Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
SecuriteInfo.com.Other.Malware-gen.28386.14039.elf

Overview

General Information

Sample name:SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
Analysis ID:1431160
MD5:9a4b31bbe2531de5ee31762e22460094
SHA1:6eb94df6023a850fb70c0719428740407015712f
SHA256:c9e62e041871b6a8be78ea685ec57d50e6b7006955cd2268c5413828958aa2fe
Tags:elf
Infos:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Executes itself again with its parent PID as an argument (indicative of hampering debugging)
Executes the "crontab" command typically for achieving persistence
Performs DNS TXT record lookups
Performs DNS queries to domains with low reputation
Sample tries to persist itself using System V runlevels
Sample tries to persist itself using cron
Sample tries to set files in /etc globally writable
Tries to resolve many domain names, but no domain seems valid
Uses dynamic DNS services
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Executes commands using a shell command-line interpreter
Executes the "systemctl" command used for controlling the systemd system and service manager
Sample and/or dropped files contains symbols with suspicious names
Sample contains only a LOAD segment without any section mappings
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes shell script file to disk with an unusual file extension

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431160
Start date and time:2024-04-24 16:35:46 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 58s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
Detection:MAL
Classification:mal100.troj.evad.linELF@0/8@18/0
  • VT rate limit hit for: SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
Command:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
PID:5527
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
goodluck
Standard Error:
  • system is lnxubuntu20
  • SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5527, Parent: 5452, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
    • cp (PID: 5529, Parent: 5527, MD5: 40f10ae7ea3e44218d1a8c306f79c83f) Arguments: cp -f /usr/bin/qemu-mipsel /var/tmp/nginx_kel
    • sh (PID: 5531, Parent: 5527, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "mount -o bind /tmp/nginx_server /proc/5527/ > /dev/null 2>&1"
      • sh New Fork (PID: 5533, Parent: 5531)
      • mount (PID: 5533, Parent: 5531, MD5: 92b20aa8b155ecd3ba9414aa477ef565) Arguments: mount -o bind /tmp/nginx_server /proc/5527/
    • SecuriteInfo.com.Other.Malware-gen.28386.14039.elf New Fork (PID: 5542, Parent: 5527)
      • SecuriteInfo.com.Other.Malware-gen.28386.14039.elf New Fork (PID: 5556, Parent: 5542)
        • sh (PID: 5563, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rcS.d/S99dnsconfig > /dev/null 2>&1"
          • sh New Fork (PID: 5586, Parent: 5563)
          • ln (PID: 5586, Parent: 5563, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/init.d/dnsconfig /etc/rcS.d/S99dnsconfig
        • sh (PID: 5589, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc.d/S99dnsconfig > /dev/null 2>&1"
          • sh New Fork (PID: 5613, Parent: 5589)
          • ln (PID: 5613, Parent: 5589, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/init.d/dnsconfig /etc/rc.d/S99dnsconfig
        • sh (PID: 5617, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc0.d/S99dnsconfig > /dev/null 2>&1"
          • sh New Fork (PID: 5619, Parent: 5617)
          • ln (PID: 5619, Parent: 5617, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/init.d/dnsconfig /etc/rc0.d/S99dnsconfig
        • sh (PID: 5620, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc1.d/S99dnsconfig > /dev/null 2>&1"
          • sh New Fork (PID: 5633, Parent: 5620)
          • ln (PID: 5633, Parent: 5620, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/init.d/dnsconfig /etc/rc1.d/S99dnsconfig
        • sh (PID: 5636, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc2.d/S99dnsconfig > /dev/null 2>&1"
          • sh New Fork (PID: 5641, Parent: 5636)
          • ln (PID: 5641, Parent: 5636, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/init.d/dnsconfig /etc/rc2.d/S99dnsconfig
        • sh (PID: 5642, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc3.d/S99dnsconfig > /dev/null 2>&1"
          • sh New Fork (PID: 5645, Parent: 5642)
          • ln (PID: 5645, Parent: 5642, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/init.d/dnsconfig /etc/rc3.d/S99dnsconfig
        • sh (PID: 5646, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc4.d/S99dnsconfig > /dev/null 2>&1"
          • sh New Fork (PID: 5648, Parent: 5646)
          • ln (PID: 5648, Parent: 5646, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/init.d/dnsconfig /etc/rc4.d/S99dnsconfig
        • sh (PID: 5649, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc5.d/S99dnsconfig > /dev/null 2>&1"
          • sh New Fork (PID: 5651, Parent: 5649)
          • ln (PID: 5651, Parent: 5649, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/init.d/dnsconfig /etc/rc5.d/S99dnsconfig
        • sh (PID: 5652, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc6.d/S99dnsconfig > /dev/null 2>&1"
          • sh New Fork (PID: 5654, Parent: 5652)
          • ln (PID: 5654, Parent: 5652, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/init.d/dnsconfig /etc/rc6.d/S99dnsconfig
        • sh (PID: 5655, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc.d/S99dnsconfigs > /dev/null 2>&1"
          • sh New Fork (PID: 5659, Parent: 5655)
          • ln (PID: 5659, Parent: 5655, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc.d/S99dnsconfigs
        • sh (PID: 5664, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc0.d/S99dnsconfigs > /dev/null 2>&1"
          • sh New Fork (PID: 5667, Parent: 5664)
          • ln (PID: 5667, Parent: 5664, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc0.d/S99dnsconfigs
        • sh (PID: 5688, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc1.d/S99dnsconfigs > /dev/null 2>&1"
          • sh New Fork (PID: 5690, Parent: 5688)
          • ln (PID: 5690, Parent: 5688, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc1.d/S99dnsconfigs
        • sh (PID: 5691, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc2.d/S99dnsconfigs > /dev/null 2>&1"
          • sh New Fork (PID: 5693, Parent: 5691)
          • ln (PID: 5693, Parent: 5691, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc2.d/S99dnsconfigs
        • sh (PID: 5694, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc3.d/S99dnsconfigs > /dev/null 2>&1"
          • sh New Fork (PID: 5696, Parent: 5694)
          • ln (PID: 5696, Parent: 5694, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc3.d/S99dnsconfigs
        • sh (PID: 5697, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc4.d/S99dnsconfigs > /dev/null 2>&1"
          • sh New Fork (PID: 5699, Parent: 5697)
          • ln (PID: 5699, Parent: 5697, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc4.d/S99dnsconfigs
        • sh (PID: 5700, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc5.d/S99dnsconfigs > /dev/null 2>&1"
          • sh New Fork (PID: 5702, Parent: 5700)
          • ln (PID: 5702, Parent: 5700, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc5.d/S99dnsconfigs
        • sh (PID: 5703, Parent: 5556, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc6.d/S99dnsconfigs > /dev/null 2>&1"
          • sh New Fork (PID: 5705, Parent: 5703)
          • ln (PID: 5705, Parent: 5703, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc6.d/S99dnsconfigs
      • sh (PID: 5560, Parent: 5542, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "crontab /var/tmp/.recoverys"
        • sh New Fork (PID: 5584, Parent: 5560)
        • crontab (PID: 5584, Parent: 5560, MD5: 66e521d421ac9b407699061bf21806f5) Arguments: crontab /var/tmp/.recoverys
      • sh (PID: 5611, Parent: 5542, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl daemon-reload > /dev/null 2>&1"
        • sh New Fork (PID: 5614, Parent: 5611)
        • systemctl (PID: 5614, Parent: 5611, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
      • sh (PID: 5639, Parent: 5542, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl enable dnsconfigs.service > /dev/null 2>&1"
        • sh New Fork (PID: 5644, Parent: 5639)
        • systemctl (PID: 5644, Parent: 5639, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable dnsconfigs.service
      • sh (PID: 5661, Parent: 5542, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl start dnsconfigs.service > /dev/null 2>&1"
        • sh New Fork (PID: 5663, Parent: 5661)
        • systemctl (PID: 5663, Parent: 5661, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start dnsconfigs.service
  • udisksd New Fork (PID: 5543, Parent: 803)
  • dumpe2fs (PID: 5543, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • udisksd New Fork (PID: 5588, Parent: 803)
  • dumpe2fs (PID: 5588, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • udisksd New Fork (PID: 5616, Parent: 803)
  • dumpe2fs (PID: 5616, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • systemd New Fork (PID: 5635, Parent: 5634)
  • snapd-env-generator (PID: 5635, Parent: 5634, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 5658, Parent: 5657)
  • snapd-env-generator (PID: 5658, Parent: 5657, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 5668, Parent: 1)
  • systemd New Fork (PID: 5755, Parent: 1)
  • nginx_kel (PID: 5755, Parent: 1, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /var/tmp/nginx_kel sv
  • systemd New Fork (PID: 5799, Parent: 1)
  • nginx_kel (PID: 5799, Parent: 1, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /var/tmp/nginx_kel sv
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
5556.1.00007f2948400000.00007f294848f000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    5542.1.00007f2948400000.00007f294848f000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      5527.1.00007f2948400000.00007f294848f000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
        5604.1.00007f2948400000.00007f294848f000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
          No Snort rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: SecuriteInfo.com.Other.Malware-gen.28386.14039.elfAvira: detected
          Source: SecuriteInfo.com.Other.Malware-gen.28386.14039.elfReversingLabs: Detection: 44%

          Networking

          barindex
          Source: global trafficTCP traffic: 147.78.12.176 ports 0,1,2,24150,4,5
          Source: DNS query: 60da859e8a.xyz
          Source: unknownDNS traffic detected: query: 60da859e8a.ignorelist.com replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.xyz replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.websersaiosnginxo.ru replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.strangled.net replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.ddnsfree.com replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.mooo.com replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.nl replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.ru replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.chickenkiller.com replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.adminpanel.oss replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.geek replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.oss replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.accesscam.org replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.duckdns.org replaycode: Name error (3)
          Source: unknownDNS traffic detected: query: 60da859e8a.casacam.net replaycode: Name error (3)
          Source: unknownDNS query: name: 60da859e8a.admincs.duckdns.org
          Source: unknownDNS query: name: 60da859e8a.duckdns.org
          Source: global trafficTCP traffic: 192.168.2.15:36680 -> 147.78.12.176:24150
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: unknownTCP traffic detected without corresponding DNS query: 147.78.12.176
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.dontargetme.nl
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.websersaiosnginxo.ru
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.adminpanel.oss
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.admincs.duckdns.org
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.session.geek
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.duckdns.org
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.geek
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.oss
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.chickenkiller.com
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.accesscam.org
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.casacam.net
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.ddnsfree.com
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.mooo.com
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.strangled.net
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.ignorelist.com
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.ru
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.nl
          Source: global trafficDNS traffic detected: DNS query: 60da859e8a.xyz
          Source: nginx_kel.16.drString found in binary or memory: https://qemu.org
          Source: nginx_kel.16.drString found in binary or memory: https://qemu.org/contribute/report-a-bug
          Source: nginx_kel.16.drELF static info symbol of dropped file: QMPCapability_lookup
          Source: LOAD without section mappingsProgram segment: 0x400000
          Source: classification engineClassification label: mal100.troj.evad.linELF@0/8@18/0

