-session-binary New Fork (PID: 5733, Parent: 1383)
- systemd New Fork (PID: 5736, Parent: 1)
- systemd New Fork (PID: 5776, Parent: 1)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
⊘No yara matches
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T09:58:22.828372+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.14 | 36610 | 93.123.39.116 | 51511 | TCP |
2024-10-08T09:58:46.194946+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.14 | 36612 | 93.123.39.116 | 51511 | TCP |
2024-10-08T09:59:15.603480+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.14 | 36614 | 93.123.39.116 | 51511 | TCP |
2024-10-08T09:59:46.005596+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.14 | 36616 | 93.123.39.116 | 51511 | TCP |
2024-10-08T10:00:11.518643+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.14 | 36618 | 93.123.39.116 | 51511 | TCP |
2024-10-08T10:00:42.917793+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.14 | 36620 | 93.123.39.116 | 51511 | TCP |
2024-10-08T10:01:08.310326+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.14 | 36622 | 93.123.39.116 | 51511 | TCP |
2024-10-08T10:01:35.712575+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.14 | 36624 | 93.123.39.116 | 51511 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
System Summary |
---|
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Classification label: |
Persistence and Installation Behavior |
---|
Source: | File: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Remote Access Functionality |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | 1 Service Stop |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
55% | ReversingLabs | Linux.Backdoor.Mirai | ||
67% | Virustotal | Browse | ||
100% | Avira | LINUX/Mirai.bonb |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
15% | Virustotal | Browse |
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.25 | true | false |
| unknown |
fdh32fsdfhs.shop | 93.123.39.116 | true | true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
93.123.39.116 | fdh32fsdfhs.shop | Bulgaria | 43561 | NET1-ASBG | true |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
93.123.39.116 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
fdh32fsdfhs.shop | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NET1-ASBG | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.53996291498108 |
TrID: |
|
File name: | na.elf |
File size: | 68'944 bytes |
MD5: | a882500de497e282f4b6a80888a790b4 |
SHA1: | e1c6e00644359672a455c49207ded4780af3232d |
SHA256: | e3785343a1fbb0f87c29404ecbc9481b8df307d60a0a4e9605a3de08b316bff2 |
SHA512: | 1fc5f8e37321392d236032c6323d9e02ef7ad2d95068d8a9dfd9d79d5f7f5c650e388b49bccbd6075901ce8c15836fa77930cdafd59da352718bd755bb3ac987 |
SSDEEP: | 1536:vMwZvC6uCjZ05hPono851FmsZTNEpsaE8:vMwd0hFs1Ys8v |
TLSH: | B463B505BF914FB7DCAFDD330AA9170135CD645B12A93B3A7574C828B20A64F5AE3CA4 |
File Content Preview: | .ELF....................`.@.4...H.......4. ...(...............@...@...........................E...E.<...T-..........Q.td...............................<...'!......'.......................<h..'!... .........9'.. ........................<8..'!...........p.9 |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 68424 |
Section Header Size: | 40 |
Number of Section Headers: | 13 |
Header String Table Index: | 12 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x8c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x400120 | 0x120 | 0xe5c0 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x40e6e0 | 0xe6e0 | 0x5c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x40e740 | 0xe740 | 0x1a70 | 0x0 | 0x2 | A | 0 | 0 | 16 |
.ctors | PROGBITS | 0x4501b4 | 0x101b4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x4501bc | 0x101bc | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data.rel.ro | PROGBITS | 0x4501c8 | 0x101c8 | 0x84 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x450250 | 0x10250 | 0x3e0 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.got | PROGBITS | 0x450630 | 0x10630 | 0x4c0 | 0x4 | 0x10000003 | WAp | 0 | 0 | 16 |
.sbss | NOBITS | 0x450af0 | 0x10af0 | 0x24 | 0x0 | 0x10000003 | WAp | 0 | 0 | 4 |
.bss | NOBITS | 0x450b20 | 0x10af0 | 0x23e8 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.shstrtab | STRTAB | 0x0 | 0x10af0 | 0x56 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x101b0 | 0x101b0 | 5.5805 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x101b4 | 0x4501b4 | 0x4501b4 | 0x93c | 0x2d54 | 3.7926 | 0x6 | RW | 0x10000 | .ctors .dtors .data.rel.ro .data .got .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T09:58:22.828372+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.14 | 36610 | 93.123.39.116 | 51511 | TCP |
2024-10-08T09:58:46.194946+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.14 | 36612 | 93.123.39.116 | 51511 | TCP |
2024-10-08T09:59:15.603480+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.14 | 36614 | 93.123.39.116 | 51511 | TCP |
2024-10-08T09:59:46.005596+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.14 | 36616 | 93.123.39.116 | 51511 | TCP |
2024-10-08T10:00:11.518643+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.14 | 36618 | 93.123.39.116 | 51511 | TCP |
2024-10-08T10:00:42.917793+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.14 | 36620 | 93.123.39.116 | 51511 | TCP |