          Persistence and Installation Behavior

          barindex
          Source: /bin/sh (PID: 5584)Crontab executable: /usr/bin/crontab -> crontab /var/tmp/.recoverysJump to behavior
          Source: /usr/bin/ln (PID: 5586)File: /etc/rcS.d/S99dnsconfig -> /etc/init.d/dnsconfigJump to behavior
          Source: /usr/bin/ln (PID: 5613)File: /etc/rc.d/S99dnsconfig -> /etc/init.d/dnsconfigJump to behavior
          Source: /usr/bin/ln (PID: 5619)File: /etc/rc0.d/S99dnsconfig -> /etc/init.d/dnsconfigJump to behavior
          Source: /usr/bin/ln (PID: 5633)File: /etc/rc1.d/S99dnsconfig -> /etc/init.d/dnsconfigJump to behavior
          Source: /usr/bin/ln (PID: 5641)File: /etc/rc2.d/S99dnsconfig -> /etc/init.d/dnsconfigJump to behavior
          Source: /usr/bin/ln (PID: 5645)File: /etc/rc3.d/S99dnsconfig -> /etc/init.d/dnsconfigJump to behavior
          Source: /usr/bin/ln (PID: 5648)File: /etc/rc4.d/S99dnsconfig -> /etc/init.d/dnsconfigJump to behavior
          Source: /usr/bin/ln (PID: 5651)File: /etc/rc5.d/S99dnsconfig -> /etc/init.d/dnsconfigJump to behavior
          Source: /usr/bin/ln (PID: 5654)File: /etc/rc6.d/S99dnsconfig -> /etc/init.d/dnsconfigJump to behavior
          Source: /usr/bin/ln (PID: 5659)File: /etc/rc.d/S99dnsconfigs -> /etc/rc.d/init.d/dnsconfigsJump to behavior
          Source: /usr/bin/ln (PID: 5667)File: /etc/rc0.d/S99dnsconfigs -> /etc/rc.d/init.d/dnsconfigsJump to behavior
          Source: /usr/bin/ln (PID: 5690)File: /etc/rc1.d/S99dnsconfigs -> /etc/rc.d/init.d/dnsconfigsJump to behavior
          Source: /usr/bin/ln (PID: 5693)File: /etc/rc2.d/S99dnsconfigs -> /etc/rc.d/init.d/dnsconfigsJump to behavior
          Source: /usr/bin/ln (PID: 5696)File: /etc/rc3.d/S99dnsconfigs -> /etc/rc.d/init.d/dnsconfigsJump to behavior
          Source: /usr/bin/ln (PID: 5699)File: /etc/rc4.d/S99dnsconfigs -> /etc/rc.d/init.d/dnsconfigsJump to behavior
          Source: /usr/bin/ln (PID: 5702)File: /etc/rc5.d/S99dnsconfigs -> /etc/rc.d/init.d/dnsconfigsJump to behavior
          Source: /usr/bin/ln (PID: 5705)File: /etc/rc6.d/S99dnsconfigs -> /etc/rc.d/init.d/dnsconfigsJump to behavior
          Source: /usr/bin/crontab (PID: 5584)File: /var/spool/cron/crontabs/tmp.az8YirJump to behavior
          Source: /usr/bin/crontab (PID: 5584)File: /var/spool/cron/crontabs/rootJump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5556)File: /etc/init.d/dnsconfig (bits: - usr: rx grp: rx all: rwx)Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5542)File: /var/tmp/.recoverysJump to behavior
          Source: /usr/bin/crontab (PID: 5584)Directory: /var/tmp/.recoverysJump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5531)Shell command executed: sh -c "mount -o bind /tmp/nginx_server /proc/5527/ > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5563)Shell command executed: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rcS.d/S99dnsconfig > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5589)Shell command executed: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc.d/S99dnsconfig > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5617)Shell command executed: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc0.d/S99dnsconfig > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5620)Shell command executed: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc1.d/S99dnsconfig > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5636)Shell command executed: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc2.d/S99dnsconfig > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5642)Shell command executed: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc3.d/S99dnsconfig > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5646)Shell command executed: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc4.d/S99dnsconfig > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5649)Shell command executed: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc5.d/S99dnsconfig > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5652)Shell command executed: sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc6.d/S99dnsconfig > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5655)Shell command executed: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc.d/S99dnsconfigs > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5664)Shell command executed: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc0.d/S99dnsconfigs > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5688)Shell command executed: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc1.d/S99dnsconfigs > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5691)Shell command executed: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc2.d/S99dnsconfigs > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5694)Shell command executed: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc3.d/S99dnsconfigs > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5697)Shell command executed: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc4.d/S99dnsconfigs > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5700)Shell command executed: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc5.d/S99dnsconfigs > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5703)Shell command executed: sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc6.d/S99dnsconfigs > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5560)Shell command executed: sh -c "crontab /var/tmp/.recoverys"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5611)Shell command executed: sh -c "systemctl daemon-reload > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5639)Shell command executed: sh -c "systemctl enable dnsconfigs.service > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5661)Shell command executed: sh -c "systemctl start dnsconfigs.service > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5562)Shell command executed: sh -c "mount -o bind /tmp/nginx_server /proc/5558/ > /dev/null 2>&1"Jump to behavior
          Source: /bin/sh (PID: 5614)Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reloadJump to behavior
          Source: /bin/sh (PID: 5644)Systemctl executable: /usr/bin/systemctl -> systemctl enable dnsconfigs.serviceJump to behavior
          Source: /bin/sh (PID: 5663)Systemctl executable: /usr/bin/systemctl -> systemctl start dnsconfigs.serviceJump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5542)File: /var/tmp/nginx_kel (bits: - usr: rx grp: rx all: rwx)Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5556)File: /etc/init.d/dnsconfig (bits: - usr: rx grp: rx all: rwx)Jump to behavior
          Source: /bin/cp (PID: 5529)File written: /var/tmp/nginx_kelJump to dropped file
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5556)Writes shell script file to disk with an unusual file extension: /etc/init.d/dnsconfigJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5556)File: /etc/init.d/dnsconfigJump to dropped file
          Source: SecuriteInfo.com.Other.Malware-gen.28386.14039.elfSubmission file: segment LOAD with 7.6377 entropy (max. 8.0)
          Source: SecuriteInfo.com.Other.Malware-gen.28386.14039.elfSubmission file: segment LOAD with 7.7624 entropy (max. 8.0)
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5527)Queries kernel information via 'uname': Jump to behavior
          Source: /var/tmp/nginx_kel (PID: 5755)Queries kernel information via 'uname': Jump to behavior
          Source: /var/tmp/nginx_kel (PID: 5799)Queries kernel information via 'uname': Jump to behavior
          Source: nginx_kel.16.drBinary or memory string: qemu_dcache_linesize_log
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_set_defaults
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_MEMALIGN_DSTATE
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/include/hw/core/cpu.hError: Bad gdb register numbering for '%s', expected %d got %d%d@%zu.%06zu:gdbstub_op_exiting notifying exit with code=0x%02x
          Source: nginx_kel.16.drBinary or memory string: qemu_thread_naming
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_foreach
          Source: nginx_kel.16.drBinary or memory string: qemu_getauxval
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_size_del
          Source: nginx_kel.16.drBinary or memory string: qemu_free_stack
          Source: nginx_kel.16.drBinary or memory string: qemu_free_irqs
          Source: nginx_kel.16.drBinary or memory string: qemu_devices_reset
          Source: nginx_kel.16.drBinary or memory string: qemu_file_monitor_dispatch
          Source: nginx_kel.16.drBinary or memory string: qemu_sem_timedwait
          Source: nginx_kel.16.drBinary or memory string: qemu_set_option
          Source: nginx_kel.16.drBinary or memory string: qemu_trace_opts
          Source: nginx_kel.16.drBinary or memory string: qemu_dup
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_REMOVE_WATCH_DSTATE
          Source: nginx_kel.16.drBinary or memory string: get_prop_pcielinkwidthset_prop_pcielinkwidthget_prop_pcielinkspeedset_prop_pcielinkspeedcreate_link_propertyget_sizeset_sizeqdev_prop_check_globalsqdev_prop_set_ptrqdev_prop_finderror_set_from_qdev_prop_errorset_prop_arraylenset_prop_arraylenget_uuidset_uuidget_pci_host_devaddrget_pci_host_devaddrset_pci_host_devaddrset_blocksizeset_pci_devfnget_enumset_enumget_macset_macget_stringset_stringrelease_stringget_int64set_int64get_uint64set_uint64get_int32set_int32get_uint32set_uint32get_uint16set_uint16get_uint8set_uint8get_boolset_boolprop_get_bit64qdev_get_prop_mask64prop_set_bit64prop_get_bitqdev_get_prop_maskprop_set_bitqdev_prop_allow_set_link_before_realizeqdev_prop_set_after_realize/build/qemu-rbeYHu/qemu-4.2/hw/core/bus.c%s.%dbus == sysbus_get_default()hotplug-handlerbus->parentbus_get_realizedbus_set_realizedqbus_initfnqbus_finalizebus_unparentbus_unparentbus_class_initqbus_createqbus_realizeqbus_realize/build/qemu-rbeYHu/qemu-4.2/hw/core/irq.cqemu_allocate_irq/build/qemu-rbeYHu/qemu-4.2/hw/core/hotplug.chotplug_handler_unplughotplug_handler_unplug_requesthotplug_handler_plughotplug_handler_pre_plug/build/qemu-rbeYHu/qemu-4.2/hw/core/cpu.cObtaining memory mappings is unsupported on this CPU.Expected key=value format, found %s.%d@%zu.%06zu:guest_cpu_reset cpu=%p
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/tcg/tcg-op-gvec.coprsz % 8 == 0 && oprsz <= (8 << SIMD_OPRSZ_BITS)maxsz % 8 == 0 && maxsz <= (8 << SIMD_MAXSZ_BITS)data == sextract32(data, 0, SIMD_DATA_BITS)vece <= (in_32 ? MO_32 : MO_64)in_32 == NULL || in_64 == NULLg->fno != NULLfn != NULLtcg_gen_gvec_cmptcg_gen_gvec_cmp
          Source: nginx_kel.16.drBinary or memory string: qemu_guest_getrandom
          Source: nginx_kel.16.drBinary or memory string: qemu_config_write
          Source: nginx_kel.16.drBinary or memory string: usage: qemu-mipsel [options] program [arguments...]
          Source: nginx_kel.16.drBinary or memory string: /usr/lib/x86_64-linux-gnu/qemu
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/qemu-thread-posix.c
          Source: nginx_kel.16.drBinary or memory string: qemu_rec_mutex_lock_func
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/target/mips/gdbstub.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/qjson.c
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_free
          Source: SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5527.1.00005572fb41f000.00005572fb4a6000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5542.1.00005572fb41f000.00005572fb4a6000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5556.1.00005572fb41f000.00005572fb4a6000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5604.1.00005572fb41f000.00005572fb4a6000.rw-.sdmp, systemd, 5755.1.0000557e04df3000.0000557e04e35000.rw-.sdmp, nginx_kel, 5755.1.0000557e04df3000.0000557e04e35000.rw-.sdmp, systemd, 5799.1.0000564a7bfd5000.0000564a7c017000.rw-.sdmp, nginx_kel, 5799.1.0000564a7bfd5000.0000564a7c017000.rw-.sdmp, nginx_kel.16.drBinary or memory string: /etc/qemu-binfmt/mipsel
          Source: nginx_kel.16.drBinary or memory string: qemu_ld_i32
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_UNLOCK_RETURN_DSTATE
          Source: SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5527.1.00007ffd1f259000.00007ffd1f27a000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5542.1.00007ffd1f259000.00007ffd1f27a000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5556.1.00007ffd1f259000.00007ffd1f27a000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5604.1.00007ffd1f259000.00007ffd1f27a000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
          Source: nginx_kel.16.drBinary or memory string: qemu_glog_domains == NULL
          Source: nginx_kel.16.drBinary or memory string: opt->desc && opt->desc->type == QEMU_OPT_BOOL
          Source: nginx_kel.16.drBinary or memory string: *errp == NULL%s: %sCould not open '%s'errp && *errperror_free_or_aborterror_append_hinterror_setv%s:%d:warning: info: !loc->prevcur_loc == loc && loc->prevprintedqemu_glog_domains == NULLG_MESSAGES_DEBUG/build/qemu-rbeYHu/qemu-4.2/util/qemu-error.cfname || cur_loc->kind == LOC_FILEerror_initwarn_report_once_conderror_report_once_condloc_set_fileloc_restoreloc_poploc_push_restoreThere is no option group '%s' %s = "%s"
          Source: nginx_kel.16.drBinary or memory string: qemu_try_memalign
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/tcg/optimize.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/linux-user/signal.c%d@%zu.%06zu:user_queue_signal env=%p signal %d
          Source: nginx_kel.16.drBinary or memory string: complete tracesqemu_set_dfilter_rangesqemu_set_log_filenameqemu_set_lognew->n_buckets != old->n_buckets/build/qemu-rbeYHu/qemu-4.2/util/qht.cqht_do_resize_resetqht_init
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_MUTEX_LOCK_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_cond_timedwait_impl
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_from_qdict
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/accel/tcg/cpu-exec.cTrace %d: %p [%08x/%08x/%#x] %s
          Source: nginx_kel.16.drBinary or memory string: qemu: %s: %s
          Source: nginx_kel.16.drBinary or memory string: qemu_file_monitor_enable_watch
          Source: nginx_kel.16.drBinary or memory string: qemu_allocate_irqs
          Source: nginx_kel.16.drBinary or memory string: qemu_set_tty_echo
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_ANON_RAM_FREE_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_vfprintf
          Source: nginx_kel.16.drBinary or memory string: qemu_print_log_usage
          Source: nginx_kel.16.drBinary or memory string: qemu_pipe
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/fpu/softfloat-specialize.inc.c
          Source: nginx_kel.16.drBinary or memory string: qemu_str_to_log_mask
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_size
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_DISPATCH_DSTATE
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_MUTEX_LOCK_DSTATE
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/qht.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/mmap-alloc.c
          Source: SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5527.1.00007ffd1f259000.00007ffd1f27a000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5542.1.00007ffd1f259000.00007ffd1f27a000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5556.1.00007ffd1f259000.00007ffd1f27a000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5604.1.00007ffd1f259000.00007ffd1f27a000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel
          Source: nginx_kel.16.drBinary or memory string: qemu_sem_destroy
          Source: nginx_kel.16.drBinary or memory string: qemu.sstep
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_MUTEX_LOCKED_EVENT
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_UNLOCK_RETURN_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_init_exec_dir
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_FIND_MAPPING_DSTATE
          Source: nginx_kel.16.drBinary or memory string: QEMU_AES_set_encrypt_key
          Source: nginx_kel.16.drBinary or memory string: qemu_strnlen
          Source: nginx_kel.16.drBinary or memory string: in_asmop_optop_indfpulog MMU-related activitiespcallunimpguest_errorspagenochainInvalid number to the left of %.*s/build/qemu-rbeYHu/qemu-4.2/util/log.cInvalid number to the right of %.*sshow generated host assembly code for each compiled TBtrace:PATTERN enable trace events
          Source: nginx_kel.16.drBinary or memory string: !err != !*obj!(err && *list)uint8_tuint16_tuint32_tobj && lookupInvalid parameter '%s'/build/qemu-rbeYHu/qemu-4.2/qapi/qapi-visit-core.cv->type != VISITOR_OUTPUT || v->complete%d@%zu.%06zu:visit_complete v=%p opaque=%p
          Source: nginx_kel.16.drBinary or memory string: qemu_config_parse_qdict
          Source: nginx_kel.16.drBinary or memory string: %d@%zu.%06zu:qemu_mutex_lock waiting on mutex %p (%s:%d)
          Source: nginx_kel.16.drBinary or memory string: Unknown QEMU_IFLA_BR type %d
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_del
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_number_helper
          Source: nginx_kel.16.drBinary or memory string: MbP?/build/qemu-rbeYHu/qemu-4.2/util/range.c
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_unset
          Source: nginx_kel.16.drBinary or memory string: qemu_guest_random_seed_main
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_to_qdict_filtered
          Source: nginx_kel.16.drBinary or memory string: cpu_common_initfncpu_common_parse_featurescpu_common_parse_featurescpu_common_resetcpu_common_get_memory_mappingcpu_common_realizefncpu_class_initcpu_class_by_namecpu_class_by_namecpu_resetcpu_dump_statisticscpu_dump_statecpu_get_crash_infocpu_write_elf64_notecpu_write_elf64_qemunotecpu_write_elf32_notecpu_write_elf32_qemunotecpu_get_memory_mappingcpu_paging_enabledcpu_by_arch_idinfo->name != NULL!enumerating_typeschild<tm_yeartm_montm_mdaytm_hourtm_mintm_sectype->parent_type != NULLtarget_type!obj || obj->base.refcnt%s::%sti->instance_size == 0ti->abstract!ti->instance_init!ti->instance_post_init!ti->instance_finalize!ti->num_interfacestype->abstract == falsesize >= type->instance_sizeinfo->parent!object_compat_props[1]!object_compat_props[0]missing object type '%s'(null)obj->ref > 0obj->ref == 0Property '.%s' not foundbooleanuintcan't apply global %s.%s=%s: container/objectschild<%s>user-creatableinvalid object type: %sobject type '%s' is abstractlink<%s>partsDevice '%s' not foundstruct tmlink%s/build/qemu-rbeYHu/qemu-4.2/qom/object.cRegistering `%s' which already exists
          Source: nginx_kel.16.drBinary or memory string: See <https://qemu.org/contribute/report-a-bug> for how to report bugs.
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qom/object_interfaces.c
          Source: nginx_kel.16.drBinary or memory string: qemu_real_host_page_mask
          Source: nginx_kel.16.drBinary or memory string: qemu_fprintf
          Source: nginx_kel.16.drBinary or memory string: Unknown QEMU_IFLA_TUN type %d
          Source: nginx_kel.16.drBinary or memory string: qemu_uuid_is_null
          Source: nginx_kel.16.drBinary or memory string: qemu_ram_munmap
          Source: nginx_kel.16.drBinary or memory string: os_mem_prealloc: failed to install signal handleros_mem_prealloc: Insufficient free host memory pages available to allocate guest RAMos_mem_prealloc: failed to reinstall signal handlerfailed to allocate memory for stackfailed to set up stack guard pageCannot open pid fileCannot stat fileCannot lock pid fileFailed to truncate pid fileFailed to write pid filef != -1/var%s/%s!exec_dir[0]/proc/self/exetouch_pages/proc/%d/cmdlinecannot block signalscannot fork child processcannot unblock signalsqemu_forkos_mem_preallocqemu_init_exec_dirqemu_set_cloexecsocket_set_fast_reuseqemu_set_nonblockqemu_set_blockqemu_write_pidfileqemu: %s: %s
          Source: nginx_kel.16.drBinary or memory string: qemu: missing argument for option '%s'
          Source: nginx_kel.16.drBinary or memory string: qemu_add_opts
          Source: nginx_kel.16.drBinary or memory string: %d@%zu.%06zu:qemu_anon_ram_alloc size %zu ptr %p
          Source: nginx_kel.16.drBinary or memory string: do_raise_exception_errmips_cpu_exec_interruptmips_cpu_tlb_fill/build/qemu-rbeYHu/qemu-4.2/target/mips/cpu.c/build/qemu-rbeYHu/qemu-4.2/target/mips/internal.h%s-mips-cpumips_cpu_cpudef_class_initmips_cpu_initfnmips_cpu_realizefnmips_cpu_resetmips_vp_activemips_cpu_has_workmips_cpu_set_pcmips_cpu_synchronize_from_tbmips_cpu_disas_set_infomips_cpu_class_init/build/qemu-rbeYHu/qemu-4.2/target/mips/gdbstub.c
          Source: nginx_kel.16.drBinary or memory string: qemu_coroutine_yield
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/linux-user/elfload.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_ANON_RAM_ALLOC_DSTATE
          Source: nginx_kel.16.drBinary or memory string: driveinvalid option name: %s%63[^.].%63[^.].%63[^=]%ncan't parse: "%s"there is no %s "%s" defined# qemu config file
          Source: nginx_kel.16.drBinary or memory string: qemu_vfio_ram_block_added
          Source: nginx_kel.16.drBinary or memory string: qemu_open
          Source: nginx_kel.16.drBinary or memory string: QEMU_DFILTER
          Source: nginx_kel.16.drBinary or memory string: opt->desc && opt->desc->type == QEMU_OPT_NUMBER
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_has_help_opt
          Source: nginx_kel.16.drBinary or memory string: qemu_thread_joinqemu_thread_createqemu_event_waitqemu_event_resetqemu_event_setqemu_event_destroyqemu_sem_waitqemu_sem_waitqemu_sem_timedwaitqemu_sem_timedwaitqemu_sem_postqemu_sem_postqemu_sem_destroyqemu_sem_destroyqemu_sem_initqemu_cond_timedwait_implqemu_cond_timedwait_implqemu_cond_wait_implqemu_cond_wait_implqemu_cond_broadcastqemu_cond_broadcastqemu_cond_signalqemu_cond_signalqemu_cond_destroyqemu_cond_destroyqemu_cond_initqemu_rec_mutex_initqemu_mutex_unlock_implqemu_mutex_unlock_implqemu_mutex_trylock_implqemu_mutex_trylock_implqemu_mutex_lock_implqemu_mutex_lock_implqemu_mutex_destroyqemu_mutex_destroyqemu_mutex_init/build/qemu-rbeYHu/qemu-4.2/util/envlist.cenvlist != NULLenvlist_free/build/qemu-rbeYHu/qemu-4.2/util/path.cQEMU_MODULE_DIR%s/..Debian 1:4.2-3ubuntu6.17/var/run/qemu/%s.so%s/%s%sQTAILQ_EMPTY(&dso_init_list)Failed to open module: %s
          Source: nginx_kel.16.drBinary or memory string: [%63s "%63[^"]"][%63[^]]] %63s = "%1023[^"]" %63s = ""no group definedparse errorerror reading file%s.Unknown option '%s' for [%s]Unused option '%s' for [%s]%s.%uemulated machineaccelaccelerator listkernel_irqchipuse KVM in-kernel irqchipkvm_shadow_memKVM shadow MMU sizekernelLinux kernel image fileinitrdLinux initial ramdisk fileLinux kernel command lineLinux kernel device tree filedumpdtbphandle_startdt_compatibledump-guest-coremem-mergefirmwarefirmware imageiommusuppress-vmdescaes-key-wrapdea-key-wraploadparm/build/qemu-rbeYHu/qemu-4.2/util/qemu-config.cran out of space in drive_config_groupsran out of space in vm_config_groups[%s] section (index %u) does not consist of keys[%s] section doesn't support the option '%s'Dump current dtb to a file and quitThe first phandle ID we may generate dynamicallyOverrides the "compatible" property of the dt root nodeInclude guest memory in a core dumpenable/disable memory merge supportSet on/off to enable/disable usbSet on/off to enable/disable Intel IOMMU (VT-d)Set on to disable self-describing migrationenable/disable AES key wrapping using the CPACF wrapping keyenable/disable DEA key wrapping using the CPACF wrapping keyUp to 8 chars in set of [A-Za-z0-9. ](lower case chars converted to upper case) to pass to machine loader, boot manager, and guest kernelqobject_unref_implqobject_typeconfig_parse_qdict_sectionqmp_query_command_line_optionsqemu_find_opts_singletonfind_listValue '%s' is too large for parameter '%s'/build/qemu-rbeYHu/qemu-4.2/util/qemu-option.cValue '%s' is out of range for parameter '%s'a non-negative number below 2^64Optional suffix k, M, G, T, P or E means kilo-, mega-, giga-, tera-, peta-
          Source: nginx_kel.16.drBinary or memory string: qemu_cond_wait_func
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_reset
          Source: nginx_kel.16.drBinary or memory string: qemu_vfree
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_RAM_BLOCK_ADDED_EVENT
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qapi/string-output-visitor.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFREE_EVENT
          Source: nginx_kel.16.drBinary or memory string: QEMU_RESERVED_VA
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/hw/core/cpu.c
          Source: nginx_kel.16.drBinary or memory string: -(addr | TARGET_PAGE_MASK) >= size/build/qemu-rbeYHu/qemu-4.2/accel/tcg/user-exec.cqemu:%s received signal outside vCPU context @ pc=0x%lx
          Source: nginx_kel.16.drBinary or memory string: qemu_cond_timedwait_func
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_lock_func
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/error.c
          Source: nginx_kel.16.drBinary or memory string: qemu_ld_i64
          Source: nginx_kel.16.drBinary or memory string: handle_cpu_signalprobe_accessqemu-mipsel version 4.2.1 (Debian 1:4.2-3ubuntu6.17)
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/qbool.c
          Source: nginx_kel.16.drBinary or memory string: QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG
          Source: nginx_kel.16.drBinary or memory string: qemu_add_drive_opts
          Source: nginx_kel.16.drBinary or memory string: Unknown QEMU_IFLA_BRPORT type %d
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_NEW_MAPPING_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_%s_%s_%d.core
          Source: nginx_kel.16.drBinary or memory string: qemu.Supported
          Source: nginx_kel.16.drBinary or memory string: %d@%zu.%06zu:qemu_anon_ram_free ptr %p size %zu
          Source: nginx_kel.16.drBinary or memory string: cpu_write_elf32_qemunote
          Source: nginx_kel.16.drBinary or memory string: qemu.sstep:
          Source: nginx_kel.16.drBinary or memory string: %d@%zu.%06zu:qemu_mutex_locked taken mutex %p (%s:%d)
          Source: nginx_kel.16.drBinary or memory string: qemu_unlock_fd
          Source: nginx_kel.16.drBinary or memory string: qemu.sstep=
          Source: nginx_kel.16.drBinary or memory string: qemu_strtou64
          Source: nginx_kel.16.drBinary or memory string: qemu_icache_linesize_log
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_ENABLE_WATCH_EVENT
          Source: nginx_kel.16.drBinary or memory string: QEMU_UNSET_ENV environment variables to set and unset
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_set
          Source: nginx_kel.16.drBinary or memory string: trace_event_name!((uintptr_t)addr & ~qemu_real_host_page_mask)/build/qemu-rbeYHu/qemu-4.2/util/osdep.c!(size & ~qemu_real_host_page_mask)Failed to open /dev/null for OFD lock probing: %s
          Source: nginx_kel.16.drBinary or memory string: qemu_get_cpu
          Source: nginx_kel.16.drBinary or memory string: MbP?/build/qemu-rbeYHu/qemu-4.2/util/range.c!range_is_empty(a) && !range_is_empty(b)!range_is_empty(data)new_l == listrange_comparerange_invariantrange_list_insertthread_rand == NULLInvalid seed number: %s/build/qemu-rbeYHu/qemu-4.2/util/guest-random.cqemu_guest_random_seed_mainqemu_guest_random_seed_thread_part2guest_user_syscall_retguest_user_syscallguest_mem_before_execguest_mem_before_transguest_cpu_resetguest_cpu_exitguest_cpu_enterqmp_job_dismissqmp_job_finalizeqmp_job_completeqmp_job_resumeqmp_job_pauseqmp_job_canceljob_completedjob_apply_verbjob_state_transitiongdbstub_err_checksum_invalidgdbstub_err_invalid_rlegdbstub_err_invalid_repeatgdbstub_err_overrungdbstub_err_garbagegdbstub_err_got_nackgdbstub_io_got_unexpectedgdbstub_io_got_ackgdbstub_io_commandgdbstub_io_binaryreplygdbstub_io_replygdbstub_hit_unknowngdbstub_hit_watchdoggdbstub_hit_io_errorgdbstub_hit_shutdowngdbstub_hit_pausedgdbstub_hit_breakgdbstub_hit_internal_errorgdbstub_hit_watchpointgdbstub_op_extra_infogdbstub_op_steppinggdbstub_op_continue_cpugdbstub_op_continuegdbstub_op_exitinggdbstub_op_startflatview_destroy_rcuflatview_destroyflatview_newmemory_region_ram_device_readmemory_region_subpage_writememory_region_subpage_readmemory_region_ops_writememory_region_ops_readmemory_notdirty_set_dirtymemory_notdirty_write_accessram_block_discard_rangefind_ram_offset_loopfind_ram_offsetdma_map_waitdma_blk_cbdma_completedma_aio_canceldma_blk_ioqemu_system_powerdown_requestqemu_system_shutdown_requestsystem_wakeup_requestrunstate_setload_filevm_state_notifyballoon_eventcpu_outcpu_ingdbstub_err_checksum_incorrectmemory_region_ram_device_writetranslate_blockexec_tb_exitexec_tb_nocacheexec_tbuser_s390x_restore_sigregsuser_queue_signaluser_host_signaluser_handle_signaluser_force_siguser_do_sigreturnuser_do_rt_sigreturnuser_setup_rt_frameuser_setup_framevisit_type_nullvisit_type_anyvisit_type_numbervisit_type_strvisit_type_boolvisit_type_sizevisit_type_int64visit_type_int32visit_type_int16visit_type_int8visit_type_uint64visit_type_uint32visit_type_uint16visit_type_uint8visit_type_intvisit_type_enumvisit_optionalvisit_end_alternatevisit_start_alternatevisit_end_listvisit_check_listvisit_next_listvisit_start_listvisit_end_structvisit_check_structvisit_start_structvisit_completevisit_freeobject_class_dynamic_cast_assertobject_dynamic_cast_assertqemu_vfio_dma_unmapqemu_vfio_dma_mapqemu_vfio_do_mappingqemu_vfio_new_mappingqemu_vfio_find_mappingqemu_vfio_ram_block_removedqemu_vfio_ram_block_addedqemu_vfio_dma_reset_temporaryqemu_mutex_unlockqemu_mutex_lockedqemu_mutex_locksocket_listenlockcnt_futex_wakelockcnt_futex_wait_resumelockcnt_futex_waitlockcnt_futex_wait_preparelockcnt_unlock_successlockcnt_unlock_attemptlockcnt_fast_path_successlockcnt_fast_path_attempthbitmap_sethbitmap_resethbitmap_iter_skip_wordsqemu_anon_ram_freeqemu_vfreeqemu_anon_ram_allocqemu_memalignqemu_co_mutex_unlock_returnqemu_co_mutex_unlock_entryqemu_co_mutex_lock_returnqemu_co_mutex_lock_entryqemu_coroutine_terminateqe
          Source: nginx_kel.16.drBinary or memory string: tcg_gen_qemu_st_i32
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_DMA_MAP_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_validate
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get
          Source: nginx_kel.16.drBinary or memory string: qemu_config_parse
          Source: nginx_kel.16.drBinary or memory string: QEMU_CPU
          Source: nginx_kel.16.drBinary or memory string: More information on the QEMU project at <https://qemu.org>.Reserved virtual address too big
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_MUTEX_UNLOCK_DSTATE
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_NEW_MAPPING_DSTATE
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/hw/core/hotplug.c
          Source: nginx_kel.16.drBinary or memory string: ev != NULLtrace_event_is_vcpu(ev)*ev->dstate == 1trace_init_vcputrace_event_set_vcpu_state_dynamictrace_event_set_state_dynamictrace_event_get_state_statictrace_event_set_state_dynamic_init/build/qemu-rbeYHu/qemu-4.2/cpus-common.ccpu->cpu_index != UNASSIGNED_CPU_INDEX!(cpu_index_auto_assigned && cpu != QTAILQ_LAST(&cpus))!cpu_index_auto_assignedcpu_list_removecpu_list_addQWORD PTR DWORD PTR FWORD PTR TBYTE PTR XMMWORD PTR OWORD PTR %cs:%ds:%ss:%es:%fs:%gs:<internal disassembler error>%%xmm%d(%dx)%%mm%d%%tr%d%%db%d%%cr%d%%st(%d)%st(bad)0x%x:0x%x$0x%x,$0x%xcmp%s%c%caddr64fwaitaddr32data32data16repnzrepzaddr16%0lx(%rip)swapgsrdtscpinvlpgavmrunvmloadvmsavestgiclgiskinitvmmcallx86-64i386i8086intelsuffix.byte 0x%xrepz repnz lock addr32 addr16 data32 data16 # rex.Brex.Xrex.XBrex.Rrex.RBrex.RXrex.RXBrex.Wrex.WBrex.WXrex.WXBrex.WRrex.WRBrex.WRXrex.WRXBunordneqnltnlepi2fwpi2fdpf2iwpf2idpfnaccpfpnaccpfcmpgepfminpfrcppfrsqrtpfsubpfaddpfcmpgtpfmaxpfrcpit1pfrsqit1pfsubrpfaccpfcmpeqpfmulpfrcpit2pmulhrwpswapdpavgusbfnopfchsfabsftstfxamfld1fldl2tfldl2efldpifldlg2fldln2fldzf2xm1fyl2xfptanfpatanfxtractfprem1fdecstpfincstpfpremfyl2xp1fsqrtfsincosfrndintfscalefsinfcosfucomppfeni(287 only)fdisi(287 only)fNclexfNinitfNsetpm(287 only)fcomppfNstswfcomfcompfdivfdivrfldfxchfcmovbfcmovefcmovbefcmovufcmovnbfcmovnefcmovnbefcmovnufucomifcomiffreefstfstpfucomfucompfaddpfmulpfsubpfsubrpfdivpfdivrpffreepfucomipfcomipfadd{s||s|}fmul{s||s|}fcom{s||s|}fcomp{s||s|}fsub{s||s|}fsubr{s||s|}fdiv{s||s|}fdivr{s||s|}fld{s||s|}fst{s||s|}fstp{s||s|}fldenvICfldcwfNstenvICfNstcwfiadd{l||l|}fimul{l||l|}ficom{l||l|}ficomp{l||l|}fisub{l||l|}fisubr{l||l|}fidiv{l||l|}fidivr{l||l|}fild{l||l|}fisttp{l||l|}fist{l||l|}fistp{l||l|}fld{t||t|}fstp{t||t|}fadd{l||l|}fmul{l||l|}fcom{l||l|}fcomp{l||l|}fsub{l||l|}fsubr{l||l|}fdiv{l||l|}fdivr{l||l|}fld{l||l|}fisttp{ll||ll|}fst{l||l|}fstp{l||l|}frstorICfNsaveICfiaddfimulficomficompfisubfisubrfidivfidivrfildfisttpfistfistpfbldfild{ll||ll|}fbstpfistp{ll||ll|}pusha{P|}popa{P|}bound{S|}arplmovs{||lq|xd}cvtpi2pscvtsi2ssYcvtpi2pdcvtsi2sdYcvtps2picvtss2siYcvtpd2picvtsd2siYcvttps2picvttss2siYcvttpd2picvttsd2siYmovq2dqmovdq2qpshufwmovntqmovlpXmovhpXmovntssmovntsdvmreadinsertqvmwritebsrSlzcntSpopcntSpextrKpinsrKcrc32andnSbextrSsarxSshlxSshrxSbsfStzcntSbzhipextpdeprorxpopUaddAadcAsbbAandAsubAxorAcmpAaddQadcQsbbQandQsubQxorQcmpQrolArorArclArcrAshlAshrAsarArolQrorQrclQrcrQshlQshrQsarQtestAnotAnegAimulAidivAtestQnotQnegQimulQidivQincAdecAincQdecQJcallTJjmpTpushUsldtDstrDlldtltrverrverwsgdt{Q|IQ||}sidt{Q|IQ||}lgdt{Q|Q||}lidt{Q|Q||}smswDlmswinvlpgbtQbtsQbtrQbtcQcmpxchg8bvmptrstmovAmovQfxsavefxrstorlfencemfenceclflushprefetchntaprefetcht0prefetcht1prefetcht2prefetchprefetchwxstore-rngxcrypt-ecbxcrypt-cbcxcrypt-ctrxcrypt-cfbxcrypt-ofbmontmulxsha1xsha256%bx,%si%bx,%di%bp,%si%bp,%di%bp%bx%es%cs%ss%ds%fs%gs%?%cl%dl%bl%spl%bpl%sil%dil%r8b%r9b%r10b%r11b%r12b%r13b%r14b%r15b%ah%ch%dh%bh%cx%sp%r8w%r9w%r10w%r11w%r12w%r13w%r14w%r15w%ecx%edx%ebx%esp%ebp%esi%edi%r8d%r9d%r10d%r11d%r12d
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/target/mips/msa_helper.c
          Source: nginx_kel.16.drBinary or memory string: !((uintptr_t)addr & ~qemu_real_host_page_mask)
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_UNLOCK_ENTRY_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_cpu_is_self
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/cacheinfo.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_ADD_WATCH_EVENT
          Source: nginx_kel.16.drBinary or memory string: set_labelmov_i32movi_i32setcond_i32movcond_i32ld8u_i32ld8s_i32ld16u_i32ld16s_i32st8_i32st16_i32add_i32sub_i32mul_i32div2_i32divu2_i32xor_i32shl_i32shr_i32sar_i32rotl_i32rotr_i32deposit_i32sextract_i32extract2_i32brcond_i32add2_i32sub2_i32mulu2_i32muls2_i32muluh_i32mulsh_i32brcond2_i32setcond2_i32ext8s_i32ext16s_i32ext8u_i32ext16u_i32bswap16_i32bswap32_i32not_i32neg_i32andc_i32orc_i32eqv_i32nand_i32nor_i32mov_i64movi_i64setcond_i64movcond_i64ld8u_i64ld8s_i64ld16u_i64ld16s_i64ld32u_i64ld32s_i64st8_i64st16_i64st32_i64add_i64sub_i64mul_i64div2_i64divu2_i64xor_i64rotl_i64rotr_i64deposit_i64sextract_i64extract2_i64ext_i32_i64extu_i32_i64extrl_i64_i32extrh_i64_i32brcond_i64ext8s_i64ext16s_i64ext32s_i64ext8u_i64ext16u_i64ext32u_i64bswap16_i64bswap32_i64bswap64_i64not_i64neg_i64andc_i64orc_i64eqv_i64nand_i64nor_i64add2_i64sub2_i64mulu2_i64muls2_i64insn_startexit_tbgoto_tbgoto_ptrplugin_cb_startplugin_cb_endqemu_ld_i32qemu_st_i32qemu_ld_i64qemu_st_i64mov_vecdupi_vecdup_vecdup2_vecld_vecst_vecdupm_vecmul_vecneg_vecabs_vecssadd_vecusadd_vecsssub_vecussub_vecsmin_vecumin_vecsmax_vecumax_vecand_vecxor_vecandc_vecorc_vecnot_vecshli_vecshri_vecsari_vecshls_vecshrs_vecsars_vecshlv_vecshrv_vecsarv_veccmp_vecbitsel_veccmpsel_veclast_genericx86_shufps_vecx86_vpblendvb_vecx86_blend_vecx86_packss_vecx86_packus_vecx86_psrldq_vecx86_vperm2i128_vecx86_punpckl_vecx86_punpckh_vecUnrecognized operation %d in do_constant_folding.
          Source: nginx_kel.16.drBinary or memory string: ?/build/qemu-rbeYHu/qemu-4.2/util/unicode.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_NEW_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_loglevel
          Source: nginx_kel.16.drBinary or memory string: qemu_find_opts_err
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_do_parse
          Source: nginx_kel.16.drBinary or memory string: qemu_fdatasync
          Source: nginx_kel.16.drBinary or memory string: visit_type_BlockdevRefOrNullvisit_type_BlockdevRefvisit_type_Qcow2OverlapChecksvisit_type_BlockDirtyBitmapMergeSourceconnectedtls-authzwritabletray-openreferencesector-numsectors-countqapi/qapi-visit-common.cStrOrNullvisit_type_StrOrNullcipher-algcipher-modeivgen-algivgen-hash-algiter-timestripeskey-offsetpayload-offsetmaster-key-itersuuidslotscurrent-progresstotal-progressenablemajorminormicroqemupackageprotocolfdnameskipauthtlspresentUUIDthread-idpoll-max-nspoll-growpoll-shrinkactualmem_type_64subordinateio_rangememory_rangeprefetchable_rangesubsystemsubsystem-vendordevicesslotfunctionclass_infoqdev_idpci_bridgeregionscpu-indexcommand-linebase-memoryplugged-memoryfdset-idopaquefdsoem_idoem_table_idoem_revasl_compiler_idasl_compiler_revdefaultoptionparametersmemdevmemaddrslot-typesourceguidipv4ipv6keep-aliveDEVICE_DELETEDqobject_unref_impl/build/qemu-rbeYHu/qemu-4.2/qobject/qnum.cobj != NULLqnum_destroy_objqobject_typeqnum_to_stringqnum_get_doubleqnum_get_uintqnum_get_try_uintqnum_get_intqnum_get_try_int/build/qemu-rbeYHu/qemu-4.2/qobject/qstring.clen <= SIZE_MAX - qstring->capacityqstring->capacity <= SIZE_MAX / 2start <= endqstring->capacity < SIZE_MAXqstring_destroy_objqobject_typecapacity_increaseqstring_from_substr/build/qemu-rbeYHu/qemu-4.2/qobject/qdict.ce->key != NULLe->value != NULLqdict_destroy_objqentry_destroyqobject_typeqobject_unref_impl/build/qemu-rbeYHu/qemu-4.2/qobject/qlist.cqobject_unref_implqlist_destroy_objqobject_type/build/qemu-rbeYHu/qemu-4.2/qobject/qbool.cqbool_destroy_objqobject_typeExpecting a JSON value\"\\\b\f\n\r\t\u%04X\u%04X!json != !err!s->result || !s->err/build/qemu-rbeYHu/qemu-4.2/qobject/qjson.cExpecting at most one JSON valueGO
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/cutils.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/module.c
          Source: nginx_kel.16.drBinary or memory string: QEMU_AES_set_decrypt_key
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/exec.c-cpu option cannot be emptyunable to find CPU model '%s'qemu: fatal: parse_cpu_optioncpu_exec_realizefncpu_exec_unrealizefn/build/qemu-rbeYHu/qemu-4.2/tcg/i386/tcg-target.inc.c/build/qemu-rbeYHu/qemu-4.2/tcg/tcg.caligned < tcg_init_ctx.code_gen_buffer + sizesize <= s->code_gen_buffer_sizes->tb_jmp_reset_offset[which] == offOP after optimization and liveness analysis:
          Source: nginx_kel.16.drBinary or memory string: qemu_vfio_do_mapping
          Source: nginx_kel.16.drBinary or memory string: qemu_file_monitor_event