2024-10-08T10:01:08.310326+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.14 | 36622 | 93.123.39.116 | 51511 | TCP |
2024-10-08T10:01:35.712575+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.14 | 36624 | 93.123.39.116 | 51511 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 09:58:22.758518934 CEST | 36610 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:58:22.764693975 CEST | 51511 | 36610 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:58:22.764763117 CEST | 36610 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:58:22.828372002 CEST | 36610 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:58:22.833935976 CEST | 51511 | 36610 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:58:32.838226080 CEST | 36610 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:58:32.845666885 CEST | 51511 | 36610 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:58:44.178350925 CEST | 51511 | 36610 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:58:44.178680897 CEST | 36610 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:58:44.183630943 CEST | 51511 | 36610 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:58:46.189244032 CEST | 36612 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:58:46.194219112 CEST | 51511 | 36612 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:58:46.194278955 CEST | 36612 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:58:46.194946051 CEST | 36612 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:58:46.210359097 CEST | 51511 | 36612 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:59:07.585474014 CEST | 51511 | 36612 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:59:07.585699081 CEST | 36612 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:59:07.590965033 CEST | 51511 | 36612 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:59:15.597225904 CEST | 36614 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:59:15.602456093 CEST | 51511 | 36614 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:59:15.602535009 CEST | 36614 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:59:15.603480101 CEST | 36614 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:59:15.608589888 CEST | 51511 | 36614 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:59:36.987974882 CEST | 51511 | 36614 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:59:36.988187075 CEST | 36614 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:59:36.993146896 CEST | 51511 | 36614 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:59:45.998763084 CEST | 36616 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:59:46.004307032 CEST | 51511 | 36616 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:59:46.004398108 CEST | 36616 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:59:46.005595922 CEST | 36616 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:59:46.010490894 CEST | 51511 | 36616 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 09:59:56.012705088 CEST | 36616 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 09:59:56.019046068 CEST | 51511 | 36616 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:00:07.499871016 CEST | 51511 | 36616 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:00:07.500017881 CEST | 36616 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:00:07.504935980 CEST | 51511 | 36616 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:00:11.510166883 CEST | 36618 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:00:11.517982960 CEST | 51511 | 36618 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:00:11.518034935 CEST | 36618 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:00:11.518642902 CEST | 36618 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:00:11.527153015 CEST | 51511 | 36618 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:00:32.900610924 CEST | 51511 | 36618 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:00:32.901248932 CEST | 36618 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:00:32.906284094 CEST | 51511 | 36618 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:00:42.911581039 CEST | 36620 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:00:42.916841984 CEST | 51511 | 36620 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:00:42.916956902 CEST | 36620 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:00:42.917793036 CEST | 36620 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:00:42.922967911 CEST | 51511 | 36620 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:04.291912079 CEST | 51511 | 36620 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:04.292397022 CEST | 36620 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:04.297199965 CEST | 51511 | 36620 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:08.304080009 CEST | 36622 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:08.308901072 CEST | 51511 | 36622 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:08.309118986 CEST | 36622 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:08.310326099 CEST | 36622 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:08.315078974 CEST | 51511 | 36622 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:18.317287922 CEST | 36622 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:18.322257996 CEST | 51511 | 36622 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:29.694900990 CEST | 51511 | 36622 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:29.695025921 CEST | 36622 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:29.700601101 CEST | 51511 | 36622 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:35.705775023 CEST | 36624 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:35.711232901 CEST | 51511 | 36624 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:35.711353064 CEST | 36624 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:35.712574959 CEST | 36624 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:35.717993975 CEST | 51511 | 36624 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:57.119219065 CEST | 51511 | 36624 | 93.123.39.116 | 192.168.2.14 |