          Source: nginx_kel.16.drBinary or memory string: qemu_mprotect_rwx
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_COROUTINE_TERMINATE_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_rec_mutex_trylock_func
          Source: nginx_kel.16.drBinary or memory string: Cannot get random bytes: %s/build/qemu-rbeYHu/qemu-4.2/crypto/random-gnutls.cqcrypto_random_bytesUnable to initialize GNUTLS library: %s/build/qemu-rbeYHu/qemu-4.2/crypto/init.cqcrypto_init%d@%zu.%06zu:visit_free v=%p
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_SYSTEM_POWERDOWN_REQUEST_DSTATE
          Source: nginx_kel.16.drBinary or memory string: uleb128_encode_smallparse_uintqemu_strtou64qemu_strtoi64qemu_strtoulqemu_strtolqemu_strtouicheck_strtox_errorqemu_strtoido_strtosz/build/qemu-rbeYHu/qemu-4.2/util/cutils.c(unsigned) base <= 36 && base != 1ep >= nptrmul >= 0n <= 0x3fff%s not in [0, %d]%0.3g %sBKiMiGiTiPiEi
          Source: nginx_kel.16.drBinary or memory string: qemu_set_block
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/linux-user/mmap.c
          Source: nginx_kel.16.drBinary or memory string: qemu_thread_atexit_add
          Source: nginx_kel.16.drBinary or memory string: tcg_gen_qemu_ld_i32
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/json-streamer.c
          Source: nginx_kel.16.drBinary or memory string: qemu_sem_init
          Source: nginx_kel.16.drBinary or memory string: qemu_fork
          Source: nginx_kel.16.drBinary or memory string: qemu_ram_mmap
          Source: nginx_kel.16.drBinary or memory string: qemu:%s received signal outside vCPU context @ pc=0x%lx
          Source: nginx_kel.16.drBinary or memory string: Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developersusage: qemu-mipsel [options] program [arguments...]
          Source: nginx_kel.16.drBinary or memory string: qemu: unknown option '%s'
          Source: nginx_kel.16.drBinary or memory string: tswap_siginfodo_sigprocmaskVFS: argc is wrong%Y%m%d-%H%M%Sqemu_%s_%s_%d.coreCOREunable to dump %08x
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/hw/core/qdev-properties.c
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_lock_iothread_impl
          Source: nginx_kel.16.drBinary or memory string: qemu_sem_wait
          Source: nginx_kel.16.drBinary or memory string: QEMU_RAND_SEED
          Source: nginx_kel.16.drBinary or memory string: host_start || host_sizeInvalid PT_INTERP entryMultiple PT_INTERP entriescannot mmap brkmmap stack/usr/lib/libc.so.1/usr/lib/ld.so.1unable to get current timestamp: %s/build/qemu-rbeYHu/qemu-4.2/linux-user/elfload.cReserved 0x%lx bytes of guest address space
          Source: nginx_kel.16.drBinary or memory string: qemu_register_reset
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/path.c
          Source: nginx_kel.16.drBinary or memory string: ?/build/qemu-rbeYHu/qemu-4.2/util/qsp.cType Object Call site%*s Wait Time (s) Count Average (us)
          Source: nginx_kel.16.drBinary or memory string: qemu_cond_init
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_ANON_RAM_FREE_EVENT
          Source: nginx_kel.16.drBinary or memory string: 4Km4KEcR14KEmR14KEm24Kc24KEc34Kf74KfM14KM14KcP5600I7200XR2XR3XR4XR5XR6XR7XR8XR9XR10XR11XR12XR13XR14XR15w0.d1w1.d0w1.d1w2.d0w2.d1w3.d0w3.d1w4.d0w4.d1w5.d0w5.d1w6.d0w6.d1w7.d0w7.d1w8.d0w8.d1w9.d0w9.d1w10.d0w10.d1w11.d0w11.d1w12.d0w12.d1w13.d0w13.d1w14.d0w14.d1w15.d0w15.d1w16.d0w16.d1w17.d0w17.d1w18.d0w18.d1w19.d0w19.d1w20.d0w20.d1w21.d0w21.d1w22.d0w22.d1w23.d0w23.d1w24.d0w24.d1w25.d0w25.d1w26.d0w26.d1w27.d0w27.d1w28.d0w28.d1w29.d0w29.d1w30.d0w30.d1w31.d0w31.d1LO0LO1LO2LO3HI1HI2HI3k0k1gpstart >= 0 && length > 0 && length <= 32 - start/build/qemu-rbeYHu/qemu-4.2/target/mips/translate.cctx->base.is_jmp == DISAS_NORETURNpc=0x%08x HI=0x%08x LO=0x%08x ds %04x %08x %d
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/guest-random.c
          Source: nginx_kel.16.drBinary or memory string: qemu_uuid_parse
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_REMOVE_WATCH_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu: fatal:
          Source: nginx_kel.16.drBinary or memory string: qemu_strtol
          Source: nginx_kel.16.drBinary or memory string: qemu_irq_split
          Source: nginx_kel.16.drBinary or memory string: qemu_strtoi
          Source: nginx_kel.16.drBinary or memory string: Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_AIO_COROUTINE_ENTER_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_system_powerdown_request
          Source: nginx_kel.16.drBinary or memory string: qemu_strtod
          Source: nginx_kel.16.drBinary or memory string: qemu_lock_fd_test
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/stubs/monitor.c
          Source: nginx_kel.16.drBinary or memory string: qemu_thread_exit
          Source: nginx_kel.16.drBinary or memory string: qemu_thread_join
          Source: nginx_kel.16.drBinary or memory string: qemu_strtosz_metric
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/tcg/tcg-op.c
          Source: nginx_kel.16.drBinary or memory string: qemu_module_dummyModule is not supported by system.
          Source: nginx_kel.16.drBinary or memory string: qemu_file_monitor_remove_watch
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/log.c
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_iter_next
          Source: nginx_kel.16.drBinary or memory string: qemu_find_opts
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qapi/qobject-output-visitor.c
          Source: nginx_kel.16.drBinary or memory string: qemu_sem_post
          Source: nginx_kel.16.drBinary or memory string: qemu_event_reset
          Source: nginx_kel.16.drBinary or memory string: qemu_anon_ram_alloc
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/tcg/optimize.c/build/qemu-rbeYHu/qemu-4.2/include/qemu/bitops.hstart >= 0 && length > 0 && length <= 64 - start8
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_LOCK_UNCONTENDED_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_uuid_unparse
          Source: nginx_kel.16.drBinary or memory string: qemu_thread_is_self
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_bool
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_find
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qom/container.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/qstring.c
          Source: nginx_kel.16.drBinary or memory string: qemu_log_close
          Source: nginx_kel.16.drBinary or memory string: qemu_set_irq
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/block-qdict.c
          Source: nginx_kel.16.drBinary or memory string: qemu_extend_irqs
          Source: nginx_kel.16.drBinary or memory string: qemu_anon_ram_free
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/cpus-common.c
          Source: nginx_kel.16.drBinary or memory string: # qemu config file
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_SYSTEM_SHUTDOWN_REQUEST_EVENT
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/target/mips/cpu.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_COROUTINE_YIELD_EVENT
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/include/qemu/rcu.h
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_size_helper
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_lock_impl
          Source: SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5527.1.00005572fb41f000.00005572fb4a6000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5542.1.00005572fb41f000.00005572fb4a6000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5556.1.00005572fb41f000.00005572fb4a6000.rw-.sdmp, SecuriteInfo.com.Other.Malware-gen.28386.14039.elf, 5604.1.00005572fb41f000.00005572fb4a6000.rw-.sdmpBinary or memory string: rU!/etc/qemu-binfmt/mipsel
          Source: nginx_kel.16.drBinary or memory string: qemu_st_i32
          Source: nginx_kel.16.drBinary or memory string: qemu_strtod_finite
          Source: nginx_kel.16.drBinary or memory string: qemu_file_monitor_disable_watch
          Source: nginx_kel.16.drBinary or memory string: qemu_write_pidfile
          Source: nginx_kel.16.drBinary or memory string: qemu_printf
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/qemu-config.c
          Source: nginx_kel.16.drBinary or memory string: qemu_find_opts_singleton
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/include/exec/user/thunk.h
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/include/qapi/qmp/qobject.h
          Source: nginx_kel.16.drBinary or memory string: %d@%zu.%06zu:qemu_memalign alignment %zu size %zu ptr %p
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/qemu-error.c
          Source: nginx_kel.16.drBinary or memory string: QEMU_STRACE
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/osdep.c
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_destroy
          Source: nginx_kel.16.drBinary or memory string: tcg_gen_qemu_ld_i64
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_DMA_MAP_EVENT
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_MUTEX_UNLOCK_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_st_i64
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/oslib-posix.c%d@%zu.%06zu:qemu_memalign alignment %zu size %zu ptr %p
          Source: nginx_kel.16.drBinary or memory string: Please report this to qemu-devel@nongnu.org
          Source: systemd, 5755.1.0000557e04df3000.0000557e04e35000.rw-.sdmp, nginx_kel, 5755.1.0000557e04df3000.0000557e04e35000.rw-.sdmpBinary or memory string: ~U!/etc/qemu-binfmt/mipsel
          Source: nginx_kel.16.drBinary or memory string: Unknown host QEMU_IFLA type: %d
          Source: nginx_kel.16.drBinary or memory string: gdbstub: Bad syscall format string '%s'cmd->handler && cmd->cmdvCont;c;C;s;SText=%08x;Data=%08x;Bss=%08xENABLE=%x,NOIRQ=%x,NOTIMER=%xQEMU: Terminated via GDBstubE14E22PacketSize=%x;qXfer:features:read+;multiprocess+halted running%s %s [%s]CPU#%d [%s]target.xml<architecture></architecture><xi:include href=""/></target>E00p%02x.%02xT%02xthread:%s;m%sQC%sT02W%02xS%02x%08x/%xX%02xsocketacceptsetsockoptmax_pid < UINT32_MAXo.t0l?L?L0L?s0L,L:s0L,L0L,L,o0?.l0qemu.sstep:sThreadInfofThreadInfoThreadExtraInfo,OffsetsSupported:Xfer:features:read:s:l,l0Attached:Attachedqemu.Supportedqemu.sstepbitsqemu.sstepqemu.sstep=Cont?ContAttach;Kill;
          Source: nginx_kel.16.drBinary or memory string: qemu_module_dummy
          Source: nginx_kel.16.drBinary or memory string: sstepbits;sstep/build/qemu-rbeYHu/qemu-4.2/include/exec/user/thunk.h/build/qemu-rbeYHu/qemu-4.2/thunk.c*type_ptr < max_struct_entriesid < max_struct_entriesnb_fields > 0Invalid type 0x%x
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_COROUTINE_YIELD_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_log_needs_buffers
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/accel/tcg/cpu-exec.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/accel/tcg/user-exec.c
          Source: nginx_kel.16.drBinary or memory string: QEMU_MODULE_DIR
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_append
          Source: nginx_kel.16.drBinary or memory string: qemu_icache_linesize
          Source: nginx_kel.16.drBinary or memory string: QEMU_AES_encrypt
          Source: nginx_kel.16.drBinary or memory string: qemu_has_ofd_lock
          Source: nginx_kel.16.drBinary or memory string: qemu_close
          Source: nginx_kel.16.drBinary or memory string: tb->cflags & CF_NOCACHEqemu_mutex_iothread_locked()%-*s %-*s %-*s %s
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/fpu/softfloat.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/qnum.c
          Source: nginx_kel.16.drBinary or memory string: set the elf interpreter prefix to 'path'set the stack size to 'size' bytesselect CPU (-cpu help for list)sets targets environment variable (see below)unsets targets environment variable (see below)forces target process argv[0] to be 'argv0'set qemu uname release string to 'uname'set guest_base address to 'address'reserve 'size' bytes for guest virtual address spaceenable logging of specified items (use '-d help' for a list of items)filter logging based on address rangewrite logs to 'logfile' (default stderr)set the host page size to 'pagesize'Seed for pseudo-random number generator[[enable=]<pattern>][,events=<file>][,file=<file>]display version information and exitprint this helpEnv-variableArgument%-*s %-*s Description
          Source: nginx_kel.16.drBinary or memory string: qemu_cond_destroy
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_parse_noisily
          Source: nginx_kel.16.drBinary or memory string: module_load_file/build/qemu-rbeYHu/qemu-4.2/util/cacheinfo.c(isize & (isize - 1)) == 0(dsize & (dsize - 1)) == 0init_cache_info/build/qemu-rbeYHu/qemu-4.2/util/error.cerr && errp != &error_abort && errp != &error_fatalUnexpected error in %s() at %s:%d:
          Source: nginx_kel.16.drBinary or memory string: qemu_oom_check
          Source: nginx_kel.16.drBinary or memory string: plugin_disastarget_disas/build/qemu-rbeYHu/qemu-4.2/gdbstub.c%d@%zu.%06zu:gdbstub_io_binaryreply 0x%04zx: %s
          Source: nginx_kel.16.drBinary or memory string: object '%s' not founduser_creatable_delqobject_unref_impluser_creatable_add_optsuser_creatable_add_typeuser_creatable_add_typeuser_creatable_can_be_deleteduser_creatable_complete/build/qemu-rbeYHu/qemu-4.2/crypto/aes.cin && out && keyin && out && key && ivecQEMU_AES_cbc_encryptQEMU_AES_decryptQEMU_AES_encrypt
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qapi/opts-visitor.c
          Source: nginx_kel.16.drBinary or memory string: qemu_uuid_unparse_strdup
          Source: nginx_kel.16.drBinary or memory string: mips32r6-generic24KfR5900qemu: unknown option '%s'
          Source: nginx_kel.16.drBinary or memory string: qemu: unhandled CPU exception 0x%x - aborting
          Source: nginx_kel.16.drBinary or memory string: qemu_rec_mutex_init
          Source: nginx_kel.16.drBinary or memory string: only QEMU supports file descriptor passing
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_set
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_find
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/trace/control-internal.h
          Source: nginx_kel.16.drBinary or memory string: qemu_mprotect__osdep
          Source: nginx_kel.16.drBinary or memory string: QEMU_GDBwait gdb connection to 'port'QEMU_LD_PREFIXQEMU_STACK_SIZEQEMU_CPUmodelQEMU_SET_ENVvar=valueQEMU_UNSET_ENVQEMU_ARGV0argv0QEMU_UNAMEunameQEMU_GUEST_BASEQEMU_RESERVED_VAQEMU_LOGitem[,...]dfilterQEMU_DFILTERrange[,...]QEMU_LOG_FILENAMElogfileQEMU_PAGESIZEsinglestepQEMU_SINGLESTEPrun in singlestep modestraceQEMU_STRACElog system callsQEMU_RAND_SEEDQEMU_TRACEQEMU_VERSION/etc/qemu-binfmt/mipsel
          Source: nginx_kel.16.drBinary or memory string: qemu_uuid_is_equal
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_DMA_RESET_TEMPORARY_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_read_config_file
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_DO_MAPPING_DSTATE
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/target/mips/translate.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/qdict.c
          Source: nginx_kel.16.drBinary or memory string: qemu_set_dfilter_ranges
          Source: nginx_kel.16.drBinary or memory string: qemu_file_monitor_add_watch
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/exec.c
          Source: nginx_kel.16.drBinary or memory string: qemu_strtosz_MiB
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qapi/qapi-visit-core.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_DISABLE_WATCH_DSTATE
          Source: nginx_kel.16.drBinary or memory string: is_power_of_2(align)align >= pagesize/proc/self/fd/%dqemu_ram_mmap-._id_subsys_str[id]%c%s%lu%02d/build/qemu-rbeYHu/qemu-4.2/util/id.cid < ARRAY_SIZE(id_subsys_str)id_generate%s%.*f,%.*f%s(empty)%s%s%s%s%s
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/thunk.c
          Source: nginx_kel.16.drBinary or memory string: qemu: Can't find a matching FPU mode
          Source: nginx_kel.16.drBinary or memory string: qemu_strsep
          Source: nginx_kel.16.drBinary or memory string: qemu.sstepbits
          Source: nginx_kel.16.drBinary or memory string: qemu_co_mutex_unlock_return
          Source: nginx_kel.16.drBinary or memory string: mips_cpu_gdb_write_registermips_cpu_gdb_read_register/build/qemu-rbeYHu/qemu-4.2/target/mips/msa_helper.chelper_msa_ffint_u_dfhelper_msa_ffint_s_dfhelper_msa_ftint_u_dfhelper_msa_ftint_s_dfhelper_msa_ffqr_dfhelper_msa_ffql_dfhelper_msa_fexupr_dfhelper_msa_fexupl_dfhelper_msa_flog2_dfhelper_msa_frint_dfhelper_msa_frcp_dfhelper_msa_frsqrt_dfhelper_msa_fsqrt_dfhelper_msa_ftrunc_u_dfhelper_msa_ftrunc_s_dfhelper_msa_fclass_dfhelper_msa_fmax_a_dfhelper_msa_fmax_dfhelper_msa_fmin_a_dfhelper_msa_fmin_dfhelper_msa_ftq_dfhelper_msa_fexdo_dfhelper_msa_fexp2_dfhelper_msa_fmsub_dfhelper_msa_fmadd_dfhelper_msa_fdiv_dfhelper_msa_fmul_dfhelper_msa_fsub_dfhelper_msa_fadd_dfcompare_necompare_unecompare_orcompare_ulecompare_lecompare_ultcompare_ltcompare_ueqcompare_eqcompare_uncompare_afhelper_msa_fill_dfhelper_msa_insve_dfhelper_msa_vshf_dfmsa_splat_dfhelper_msa_msubr_q_dfhelper_msa_maddr_q_dfhelper_msa_msub_q_dfhelper_msa_madd_q_dfhelper_msa_binsr_dfhelper_msa_binsl_dfhelper_msa_dpsub_u_dfhelper_msa_dpsub_s_dfhelper_msa_dpadd_u_dfhelper_msa_dpadd_s_dfhelper_msa_msubv_dfhelper_msa_maddv_dfmsa_sld_dfhelper_msa_mulr_q_dfhelper_msa_mul_q_dfhelper_msa_dotp_u_dfhelper_msa_dotp_s_dfhelper_msa_mulv_dfhelper_msa_subsuu_s_dfhelper_msa_subsus_u_dfhelper_msa_subs_u_dfhelper_msa_subs_s_dfhelper_msa_subv_dfhelper_msa_binsri_dfhelper_msa_binsli_dfhelper_msa_srlri_dfhelper_msa_srari_dfhelper_msa_sat_u_dfhelper_msa_sat_s_dfhelper_msa_bnegi_dfhelper_msa_bseti_dfhelper_msa_bclri_dfhelper_msa_srli_dfhelper_msa_srai_dfhelper_msa_slli_dfhelper_msa_ldi_dfhelper_msa_mini_u_dfhelper_msa_mini_s_dfhelper_msa_maxi_u_dfhelper_msa_maxi_s_dfhelper_msa_clti_u_dfhelper_msa_clti_s_dfhelper_msa_clei_u_dfhelper_msa_clei_s_dfhelper_msa_ceqi_dfhelper_msa_subvi_dfhelper_msa_addvi_dfhelper_msa_shf_df/build/qemu-rbeYHu/qemu-4.2/trace/control-internal.h/build/qemu-rbeYHu/qemu-4.2/trace/control-target.ctrace_event_get_state_static(ev)%d@%zu.%06zu:guest_cpu_enter cpu=%p
          Source: nginx_kel.16.drBinary or memory string: QEMU_TRACE
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_iter_init
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/include/qemu/range.h
          Source: nginx_kel.16.drBinary or memory string: qemu_mempath_getpagesize
          Source: nginx_kel.16.drBinary or memory string: !permit_abbrev || list->implied_opt_name!defaults || list->merge_listsa number*p == '='bool (on/off)Options:No options available.opts_accepts_any(opts)!errp || !*errpan identifierDuplicate ID '%s' for %s,id=id=%s%s%s=%s%s=%ld%s%s=%sopts != NULLqemu_opts_foreachqemu_opts_validateqemu_opts_validateqobject_typeqemu_opts_from_qdictqemu_opts_set_defaultsopts_parseopts_do_parseqemu_opts_createqemu_opt_foreachqemu_opt_set_numberqemu_opt_set_boolopt_setqemu_opt_unsetqemu_opt_get_size_helperparse_option_numberqemu_opt_get_number_helperparse_option_boolqemu_opt_get_bool_helperopt_type_to_stringqemu_opts_print_helpparse_option_sizeindex >= 0!elt[nelt-1]Parameter '%s%d' missing fragment=,s + len <= key_endkey != implied_keyInvalid parameter '%.*s'cur!*slistified == QOBJECT(qdict)Parameters '%.*s.*' used inconsistently/build/qemu-rbeYHu/qemu-4.2/util/keyval.cParameters '%s*' used inconsistentlyParameter%s '%.*s' is too longExpected '=' after parameter '%.*s'qobject_unref_implkeyval_listifykeyval_listifykeyval_parse_putqobject_typekeyval_parse_onekeyval_parse_onekeyval_parse%02hhx%02hhx%02hhx%02hhx-%02hhx%02hhx-%02hhx%02hhx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx/build/qemu-rbeYHu/qemu-4.2/util/rcu.crcu_reader.ctr == 0call_rcurcu_register_threadInvalid rangeBad range specifier!is_daemonized()Bad logfile format: %sout_asmtrace:Log items (comma separated):
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_bool_helper
          Source: nginx_kel.16.drBinary or memory string: qemu_allocate_irq
          Source: nginx_kel.16.drBinary or memory string: qemu_co_mutex_lock_entry
          Source: nginx_kel.16.drBinary or memory string: qemu-mipsel version 4.2.1 (Debian 1:4.2-3ubuntu6.17)
          Source: nginx_kel.16.drBinary or memory string: Unknown QEMU_IFLA_INFO_KIND %s
          Source: nginx_kel.16.drBinary or memory string: qemu_set_log
          Source: nginx_kel.16.drBinary or memory string: QEMU_UNSET_ENV
          Source: nginx_kel.16.drBinary or memory string: qemu_dcache_linesize
          Source: nginx_kel.16.drBinary or memory string: qemu_accept
          Source: nginx_kel.16.drBinary or memory string: qemu_log_items
          Source: nginx_kel.16.drBinary or memory string: qemu_set_hw_version
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/include/qapi/qmp/qobject.hQTYPE_NONE < obj->base.type && obj->base.type < QTYPE__MAXparent->class_size <= ti->class_sizetype->instance_size >= sizeof(Object)%d@%zu.%06zu:object_dynamic_cast_assert %s->%s (%s:%d:%s)
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_create
          Source: nginx_kel.16.drBinary or memory string: qemu_bql_mutex_lock_func
          Source: nginx_kel.16.drBinary or memory string: qemu_system_shutdown_request
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_del
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_LOCK_RETURN_DSTATE
          Source: nginx_kel.16.drBinary or memory string: QEMU_SINGLESTEP
          Source: nginx_kel.16.drBinary or memory string: qemu_set_log_filename
          Source: nginx_kel.16.drBinary or memory string: qemu_log
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/accel/tcg/translate-all.c
          Source: nginx_kel.16.drBinary or memory string: qemu_pstrcmp0
          Source: nginx_kel.16.drBinary or memory string: print_siginfo TIME_OK (clock synchronized, no leap second) TIME_INS (insert leap second) TIME_DEL (delete leap second) TIME_OOP (leap second in progress) TIME_WAIT (leap second has occurred) TIME_ERROR (clock not synchronized), si_pid=%u, si_uid=%u, si_status=%d, si_utime=%d, si_stime=%d, si_pid=%u, si_uid=%u, si_sigval=%d/build/qemu-rbeYHu/qemu-4.2/linux-user/strace.c{sun_family=AF_UNIX,sun_path="{sin_family=AF_INET,sin_port=htons(%d),sin_addr=inet_addr("%d.%d.%d.%d"){sll_family=AF_PACKET,sll_protocol=htons(0x%04x),if%d,pkttype=,sll_addr=%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x{nl_family=AF_NETLINK,nl_pid=%u,nl_groups=%u}/build/qemu-rbeYHu/qemu-4.2/linux-user/mmap.ch2g_valid(ptr)h2g_valid(host_start)ret == 0h2g_valid(host_addr)target_mremaptarget_mmapmmap_find_vma%d@%zu.%06zu:user_host_signal env=%p signal %d (target %d(
          Source: nginx_kel.16.drBinary or memory string: !(size & ~qemu_real_host_page_mask)
          Source: nginx_kel.16.drBinary or memory string: qemu_thread_create
          Source: nginx_kel.16.drBinary or memory string: mutex->initializedcond->initializedsem->initializedev->initialized/build/qemu-rbeYHu/qemu-4.2/util/qemu-thread-posix.c%d@%zu.%06zu:qemu_mutex_lock waiting on mutex %p (%s:%d)
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/disas.c
          Source: nginx_kel.16.drBinary or memory string: qemu_socket
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qapi/qobject-input-visitor.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_LOCK_ENTRY_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_thread_get_self
          Source: nginx_kel.16.drBinary or memory string: cpu_write_elf64_qemunote
          Source: nginx_kel.16.drBinary or memory string: qemu_vfio_dma_unmap
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/crypto/aes.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_RAM_BLOCK_ADDED_DSTATE
          Source: nginx_kel.16.drBinary or memory string: opt->desc && opt->desc->type == QEMU_OPT_SIZE
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_DMA_UNMAP_DSTATE
          Source: nginx_kel.16.drBinary or memory string: attempt to add duplicate property '%s' to class (type '%s')attempt to add duplicate property '%s' to object (type '%s')Insufficient permission to perform this operationInvalid parameter type for '%s', expected: %sProperty %s on %s is not '%s' enum typechild object is already parentedPath '%s' does not uniquely identify an objectobject_class_property_set_descriptionobject_resolve_path_typeobject_get_canonical_path_componentobject_resolve_linkobject_property_add_childobject_property_get_enumobject_property_get_uintobject_property_get_intqobject_typeobject_property_get_boolobject_property_get_linkobject_property_get_strqobject_unref_implobject_property_setobject_property_getobject_property_delobject_class_property_findobject_property_findobject_class_property_addobject_property_addobject_finalizeobject_unrefobject_set_propvobject_new_with_propvobject_new_with_typetype_is_ancestortype_initializetype_initializeobject_initialize_with_typeobject_set_accelerator_compat_propsobject_set_machine_compat_propstype_get_parentobject_type_get_instance_sizetype_table_addtype_newtype_register/build/qemu-rbeYHu/qemu-4.2/qom/container.cparts != NULL && parts[0] != NULL && !parts[0][0]container_get/build/qemu-rbeYHu/qemu-4.2/qom/object_interfaces.cobject type '%s' isn't supported by object-addList of user creatable objects:object '%s' is in use, can not be deletedqdictqom-typeParameter '%s' is missing %s
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qapi/string-input-visitor.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_NEW_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_aio_coroutine_enter
          Source: nginx_kel.16.drBinary or memory string: qemu_vprintf
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_DISABLE_WATCH_EVENT
          Source: nginx_kel.16.drBinary or memory string: QEMU_ARGV0
          Source: nginx_kel.16.drBinary or memory string: qemu_event_wait
          Source: nginx_kel.16.drBinary or memory string: opt->desc && opt->desc->type == QEMU_OPT_BOOLopt->desc && opt->desc->type == QEMU_OPT_NUMBERopt->desc && opt->desc->type == QEMU_OPT_SIZEIdentifiers consist of letters, digits, '-', '.', '_', starting with a letter.
          Source: nginx_kel.16.drBinary or memory string: QEMU_AES_cbc_encrypt
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/keyval.c
          Source: nginx_kel.16.drBinary or memory string: qemu_stamp_fd1e84eabffe4c20c6c5b88917de012e30472846
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_bool_del
          Source: nginx_kel.16.drBinary or memory string: Unknown host QEMU_IFLA_INFO type: %d
          Source: nginx_kel.16.drBinary or memory string: qemu_host_page_size
          Source: nginx_kel.16.drBinary or memory string: qobject_typeqdict_from_vjsonf_nofailqobject_from_vjsonf_nofailqobject_unref_implconsume_jsonconsume_jsonqobject_from_jsonv/build/qemu-rbeYHu/qemu-4.2/qobject/qobject.cQTYPE_QNULL < obj->base.type && obj->base.type < QTYPE__MAXQTYPE_NONE < x->base.type && x->base.type < QTYPE__MAX!obj->base.refcntqobject_is_equalqobject_destroyJSON parse error, stray '%s'/build/qemu-rbeYHu/qemu-4.2/qobject/json-streamer.cJSON token size limit exceededJSON token count limit exceededJSON nesting depth limit exceededg_queue_is_empty(&parser->tokens)
          Source: nginx_kel.16.drBinary or memory string: qemu_set_cloexec
          Source: nginx_kel.16.drBinary or memory string: qemu: uncaught target signal %d (%s) - %s
          Source: nginx_kel.16.drBinary or memory string: QEMU_UNAME
          Source: nginx_kel.16.drBinary or memory string: /proc/self/mapsh2g_valid(min) [stack]h2g_valid(max - 1)%ld (%s) 0%c/proc/self/%d//tmpTMPDIR%s/qemu-open.XXXXXXarg_type[0] == TYPE_PTRie->access == IOC_RWie->access == IOC_W*arg_type == TYPE_PTR*arg_type == TYPE_STRUCTse->convert[0] == NULL*field_types == TYPE_PTRVOIDhost_rt_dev_ptr != NULLtarget_rt_dev_ptr != NULLHost cmsg overflow
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_COROUTINE_TERMINATE_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_init_vcpu
          Source: nginx_kel.16.drBinary or memory string: qemu: Unexpected FPU mode
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_DISPATCH_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_mprotect_none
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_LOCK_UNCONTENDED_EVENT
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_RAM_BLOCK_REMOVED_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_vfio_new_mapping
          Source: nginx_kel.16.drBinary or memory string: parse_errorparse_keywordparse_stringparse_literalparse_interpolationparse_arrayqobject_unref_implqobject_typeparse_objectjson_parser_parsetoo many vcpu trace events; dropping '%s'/build/qemu-rbeYHu/qemu-4.2/trace/control.ctrace event '%s' is not traceabletrace event '%s' does not exist%d@%zu.%06zu:guest_cpu_exit cpu=%p
          Source: nginx_kel.16.drBinary or memory string: qemu_vfio_dma_reset_temporary
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_trylock_impl
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/hw/core/qdev.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/trace/control-target.c
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_number_del
          Source: nginx_kel.16.drBinary or memory string: qemu_memalign
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_absorb_qdict
          Source: nginx_kel.16.drBinary or memory string: %s/qemu-open.XXXXXX
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_loc_restore
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_foreach
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/tcg/tcg-op-gvec.c
          Source: nginx_kel.16.drBinary or memory string: QEMU_AES_decrypt
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/tcg/i386/tcg-target.inc.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_FIND_MAPPING_EVENT
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_LOCK_ENTRY_EVENT
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/mmap-alloc.cWarning: requesting persistence across crashes for backend file %s failed. Proceeding without persistence, data might become corrupted in case of host crash.
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_set_id
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_ADD_WATCH_DSTATE
          Source: nginx_kel.16.drBinary or memory string: json_message_parser_flushjson_message_process_tokenJSON parse error, %spremature EOIexpected separator in dictexpecting valueexpected separator in list%lld%lluinvalid interpolation '%s'token*ptr == '"' || *ptr == '\''*ptrcan't interpolate into stringret == -ERANGEinvalid keyword '%s'key is not a string in objectmissing : in object pairMissing value in dictduplicate key/build/qemu-rbeYHu/qemu-4.2/qobject/json-parser.ctoken && token->type == JSON_LCURLYtoken && token->type == JSON_LSQUAREtoken && token->type == JSON_INTERP%.*s is not a valid Unicode characterinvalid escape sequence in stringinvalid UTF-8 sequence in stringtoken && token->type == JSON_KEYWORDctxt.err || g_queue_is_empty(ctxt.buf)
          Source: nginx_kel.16.drBinary or memory string: qemu_file_monitor_new
          Source: nginx_kel.16.drBinary or memory string: qemu_vfio_dma_map
          Source: nginx_kel.16.drBinary or memory string: qemu_write_full
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/hw/core/bus.c
          Source: nginx_kel.16.drBinary or memory string: qemu_madvise
          Source: nginx_kel.16.drBinary or memory string: Unknown QEMU_IFLA_INFO_SLAVE_KIND %s
          Source: nginx_kel.16.drBinary or memory string: qemu_logfile
          Source: nginx_kel.16.drBinary or memory string: qemu_strtoul
          Source: nginx_kel.16.drBinary or memory string: qemu_cond_signal
          Source: nginx_kel.16.drBinary or memory string: qemu_log_in_addr_range
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/include/qemu/rcu.hcc->set_pccc->has_workcpu == current_cpucc == CPU_GET_CLASS(cpu)use_icountp_rcu_reader->depth != 0rcu_read_unlockcpu_handle_debug_exceptioncpu_handle_interruptcpu_loop_exec_tbtb_add_jumpcpu_has_workcpu_execcpu_tb_execcpu_tb_execcpu_exec_step_atomic/build/qemu-rbeYHu/qemu-4.2/accel/tcg/translate-all.cptr_locked == 1 && dest->cflags & CF_INVALIDCould not allocate dynamic translator buffer
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/qlist.c
          Source: nginx_kel.16.drBinary or memory string: qemu_event_init
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_get_number
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/target/mips/helper.c
          Source: nginx_kel.16.drBinary or memory string: QEMU_LOG_FILENAME
          Source: nginx_kel.16.drBinary or memory string: qemu_get_thread_id
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/linux-user/syscall.c
          Source: nginx_kel.16.drBinary or memory string: qemu_cond_wait_impl
          Source: nginx_kel.16.drBinary or memory string: qemu_co_mutex_unlock_entry
          Source: nginx_kel.16.drBinary or memory string: %d@%zu.%06zu:qemu_mutex_unlock released mutex %p (%s:%d)
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/tcg/tcg-op.c%d@%zu.%06zu:guest_mem_before_trans cpu=%p info=%d
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/json-parser.c
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qapi/qapi-util.c
          Source: nginx_kel.16.drBinary or memory string: qemu_get_local_state_pathname
          Source: nginx_kel.16.drBinary or memory string: qemu_lock_fd
          Source: nginx_kel.16.drBinary or memory string: qemu_irq_intercept_in
          Source: nginx_kel.16.drBinary or memory string: /usr/lib/x86_64-linux-gnu/qemuABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-.~/build/qemu-rbeYHu/qemu-4.2/util/module.cqemu_stamp_fd1e84eabffe4c20c6c5b88917de012e30472846Failed to initialize module: %s
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/envlist.c
          Source: nginx_kel.16.drBinary or memory string: qemu_set_nonblock
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_SYSTEM_SHUTDOWN_REQUEST_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_get_exec_dir
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_AIO_COROUTINE_ENTER_EVENT
          Source: nginx_kel.16.drBinary or memory string: set qemu uname release string to 'uname'
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/linux-user/strace.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_DO_MAPPING_EVENT
          Source: nginx_kel.16.drBinary or memory string: QEMU_STACK_SIZE = %ld byte
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/include/hw/core/cpu.h
          Source: systemd, 5799.1.0000564a7bfd5000.0000564a7c017000.rw-.sdmp, nginx_kel, 5799.1.0000564a7bfd5000.0000564a7c017000.rw-.sdmpBinary or memory string: {JV!/etc/qemu-binfmt/mipsel
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_unlock_iothread
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/gdbstub.c
          Source: nginx_kel.16.drBinary or memory string: qemu_hw_version
          Source: nginx_kel.16.drBinary or memory string: qemu_coroutine_terminate
          Source: nginx_kel.16.drBinary or memory string: tcg_gen_qemu_st_i64
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/qemu-option.c
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_UNLOCK_ENTRY_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_id
          Source: nginx_kel.16.drBinary or memory string: QEMU_STACK_SIZE
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_set_bool
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_RAM_BLOCK_REMOVED_DSTATE
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_DMA_RESET_TEMPORARY_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_ether_ntoa
          Source: nginx_kel.16.drBinary or memory string: qemu_opt_set_number
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/trace/control.c
          Source: nginx_kel.16.drBinary or memory string: qemu_init_cpu_list
          Source: nginx_kel.16.drBinary or memory string: file system may not support O_DIRECT%s: mprotect failed: %s/dev/null/dev/fdset//proc/sys/crypto/fips_enabled2.5+qemu_mprotect__osdep
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/target/mips/internal.h
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/util/id.c
          Source: nginx_kel.16.drBinary or memory string: init_qemu_uname_release
          Source: nginx_kel.16.drBinary or memory string: qemu_get_pid_name
          Source: nginx_kel.16.drBinary or memory string: qemu_thread_atexit_remove
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_lock
          Source: nginx_kel.16.drBinary or memory string: qemu_cpu_kick
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_VFIO_DMA_UNMAP_EVENT
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_iothread_locked
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qom/object.c
          Source: nginx_kel.16.drBinary or memory string: QEMU_GDB
          Source: nginx_kel.16.drBinary or memory string: qemu_opts_print_help
          Source: nginx_kel.16.drBinary or memory string: qemu_unregister_reset
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_unlock_impl
          Source: nginx_kel.16.drBinary or memory string: qemu_vfio_find_mapping
          Source: nginx_kel.16.drBinary or memory string: qemu_log_flush
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_MEMALIGN_EVENT
          Source: nginx_kel.16.drBinary or memory string: ?/build/qemu-rbeYHu/qemu-4.2/util/unicode.clen > 1 && len < 7bufsz >= 5mod_utf8_encode
          Source: nginx_kel.16.drBinary or memory string: qemu_event_set
          Source: nginx_kel.16.drBinary or memory string: qemu_mutex_locked
          Source: nginx_kel.16.drBinary or memory string: qemu_co_mutex_lock_uncontended
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_CO_MUTEX_LOCK_RETURN_EVENT
          Source: nginx_kel.16.drBinary or memory string: QEMU_LD_PREFIX
          Source: nginx_kel.16.drBinary or memory string: QEMU_SET_ENV
          Source: nginx_kel.16.drBinary or memory string: Unknown target QEMU_IFLA type: %d
          Source: nginx_kel.16.drBinary or memory string: qemu: no user program specified
          Source: nginx_kel.16.drBinary or memory string: /build/qemu-rbeYHu/qemu-4.2/qobject/json-lexer.c
          Source: nginx_kel.16.drBinary or memory string: qemu_fd_getpagesize
          Source: nginx_kel.16.drBinary or memory string: _TRACE_QEMU_FILE_MONITOR_EVENT_DSTATE
          Source: nginx_kel.16.drBinary or memory string: qemu_real_host_page_size
          Source: nginx_kel.16.drBinary or memory string: QEMU: Terminated via GDBstub
          Source: nginx_kel.16.drBinary or memory string: %d@%zu.%06zu:qemu_vfree ptr %p
          Source: nginx_kel.16.drBinary or memory string: qemu_free_irq
          Source: nginx_kel.16.drBinary or memory string: QEMU_LOG