Oct 8, 2024 10:01:57.119368076 CEST | 36624 | 51511 | 192.168.2.14 | 93.123.39.116 |
Oct 8, 2024 10:01:57.124351025 CEST | 51511 | 36624 | 93.123.39.116 | 192.168.2.14 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 09:58:22.694572926 CEST | 43893 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 8, 2024 09:58:22.710113049 CEST | 53 | 43893 | 8.8.8.8 | 192.168.2.14 |
Oct 8, 2024 09:58:46.180700064 CEST | 35220 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 8, 2024 09:58:46.188838959 CEST | 53 | 35220 | 8.8.8.8 | 192.168.2.14 |
Oct 8, 2024 09:59:15.588506937 CEST | 34636 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 8, 2024 09:59:15.596597910 CEST | 53 | 34636 | 8.8.8.8 | 192.168.2.14 |
Oct 8, 2024 09:59:45.990648985 CEST | 52393 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 8, 2024 09:59:45.997972965 CEST | 53 | 52393 | 8.8.8.8 | 192.168.2.14 |
Oct 8, 2024 10:00:11.501512051 CEST | 47243 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 8, 2024 10:00:11.509799957 CEST | 53 | 47243 | 8.8.8.8 | 192.168.2.14 |
Oct 8, 2024 10:00:42.902417898 CEST | 52130 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 8, 2024 10:00:42.911021948 CEST | 53 | 52130 | 8.8.8.8 | 192.168.2.14 |
Oct 8, 2024 10:01:06.386904001 CEST | 41778 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 8, 2024 10:01:06.386987925 CEST | 34895 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 8, 2024 10:01:06.394989014 CEST | 53 | 34895 | 1.1.1.1 | 192.168.2.14 |
Oct 8, 2024 10:01:06.395488977 CEST | 53 | 41778 | 1.1.1.1 | 192.168.2.14 |
Oct 8, 2024 10:01:08.296124935 CEST | 47938 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 8, 2024 10:01:08.303317070 CEST | 53 | 47938 | 8.8.8.8 | 192.168.2.14 |
Oct 8, 2024 10:01:35.697181940 CEST | 49386 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 8, 2024 10:01:35.704791069 CEST | 53 | 49386 | 8.8.8.8 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 09:58:22.694572926 CEST | 192.168.2.14 | 8.8.8.8 | 0xdab4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 09:58:46.180700064 CEST | 192.168.2.14 | 8.8.8.8 | 0x9abc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 09:59:15.588506937 CEST | 192.168.2.14 | 8.8.8.8 | 0xae3e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 09:59:45.990648985 CEST | 192.168.2.14 | 8.8.8.8 | 0xa194 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:00:11.501512051 CEST | 192.168.2.14 | 8.8.8.8 | 0x2b47 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:00:42.902417898 CEST | 192.168.2.14 | 8.8.8.8 | 0x5388 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:01:06.386904001 CEST | 192.168.2.14 | 1.1.1.1 | 0x32b5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:01:06.386987925 CEST | 192.168.2.14 | 1.1.1.1 | 0x7ad3 | Standard query (0) | 28 | IN (0x0001) | false | |
Oct 8, 2024 10:01:08.296124935 CEST | 192.168.2.14 | 8.8.8.8 | 0x1900 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:01:35.697181940 CEST | 192.168.2.14 | 8.8.8.8 | 0xffc0 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 09:58:22.710113049 CEST | 8.8.8.8 | 192.168.2.14 | 0xdab4 | No error (0) | 93.123.39.116 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 09:58:46.188838959 CEST | 8.8.8.8 | 192.168.2.14 | 0x9abc | No error (0) | 93.123.39.116 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 09:59:15.596597910 CEST | 8.8.8.8 | 192.168.2.14 | 0xae3e | No error (0) | 93.123.39.116 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 09:59:45.997972965 CEST | 8.8.8.8 | 192.168.2.14 | 0xa194 | No error (0) | 93.123.39.116 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 10:00:11.509799957 CEST | 8.8.8.8 | 192.168.2.14 | 0x2b47 | No error (0) | 93.123.39.116 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 10:00:42.911021948 CEST | 8.8.8.8 | 192.168.2.14 | 0x5388 | No error (0) | 93.123.39.116 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 10:01:06.395488977 CEST | 1.1.1.1 | 192.168.2.14 | 0x32b5 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 10:01:06.395488977 CEST | 1.1.1.1 | 192.168.2.14 | 0x32b5 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 10:01:08.303317070 CEST | 8.8.8.8 | 192.168.2.14 | 0x1900 | No error (0) | 93.123.39.116 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 10:01:35.704791069 CEST | 8.8.8.8 | 192.168.2.14 | 0xffc0 | No error (0) | 93.123.39.116 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 07:58:21 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | /tmp/na.elf |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 07:58:21 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 07:58:21 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 07:58:21 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/udisks2/udisksd |