          Anti Debugging

          barindex
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5531)Process with PPID: /bin/sh -> sh -c "mount -o bind /tmp/nginx_server /proc/5527/ > /dev/null 2>&1"Jump to behavior
          Source: /tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf (PID: 5562)Process with PPID: /bin/sh -> sh -c "mount -o bind /tmp/nginx_server /proc/5558/ > /dev/null 2>&1"Jump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.dontargetme.nl
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.websersaiosnginxo.ru
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.adminpanel.oss
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.admincs.duckdns.org
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.session.geek
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.duckdns.org
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.geek
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.oss
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.chickenkiller.com
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.accesscam.org
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.casacam.net
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.ddnsfree.com
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.mooo.com
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.strangled.net
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.ignorelist.com
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.ru
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.nl
          Source: TrafficDNS traffic detected: queries for: 60da859e8a.xyz

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 5556.1.00007f2948400000.00007f294848f000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5542.1.00007f2948400000.00007f294848f000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5527.1.00007f2948400000.00007f294848f000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5604.1.00007f2948400000.00007f294848f000.r-x.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 5556.1.00007f2948400000.00007f294848f000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5542.1.00007f2948400000.00007f294848f000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5527.1.00007f2948400000.00007f294848f000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5604.1.00007f2948400000.00007f294848f000.r-x.sdmp, type: MEMORY
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity Information1
          Scripting
          Valid Accounts1
          Scheduled Task/Job
          1
          Systemd Service
          1
          Systemd Service
          21
          Masquerading
          OS Credential Dumping11
          Security Software Discovery
          Remote ServicesData from Local System1
          Non-Standard Port
          Exfiltration Over Other Network Medium1
          Data Manipulation
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          Scheduled Task/Job
          1
          Scheduled Task/Job
          1
          File and Directory Permissions Modification
          LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAt1
          Scripting
          Logon Script (Windows)1
          Hidden Files and Directories
          Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive11
          Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Obfuscated Files or Information
          NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          No configs have been found
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431160 Sample: SecuriteInfo.com.Other.Malw... Startdate: 24/04/2024 Architecture: LINUX Score: 100 87 60da859e8a.xyz 2->87 89 60da859e8a.duckdns.org 2->89 91 18 other IPs or domains 2->91 95 Antivirus / Scanner detection for submitted sample 2->95 97 Multi AV Scanner detection for submitted file 2->97 99 Yara detected Mirai 2->99 107 2 other signatures 2->107 10 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf 2->10         started        12 udisksd dumpe2fs 2->12         started        14 udisksd dumpe2fs 2->14         started        16 6 other processes 2->16 signatures3 101 Performs DNS queries to domains with low reputation 87->101 103 Performs DNS TXT record lookups 89->103 105 Uses dynamic DNS services 89->105 process4 process5 18 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf 10->18         started        21 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf 10->21         started        23 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf sh 10->23         started        26 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf cp 10->26         started        file6 79 /var/tmp/.recoverys, ASCII 18->79 dropped 28 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf 18->28         started        32 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf sh 18->32         started        34 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf sh 18->34         started        42 2 other processes 18->42 36 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf sh 21->36         started        38 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf 21->38         started        113 Executes itself again with its parent PID as an argument (indicative of hampering debugging) 23->113 40 sh mount 23->40         started        81 /var/tmp/nginx_kel, ELF 26->81 dropped signatures7 process8 file9 85 /etc/init.d/dnsconfig, POSIX 28->85 dropped 115 Sample tries to set files in /etc globally writable 28->115 117 Drops files in suspicious directories 28->117 44 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf sh 28->44         started        46 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf sh 28->46         started        48 SecuriteInfo.com.Other.Malware-gen.28386.14039.elf sh 28->48         started        62 14 other processes 28->62 50 sh crontab 32->50         started        54 sh systemctl 34->54         started        119 Executes itself again with its parent PID as an argument (indicative of hampering debugging) 36->119 56 sh mount 36->56         started        58 sh systemctl 42->58         started        60 sh systemctl 42->60         started        signatures10 process11 file12 64 sh ln 44->64         started        67 sh ln 46->67         started        69 sh ln 48->69         started        83 /var/spool/cron/crontabs/tmp.az8Yir, ASCII 50->83 dropped 109 Sample tries to persist itself using cron 50->109 111 Executes the "crontab" command typically for achieving persistence 50->111 71 sh ln 62->71         started        73 sh ln 62->73         started        75 sh ln 62->75         started        77 11 other processes 62->77 signatures13 process14 signatures15 93 Sample tries to persist itself using System V runlevels 64->93

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Other.Malware-gen.28386.14039.elf45%ReversingLabsLinux.Trojan.Generic
          SecuriteInfo.com.Other.Malware-gen.28386.14039.elf100%AviraLINUX/AVF.Agent.cxweu
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          NameIPActiveMaliciousAntivirus DetectionReputation
          60da859e8a.ddnsfree.com
          unknown
          unknowntrue
            unknown
            60da859e8a.xyz
            unknown
            unknowntrue
              unknown
              60da859e8a.adminpanel.oss
              unknown
              unknowntrue
                unknown
                60da859e8a.session.geek
                unknown
                unknowntrue
                  unknown
                  60da859e8a.admincs.duckdns.org
                  unknown
                  unknowntrue
                    unknown
                    60da859e8a.duckdns.org
                    unknown
                    unknowntrue
                      unknown
                      60da859e8a.geek
                      unknown
                      unknowntrue
                        unknown
                        60da859e8a.accesscam.org
                        unknown
                        unknowntrue
                          unknown
                          60da859e8a.nl
                          unknown
                          unknowntrue
                            unknown
                            60da859e8a.strangled.net
                            unknown
                            unknowntrue
                              unknown
                              60da859e8a.casacam.net
                              unknown
                              unknowntrue
                                unknown
                                60da859e8a.mooo.com
                                unknown
                                unknownfalse
                                  high
                                  60da859e8a.ignorelist.com
                                  unknown
                                  unknownfalse
                                    high
                                    60da859e8a.websersaiosnginxo.ru
                                    unknown
                                    unknowntrue
                                      unknown
                                      60da859e8a.ru
                                      unknown
                                      unknowntrue
                                        unknown
                                        60da859e8a.oss
                                        unknown
                                        unknowntrue
                                          unknown
                                          60da859e8a.chickenkiller.com
                                          unknown
                                          unknownfalse
                                            high
                                            60da859e8a.dontargetme.nl
                                            unknown
                                            unknowntrue
                                              unknown
                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://qemu.org/contribute/report-a-bugnginx_kel.16.drfalse
                                                high
                                                https://qemu.orgnginx_kel.16.drfalse
                                                  high
                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs
                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  147.78.12.176
                                                  unknownUnited Kingdom
                                                  9009M247GBtrue
                                                  129.6.15.28
                                                  unknownUnited States
                                                  49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  147.78.12.176SecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                    SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                      SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse
                                                        SecuriteInfo.com.Other.Malware-gen.22921.14172.elfGet hashmaliciousMiraiBrowse
                                                          PrHBHHWE5U.elfGet hashmaliciousMiraiBrowse
                                                            129.6.15.28SecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                              SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                                SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse
                                                                  SecuriteInfo.com.Other.Malware-gen.22921.14172.elfGet hashmaliciousMiraiBrowse
                                                                    PrHBHHWE5U.elfGet hashmaliciousMiraiBrowse
                                                                      y99ZI1Kjg8.exeGet hashmaliciousUnknownBrowse
                                                                        QP6s4u5SZ8.exeGet hashmaliciousUnknownBrowse
                                                                          2X3f1ykTmM.exeGet hashmaliciousKronosBrowse
                                                                            kr.exeGet hashmaliciousKronosBrowse
                                                                              WjmYak325l.exeGet hashmaliciousKronosBrowse
                                                                                No context
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSSecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                                                • 129.6.15.28
                                                                                SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                                                • 129.6.15.28
                                                                                SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse
                                                                                • 129.6.15.28
                                                                                SecuriteInfo.com.Other.Malware-gen.22921.14172.elfGet hashmaliciousMiraiBrowse
                                                                                • 129.6.15.28
                                                                                PrHBHHWE5U.elfGet hashmaliciousMiraiBrowse
                                                                                • 129.6.15.28
                                                                                vrcd941p2O.elfGet hashmaliciousMiraiBrowse
                                                                                • 129.6.182.34
                                                                                LsgqN88sQ4.elfGet hashmaliciousMiraiBrowse
                                                                                • 132.163.106.84
                                                                                wNxS15qBuw.elfGet hashmaliciousUnknownBrowse
                                                                                • 129.6.111.194
                                                                                SecuriteInfo.com.Win32.TrojanX-gen.22797.26187.exeGet hashmaliciousUnknownBrowse
                                                                                • 132.163.96.3
                                                                                GHrwbsrdR8.elfGet hashmaliciousMiraiBrowse
                                                                                • 129.6.51.5
                                                                                M247GBSecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                                                • 147.78.12.176
                                                                                SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                                                • 147.78.12.176
                                                                                SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse
                                                                                • 147.78.12.176
                                                                                SecuriteInfo.com.Other.Malware-gen.22921.14172.elfGet hashmaliciousMiraiBrowse
                                                                                • 147.78.12.176
                                                                                PrHBHHWE5U.elfGet hashmaliciousMiraiBrowse
                                                                                • 147.78.12.176
                                                                                http://crunchersflowdigital.comGet hashmaliciousUnknownBrowse
                                                                                • 91.202.233.192
                                                                                957C4XK6Lt.exeGet hashmaliciousPhorpiexBrowse
                                                                                • 91.202.233.141
                                                                                sora.x86.elfGet hashmaliciousMiraiBrowse
                                                                                • 38.206.71.22
                                                                                pJNcZyhUh8.elfGet hashmaliciousMiraiBrowse
                                                                                • 38.202.225.74
                                                                                z1PROOFOFPAYMENT.exeGet hashmaliciousRemcosBrowse
                                                                                • 89.249.73.162
                                                                                No context
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                /etc/init.d/dnsconfigSecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                                                  SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                                                    SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse
                                                                                      SecuriteInfo.com.Other.Malware-gen.22921.14172.elfGet hashmaliciousMiraiBrowse
                                                                                        PrHBHHWE5U.elfGet hashmaliciousMiraiBrowse
                                                                                          Process:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          File Type:POSIX shell script, ASCII text executable
                                                                                          Category:dropped
                                                                                          Size (bytes):1055
                                                                                          Entropy (8bit):4.698341250256645
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:97kNF9r4bIgxIgBfI7IDbIQ/oITskGNyv6qITbp4:9mekgCgBAEYQ9TstyOTb2
                                                                                          MD5:DF56EA52B8CEE93884F3872D25A85DB0
                                                                                          SHA1:2FD0C7407ED67253A807D1D01C6FFD3467EDAF8E
                                                                                          SHA-256:A402D683E16519793B06F663163D750B4E82922CF3B18AF5A655DE41328B9BF5
                                                                                          SHA-512:E390943755721BA7F0210439F0FC8E5E3DAAF98BA1DF923464AA547C5A7C6F941240658C8FA59270D6F73539FD8B0A04D7BDC9C407F13D9301588D5CF9AA68DA
                                                                                          Malicious:true
                                                                                          Joe Sandbox View:
                                                                                          • Filename: SecuriteInfo.com.Other.Malware-gen.3200.4135.elf, Detection: malicious, Browse
                                                                                          • Filename: SecuriteInfo.com.Other.Malware-gen.31307.16494.elf, Detection: malicious, Browse
                                                                                          • Filename: SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elf, Detection: malicious, Browse
                                                                                          • Filename: SecuriteInfo.com.Other.Malware-gen.22921.14172.elf, Detection: malicious, Browse
                                                                                          • Filename: PrHBHHWE5U.elf, Detection: malicious, Browse
                                                                                          Reputation:low
                                                                                          Preview:#!/bin/sh.### BEGIN INIT INFO.# Provides: asd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start asd at boot time.# Description: Enable service provided by daemon..### END INIT INFO..# Change the following to the path of your program.ASD_PATH="/var/tmp/nginx_kel"..section_enabled() {. $ASD_PATH initd &. return 0.}..section_provider() {. $ASD_PATH initd &. return 1.}..start_instance() {. $ASD_PATH initd &.}..start_service() {. $ASD_PATH initd &.}..stop_service() {. $ASD_PATH initd &.}.case "$1" in. start). echo "Starting asd". # Start command for your program. $ASD_PATH initd &. ;;. stop). echo "Stopping asd". # Stop command for your program. pkill -f $ASD_PATH. ;;. restart). echo "Restarting asd". $ASD_PATH initd &. ;;. *). echo "Usage: $0 {start
                                                                                          Process:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):174
                                                                                          Entropy (8bit):4.784414897762801
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:zMZa7siUUnQ22AXAikA18v3muEcEn7iAev8x0gdK+Zn8OkSISkQmWA1+DRn:z8qUU1XAg8vBU7rm+ZfkHLQmWA4Rn
                                                                                          MD5:900F683B08977636B092FCBFA1AD8A42
                                                                                          SHA1:6D521F5C3E862F1106D9AC6A3A654E57E6814333
                                                                                          SHA-256:71D21310D1C7DBB935F3B61311403B0EC0FA32DC73F91720365416A646C2DFB3
                                                                                          SHA-512:50B5426500D8B5DCCB7FD71FE9A448AE1C76770890BA86C37E7DECBF2CA1F0E1CD20C50996260F37114BA2BDB16AE927E4AFAD241A51E3D22112ADA8E25604B0
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:[Unit].Description=dnsconfigs Server Service.[Service].Type=simple.Restart=always.RestartSec=60.User=root.ExecStart=/var/tmp/nginx_kel sv.[Install].WantedBy=multi-user.target
                                                                                          Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):76
                                                                                          Entropy (8bit):3.7627880354948586
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                                                          MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                                                          SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                                                          SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                                                          SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                                                          Malicious:false
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.
                                                                                          Process:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):10
                                                                                          Entropy (8bit):1.3709505944546687
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:FQQl:jl
                                                                                          MD5:7CEA8C667428CF66ABE2071BFA6F5DB3
                                                                                          SHA1:C5FEBE848A0202BFE2C51F6867FDDF9744472F02
                                                                                          SHA-256:F0162D4D128A9C17977F1A7C3C1BD1842246A89B18DA6DC84A182AC4920B4AD1
                                                                                          SHA-512:1069B2CC8109E9F120EC3769F5F106D527396EE5402B3B97C56DD5FC2E6B5D73A1F28BEB1A64602E40254DAF009B2B5D347C87BF26A79DC66FDF8425D85B3903
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:5558.5558.
                                                                                          Process:/usr/bin/crontab
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):230
                                                                                          Entropy (8bit):5.157049272897487
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:SUrpqoqQjEOP1K+1yOBFQ5yBlOZHGMQ5UYLtCFt3PYIa9fkQvn:8QjP86lKeHLUQbNvn
                                                                                          MD5:8FEE494C624C0E781172148220BE86AE
                                                                                          SHA1:710BF739BB4862E6B27471FA4DE328B966006F2A
                                                                                          SHA-256:00A2289C07ECE9E38600559513A3616B63B834655F972E256BB099DEDC540D9B
                                                                                          SHA-512:79B3771FBEC019B18DE0F763C55450AA8609C2C19E8E1F01D9842A620B82C91F0980C65148E7398291FBCDEFFDC89EEE175D2AD612209A0AEEB9936CCCBBF821
                                                                                          Malicious:true
                                                                                          Reputation:low
                                                                                          Preview:# DO NOT EDIT THIS FILE - edit the master and reinstall..# (/var/tmp/.recoverys installed on Wed Apr 24 16:36:24 2024).# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $).0 * * * * /var/tmp/nginx_kel crontab.
                                                                                          Process:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):37
                                                                                          Entropy (8bit):4.15487093296263
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:VP3wIa98OkQvn:yIa9fkQvn
                                                                                          MD5:ABE9A0E06459D029E0F5183965DBBF3B
                                                                                          SHA1:7E79E16EA12FED960BCEE8EB5A9C6384FA61A2D1
                                                                                          SHA-256:B2CFE7490D6DD2F81EDE3ED9DB30C78637F4A1E98ED746EAA00998E95D3DE384
                                                                                          SHA-512:955AECE23C24E5B1CE32A90FA014A8A6FAC39B68707A13F56CD1BFB07C79DFC59806942732990AAF925DB5724F381827E2C35EBA21FE95CE9A760760527048CD
                                                                                          Malicious:true
                                                                                          Reputation:low
                                                                                          Preview:0 * * * * /var/tmp/nginx_kel crontab.
                                                                                          Process:/bin/cp
                                                                                          File Type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=42b36d36be2c14fcbfa348284aeff7cb1762c8df, for GNU/Linux 3.2.0, stripped
                                                                                          Category:dropped
                                                                                          Size (bytes):5773336
                                                                                          Entropy (8bit):5.197361162708401
                                                                                          Encrypted:false
                                                                                          SSDEEP:49152:NdVvu1VfHoSwkyM62gtvgqI8uAMaPb+TW7Gds/UG6JTn7:NdVvu1Vy8kvgqfuAZKTW7Gtftn7
                                                                                          MD5:0D6F61F82CF2F781C6EB0661071D42D9
                                                                                          SHA1:FCFCF3872A2A494AAF2456CBDD55E83C28C08FD0
                                                                                          SHA-256:653C9EE3D70B777D26D8DEA38DA0043F742DC958AFAB1A1B5E368862755D1EEA
                                                                                          SHA-512:A2EA7D17C7D16888D0240B5B15A5F85E5C070CD7FDF7D47D2BF8514B9A6737E7B52EFD67386157E73AD7B4E5F2456F2C68678E699B59B79F9D8D629C4C39112F
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:.ELF..............>.....P.......@.........X.........@.8...@.............@.......@.......@........................................................................................................................v.......v................................................"......."......................./......./......./.......................................L.......L.......L.....0w.......\......................X^U.....XnU.....XnU.....p.......p...............................................D.......D.........................L.......L.......L.............................P.td.... tF..... tF..... tF.....t.......t...............Q.td....................................................R.td......L.......L.......L............................./lib64/ld-linux-x86-64.so.2.............GNU.B.m6.,....H(J....b..............GNU......................................C@.D ..FU.....@.b.......` .......`.B.`.P....".P........% .....%...E0$....j@a.......1 .....`a.....@6.....$..a.c.....D.......................DQ......
                                                                                          File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
                                                                                          Entropy (8bit):7.762417265348398
                                                                                          TrID:
                                                                                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                                          File name:SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          File size:296'208 bytes
                                                                                          MD5:9a4b31bbe2531de5ee31762e22460094
                                                                                          SHA1:6eb94df6023a850fb70c0719428740407015712f
                                                                                          SHA256:c9e62e041871b6a8be78ea685ec57d50e6b7006955cd2268c5413828958aa2fe
                                                                                          SHA512:65520bbb27c904b72df3b297aa65c18f4dbff873783d4b76d337127b7d5f6a71aeb39a0b24cba37f5967696cd8a2412092ffe87f98f9ed6b6905432c6786ae4d
                                                                                          SSDEEP:6144:0CoLeDTk3CYqDzEme/kfiRyM5Xe4DyOGBa8BRJJRIKcz35ILIt:0CzHk3LqX5wkfiRvXeoYjGma
                                                                                          TLSH:015423BE6E4823E6C1372425B7968D6AE57D24EC57A0670C93839A013DF0BDDD410F5B
                                                                                          File Content Preview:.ELF....................HyR.4...........4. ...(...............@...@.....`.....................N...N.t...t.............T:.>*.4........Q...Q......b........?d................[......................y...-...<...#.........t..m.........1.....0............$......