Arguments: | - |
File size: | 483056 bytes |
MD5 hash: | 1d7ae439cc3d82fa6b127671ce037a24 |
Start time (UTC): | 07:58:21 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/dumpe2fs |
Arguments: | dumpe2fs -h /dev/dm-0 |
File size: | 31112 bytes |
MD5 hash: | 5c66f7d8f7681a40562cf049ad4b72b4 |
Start time (UTC): | 07:58:21 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:21 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-sharing |
Arguments: | /usr/libexec/gsd-sharing |
File size: | 35424 bytes |
MD5 hash: | e29d9025d98590fbb69f89fdbd4438b3 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/upower/upowerd |
Arguments: | /usr/lib/upower/upowerd |
File size: | 260328 bytes |
MD5 hash: | 1253eea2fe5fe4017069664284e326cd |
Start time (UTC): | 07:58:21 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:21 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-wacom |
Arguments: | /usr/libexec/gsd-wacom |
File size: | 39520 bytes |
MD5 hash: | 13778dd1a23a4e94ddc17ac9caa4fcc1 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-color |
Arguments: | /usr/libexec/gsd-color |
File size: | 92832 bytes |
MD5 hash: | ac2861ad93ce047283e8e87cefef9a19 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gvfsd-fuse |
Arguments: | - |
File size: | 47632 bytes |
MD5 hash: | d18fbf1cbf8eb57b17fac48b7b4be933 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/fusermount |
Arguments: | fusermount -u -q -z -- /run/user/1000/gvfs |
File size: | 39144 bytes |
MD5 hash: | 576a1b135c82bdcbc97a91acea900566 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-keyboard |
Arguments: | /usr/libexec/gsd-keyboard |
File size: | 39760 bytes |
MD5 hash: | 8e288fd17c80bb0a1148b964b2ac2279 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/udisks2/udisksd |
Arguments: | - |
File size: | 483056 bytes |
MD5 hash: | 1d7ae439cc3d82fa6b127671ce037a24 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/dumpe2fs |
Arguments: | dumpe2fs -h /dev/dm-0 |
File size: | 31112 bytes |
MD5 hash: | 5c66f7d8f7681a40562cf049ad4b72b4 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-print-notifications |
Arguments: | /usr/libexec/gsd-print-notifications |
File size: | 51840 bytes |
MD5 hash: | 71539698aa691718cee775d6b9450ae2 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-rfkill |
Arguments: | /usr/libexec/gsd-rfkill |
File size: | 51808 bytes |
MD5 hash: | 88a16a3c0aba1759358c06215ecfb5cc |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-smartcard |
Arguments: | /usr/libexec/gsd-smartcard |
File size: | 109152 bytes |
MD5 hash: | ea1fbd7f62e4cd0331eae2ef754ee605 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/upower/upowerd |
Arguments: | /usr/lib/upower/upowerd |
File size: | 260328 bytes |
MD5 hash: | 1253eea2fe5fe4017069664284e326cd |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-datetime |
Arguments: | /usr/libexec/gsd-datetime |
File size: | 76736 bytes |
MD5 hash: | d80d39745740de37d6634d36e344d4bc |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:22 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-media-keys |
Arguments: | /usr/libexec/gsd-media-keys |
File size: | 232936 bytes |
MD5 hash: | a425448c135afb4b8bfd79cc0b6b74da |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-screensaver-proxy |
Arguments: | /usr/libexec/gsd-screensaver-proxy |
File size: | 27232 bytes |
MD5 hash: | 77e309450c87dceee43f1a9e50cc0d02 |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/udisks2/udisksd |
Arguments: | - |
File size: | 483056 bytes |
MD5 hash: | 1d7ae439cc3d82fa6b127671ce037a24 |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/dumpe2fs |
Arguments: | dumpe2fs -h /dev/dm-0 |
File size: | 31112 bytes |
MD5 hash: | 5c66f7d8f7681a40562cf049ad4b72b4 |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-sound |
Arguments: | /usr/libexec/gsd-sound |
File size: | 31248 bytes |
MD5 hash: | 4c7d3fb993463337b4a0eb5c80c760ee |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/upower/upowerd |
Arguments: | /usr/lib/upower/upowerd |
File size: | 260328 bytes |
MD5 hash: | 1253eea2fe5fe4017069664284e326cd |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-a11y-settings |
Arguments: | /usr/libexec/gsd-a11y-settings |
File size: | 23056 bytes |
MD5 hash: | 18e243d2cf30ecee7ea89d1462725c5c |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-housekeeping |
Arguments: | /usr/libexec/gsd-housekeeping |
File size: | 51840 bytes |
MD5 hash: | b55f3394a84976ddb92a2915e5d76914 |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-power |
Arguments: | /usr/libexec/gsd-power |
File size: | 88672 bytes |
MD5 hash: | 28b8e1b43c3e7f1db6741ea1ecd978b7 |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 07:58:23 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/upower/upowerd |
Arguments: | /usr/lib/upower/upowerd |
File size: | 260328 bytes |
MD5 hash: | 1253eea2fe5fe4017069664284e326cd |
Start time (UTC): | 07:58:24 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 07:58:24 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/upower/upowerd |
Arguments: | /usr/lib/upower/upowerd |
File size: | 260328 bytes |
MD5 hash: | 1253eea2fe5fe4017069664284e326cd |