                                                                                          ELF header

                                                                                          Class:ELF32
                                                                                          Data:2's complement, little endian
                                                                                          Version:1 (current)
                                                                                          Machine:MIPS R3000
                                                                                          Version Number:0x1
                                                                                          Type:EXEC (Executable file)
                                                                                          OS/ABI:UNIX - System V
                                                                                          ABI Version:0
                                                                                          Entry Point Address:0x527948
                                                                                          Flags:0x1007
                                                                                          ELF Header Size:52
                                                                                          Program Header Offset:52
                                                                                          Program Header Size:32
                                                                                          Number of Program Headers:2
                                                                                          Section Header Offset:0
                                                                                          Section Header Size:40
                                                                                          Number of Section Headers:0
                                                                                          Header String Table Index:0
                                                                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                          LOAD0x00x4000000x4000000x10000xdf9607.63770x6RW 0x10000
                                                                                          LOAD0x00x4e00000x4e00000x483740x483747.76240x5R E0x10000
                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Apr 24, 2024 16:36:25.942538977 CEST3668024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:26.973448992 CEST3668024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:28.991209984 CEST3668024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:33.245381117 CEST3668024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:34.168925047 CEST3668224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:35.197388887 CEST3668224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:37.213397980 CEST3668224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:41.437203884 CEST3668224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:42.420093060 CEST3668424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:43.421010971 CEST3668424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:45.437026024 CEST3668424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:49.628863096 CEST3668424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:50.990705013 CEST3668624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:51.996869087 CEST3668624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:54.012751102 CEST3668624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:58.076611996 CEST3668624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:36:59.424499035 CEST3668824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:00.444595098 CEST3668824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:00.983412027 CEST3669024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:02.012516975 CEST3669024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:04.028475046 CEST3669024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:08.060306072 CEST3669024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:09.408838987 CEST3669224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:10.428302050 CEST3669224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:12.444257975 CEST3669224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:16.508150101 CEST3669224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:17.747463942 CEST3669424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:18.349519968 CEST3669624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:19.356065035 CEST3669624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:21.371972084 CEST3669624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:25.467822075 CEST3669624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:26.665893078 CEST3669824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:27.675736904 CEST3669824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:29.691723108 CEST3669824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:33.915565968 CEST3669824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:34.837667942 CEST3670024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:35.867496014 CEST3670024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:37.883559942 CEST3670024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:42.107460976 CEST3670024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:43.029468060 CEST3670224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:44.059298992 CEST3670224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:46.075268030 CEST3670224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:50.299072981 CEST3670224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:51.238445044 CEST3670424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:52.251123905 CEST3670424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:54.267035961 CEST3670424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:58.490834951 CEST3670424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:37:59.414000988 CEST3670624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:00.442774057 CEST3670624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:02.458755016 CEST3670624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:06.682773113 CEST3670624150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:07.624892950 CEST3670824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:08.634574890 CEST3670824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:10.650537968 CEST3670824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:14.874366045 CEST3670824150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:15.979037046 CEST3671024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:16.986336946 CEST3671024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:19.002280951 CEST3671024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:23.066171885 CEST3671024150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:24.245596886 CEST3671224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:25.274158001 CEST3671224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:27.290134907 CEST3671224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:31.513940096 CEST3671224150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:32.104552984 CEST3671424150192.168.2.15147.78.12.176
                                                                                          Apr 24, 2024 16:38:33.113828897 CEST3671424150192.168.2.15147.78.12.176
                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Apr 24, 2024 16:36:25.359826088 CEST44289123192.168.2.15129.6.15.28
                                                                                          Apr 24, 2024 16:36:25.577522993 CEST12344289129.6.15.28192.168.2.15
                                                                                          Apr 24, 2024 16:36:25.598104954 CEST3842053192.168.2.15114.114.114.114
                                                                                          Apr 24, 2024 16:36:25.939946890 CEST5338420114.114.114.114192.168.2.15
                                                                                          Apr 24, 2024 16:36:34.013688087 CEST3291553192.168.2.151.0.0.1
                                                                                          Apr 24, 2024 16:36:34.168445110 CEST53329151.0.0.1192.168.2.15
                                                                                          Apr 24, 2024 16:36:42.205322027 CEST4388253192.168.2.15192.3.165.37
                                                                                          Apr 24, 2024 16:36:42.419750929 CEST5343882192.3.165.37192.168.2.15
                                                                                          Apr 24, 2024 16:36:50.653002977 CEST5878353192.168.2.15114.114.114.114
                                                                                          Apr 24, 2024 16:36:50.990117073 CEST5358783114.114.114.114192.168.2.15
                                                                                          Apr 24, 2024 16:36:59.100822926 CEST3374053192.168.2.15168.138.12.137
                                                                                          Apr 24, 2024 16:36:59.423985958 CEST5333740168.138.12.137192.168.2.15
                                                                                          Apr 24, 2024 16:37:00.804940939 CEST3992453192.168.2.158.8.8.8
                                                                                          Apr 24, 2024 16:37:00.982959032 CEST53399248.8.8.8192.168.2.15
                                                                                          Apr 24, 2024 16:37:09.084533930 CEST4930753192.168.2.15168.138.12.137
                                                                                          Apr 24, 2024 16:37:09.407949924 CEST5349307168.138.12.137192.168.2.15
                                                                                          Apr 24, 2024 16:37:17.532141924 CEST4190353192.168.2.15192.3.165.37
                                                                                          Apr 24, 2024 16:37:17.747148037 CEST5341903192.3.165.37192.168.2.15
                                                                                          Apr 24, 2024 16:37:18.195552111 CEST4518653192.168.2.151.1.1.1
                                                                                          Apr 24, 2024 16:37:18.349303961 CEST53451861.1.1.1192.168.2.15
                                                                                          Apr 24, 2024 16:37:26.491885900 CEST5404053192.168.2.158.8.8.8
                                                                                          Apr 24, 2024 16:37:26.665586948 CEST53540408.8.8.8192.168.2.15
                                                                                          Apr 24, 2024 16:37:34.683684111 CEST5247953192.168.2.151.0.0.1
                                                                                          Apr 24, 2024 16:37:34.837405920 CEST53524791.0.0.1192.168.2.15
                                                                                          Apr 24, 2024 16:37:42.875402927 CEST5090453192.168.2.151.1.1.1
                                                                                          Apr 24, 2024 16:37:43.029162884 CEST53509041.1.1.1192.168.2.15
                                                                                          Apr 24, 2024 16:37:51.067269087 CEST4039253192.168.2.158.8.8.8
                                                                                          Apr 24, 2024 16:37:51.238044977 CEST53403928.8.8.8192.168.2.15
                                                                                          Apr 24, 2024 16:37:59.259033918 CEST5166653192.168.2.151.0.0.1
                                                                                          Apr 24, 2024 16:37:59.413649082 CEST53516661.0.0.1192.168.2.15
                                                                                          Apr 24, 2024 16:38:07.450936079 CEST5288053192.168.2.158.8.4.4
                                                                                          Apr 24, 2024 16:38:07.624408007 CEST53528808.8.4.4192.168.2.15
                                                                                          Apr 24, 2024 16:38:15.642554998 CEST5185053192.168.2.15114.114.114.114
                                                                                          Apr 24, 2024 16:38:15.978526115 CEST5351850114.114.114.114192.168.2.15
                                                                                          Apr 24, 2024 16:38:24.090260029 CEST3998053192.168.2.151.0.0.1
                                                                                          Apr 24, 2024 16:38:24.245086908 CEST53399801.0.0.1192.168.2.15
                                                                                          Apr 24, 2024 16:38:31.926712990 CEST4564753192.168.2.158.8.4.4
                                                                                          Apr 24, 2024 16:38:32.104237080 CEST53456478.8.4.4192.168.2.15
                                                                                          TimestampSource IPDest IPChecksumCodeType
                                                                                          Apr 24, 2024 16:37:00.804440022 CEST185.229.188.209192.168.2.155fe3(Host unreachable)Destination Unreachable
                                                                                          Apr 24, 2024 16:37:18.195290089 CEST185.229.188.215192.168.2.155fe3(Host unreachable)Destination Unreachable
                                                                                          Apr 24, 2024 16:38:31.926351070 CEST185.229.188.215192.168.2.155fe3(Host unreachable)Destination Unreachable
                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Apr 24, 2024 16:36:25.598104954 CEST192.168.2.15114.114.114.1140x0Standard query (0)60da859e8a.dontargetme.nl16IN (0x0001)false
                                                                                          Apr 24, 2024 16:36:34.013688087 CEST192.168.2.151.0.0.10x0Standard query (0)60da859e8a.websersaiosnginxo.ru16IN (0x0001)false
                                                                                          Apr 24, 2024 16:36:42.205322027 CEST192.168.2.15192.3.165.370x0Standard query (0)60da859e8a.adminpanel.oss16IN (0x0001)false
                                                                                          Apr 24, 2024 16:36:50.653002977 CEST192.168.2.15114.114.114.1140x0Standard query (0)60da859e8a.admincs.duckdns.org16IN (0x0001)false
                                                                                          Apr 24, 2024 16:36:59.100822926 CEST192.168.2.15168.138.12.1370x0Standard query (0)60da859e8a.session.geek16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:00.804940939 CEST192.168.2.158.8.8.80x0Standard query (0)60da859e8a.duckdns.org16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:09.084533930 CEST192.168.2.15168.138.12.1370x0Standard query (0)60da859e8a.geek16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:17.532141924 CEST192.168.2.15192.3.165.370x0Standard query (0)60da859e8a.oss16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:18.195552111 CEST192.168.2.151.1.1.10x0Standard query (0)60da859e8a.chickenkiller.com16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:26.491885900 CEST192.168.2.158.8.8.80x0Standard query (0)60da859e8a.accesscam.org16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:34.683684111 CEST192.168.2.151.0.0.10x0Standard query (0)60da859e8a.casacam.net16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:42.875402927 CEST192.168.2.151.1.1.10x0Standard query (0)60da859e8a.ddnsfree.com16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:51.067269087 CEST192.168.2.158.8.8.80x0Standard query (0)60da859e8a.mooo.com16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:59.259033918 CEST192.168.2.151.0.0.10x0Standard query (0)60da859e8a.strangled.net16IN (0x0001)false
                                                                                          Apr 24, 2024 16:38:07.450936079 CEST192.168.2.158.8.4.40x0Standard query (0)60da859e8a.ignorelist.com16IN (0x0001)false
                                                                                          Apr 24, 2024 16:38:15.642554998 CEST192.168.2.15114.114.114.1140x0Standard query (0)60da859e8a.ru16IN (0x0001)false
                                                                                          Apr 24, 2024 16:38:24.090260029 CEST192.168.2.151.0.0.10x0Standard query (0)60da859e8a.nl16IN (0x0001)false
                                                                                          Apr 24, 2024 16:38:31.926712990 CEST192.168.2.158.8.4.40x0Standard query (0)60da859e8a.xyz16IN (0x0001)false
                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Apr 24, 2024 16:36:25.939946890 CEST114.114.114.114192.168.2.150x0No error (0)60da859e8a.dontargetme.nlTXT (Text strings)IN (0x0001)false
                                                                                          Apr 24, 2024 16:36:34.168445110 CEST1.0.0.1192.168.2.150x0Name error (3)60da859e8a.websersaiosnginxo.runonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:36:42.419750929 CEST192.3.165.37192.168.2.150x0Name error (3)60da859e8a.adminpanel.ossnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:36:50.990117073 CEST114.114.114.114192.168.2.150x0No error (0)60da859e8a.admincs.duckdns.orgTXT (Text strings)IN (0x0001)false
                                                                                          Apr 24, 2024 16:36:59.423985958 CEST168.138.12.137192.168.2.150x0No error (0)60da859e8a.session.geekTXT (Text strings)IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:00.982959032 CEST8.8.8.8192.168.2.150x0Name error (3)60da859e8a.duckdns.orgnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:09.407949924 CEST168.138.12.137192.168.2.150x0Name error (3)60da859e8a.geeknonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:17.747148037 CEST192.3.165.37192.168.2.150x0Name error (3)60da859e8a.ossnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:18.349303961 CEST1.1.1.1192.168.2.150x0Name error (3)60da859e8a.chickenkiller.comnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:26.665586948 CEST8.8.8.8192.168.2.150x0Name error (3)60da859e8a.accesscam.orgnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:34.837405920 CEST1.0.0.1192.168.2.150x0Name error (3)60da859e8a.casacam.netnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:43.029162884 CEST1.1.1.1192.168.2.150x0Name error (3)60da859e8a.ddnsfree.comnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:51.238044977 CEST8.8.8.8192.168.2.150x0Name error (3)60da859e8a.mooo.comnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:37:59.413649082 CEST1.0.0.1192.168.2.150x0Name error (3)60da859e8a.strangled.netnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:38:07.624408007 CEST8.8.4.4192.168.2.150x0Name error (3)60da859e8a.ignorelist.comnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:38:15.978526115 CEST114.114.114.114192.168.2.150x0Name error (3)60da859e8a.runonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:38:24.245086908 CEST1.0.0.1192.168.2.150x0Name error (3)60da859e8a.nlnonenone16IN (0x0001)false
                                                                                          Apr 24, 2024 16:38:32.104237080 CEST8.8.4.4192.168.2.150x0Name error (3)60da859e8a.xyznonenone16IN (0x0001)false

                                                                                          System Behavior

                                                                                          Start time (UTC):14:36:23
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:23
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:23
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/cp
                                                                                          Arguments:cp -f /usr/bin/qemu-mipsel /var/tmp/nginx_kel
                                                                                          File size:153976 bytes
                                                                                          MD5 hash:40f10ae7ea3e44218d1a8c306f79c83f

                                                                                          Start time (UTC):14:36:23
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:23
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "mount -o bind /tmp/nginx_server /proc/5527/ > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:23
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:23
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/mount
                                                                                          Arguments:mount -o bind /tmp/nginx_server /proc/5527/
                                                                                          File size:55528 bytes
                                                                                          MD5 hash:92b20aa8b155ecd3ba9414aa477ef565

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/init.d/dnsconfig /etc/rcS.d/S99dnsconfig > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/init.d/dnsconfig /etc/rcS.d/S99dnsconfig
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc.d/S99dnsconfig > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/init.d/dnsconfig /etc/rc.d/S99dnsconfig
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc0.d/S99dnsconfig > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/init.d/dnsconfig /etc/rc0.d/S99dnsconfig
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc1.d/S99dnsconfig > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/init.d/dnsconfig /etc/rc1.d/S99dnsconfig
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc2.d/S99dnsconfig > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/init.d/dnsconfig /etc/rc2.d/S99dnsconfig
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc3.d/S99dnsconfig > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/init.d/dnsconfig /etc/rc3.d/S99dnsconfig
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc4.d/S99dnsconfig > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/init.d/dnsconfig /etc/rc4.d/S99dnsconfig
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc5.d/S99dnsconfig > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/init.d/dnsconfig /etc/rc5.d/S99dnsconfig
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/init.d/dnsconfig /etc/rc6.d/S99dnsconfig > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/init.d/dnsconfig /etc/rc6.d/S99dnsconfig
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:26
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc.d/S99dnsconfigs > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc.d/S99dnsconfigs
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc0.d/S99dnsconfigs > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc0.d/S99dnsconfigs
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc1.d/S99dnsconfigs > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc1.d/S99dnsconfigs
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc2.d/S99dnsconfigs > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc2.d/S99dnsconfigs
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc3.d/S99dnsconfigs > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc3.d/S99dnsconfigs
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc4.d/S99dnsconfigs > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc4.d/S99dnsconfigs
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc5.d/S99dnsconfigs > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc5.d/S99dnsconfigs
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc6.d/S99dnsconfigs > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/ln
                                                                                          Arguments:ln -sf /etc/rc.d/init.d/dnsconfigs /etc/rc6.d/S99dnsconfigs
                                                                                          File size:76160 bytes
                                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "crontab /var/tmp/.recoverys"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/crontab
                                                                                          Arguments:crontab /var/tmp/.recoverys
                                                                                          File size:43720 bytes
                                                                                          MD5 hash:66e521d421ac9b407699061bf21806f5

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "systemctl daemon-reload > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl daemon-reload
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "systemctl enable dnsconfigs.service > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl enable dnsconfigs.service
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "systemctl start dnsconfigs.service > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl start dnsconfigs.service
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:sh -c "mount -o bind /tmp/nginx_server /proc/5558/ > /dev/null 2>&1"
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/bin/mount
                                                                                          Arguments:mount -o bind /tmp/nginx_server /proc/5558/
                                                                                          File size:55528 bytes
                                                                                          MD5 hash:92b20aa8b155ecd3ba9414aa477ef565

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/tmp/SecuriteInfo.com.Other.Malware-gen.28386.14039.elf
                                                                                          Arguments:-
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/udisks2/udisksd
                                                                                          Arguments:-
                                                                                          File size:483056 bytes
                                                                                          MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/sbin/dumpe2fs
                                                                                          Arguments:dumpe2fs -h /dev/dm-0
                                                                                          File size:31112 bytes
                                                                                          MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/udisks2/udisksd
                                                                                          Arguments:-
                                                                                          File size:483056 bytes
                                                                                          MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/sbin/dumpe2fs
                                                                                          Arguments:dumpe2fs -h /dev/dm-0
                                                                                          File size:31112 bytes
                                                                                          MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/udisks2/udisksd
                                                                                          Arguments:-
                                                                                          File size:483056 bytes
                                                                                          MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                                          Start time (UTC):14:36:24
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/sbin/dumpe2fs
                                                                                          Arguments:dumpe2fs -h /dev/dm-0
                                                                                          File size:31112 bytes
                                                                                          MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/systemd/systemd
                                                                                          Arguments:-
                                                                                          File size:1620224 bytes
                                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                          Start time (UTC):14:36:25
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          File size:22760 bytes
                                                                                          MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/systemd/systemd
                                                                                          Arguments:-
                                                                                          File size:1620224 bytes
                                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          File size:22760 bytes
                                                                                          MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                                          Start time (UTC):14:36:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/systemd/systemd
                                                                                          Arguments:-
                                                                                          File size:1620224 bytes
                                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                          Start time (UTC):14:37:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/systemd/systemd
                                                                                          Arguments:-
                                                                                          File size:1620224 bytes
                                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                          Start time (UTC):14:37:27
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/var/tmp/nginx_kel
                                                                                          Arguments:/var/tmp/nginx_kel sv
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                                                          Start time (UTC):14:38:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/usr/lib/systemd/systemd
                                                                                          Arguments:-
                                                                                          File size:1620224 bytes
                                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                          Start time (UTC):14:38:28
                                                                                          Start date (UTC):24/04/2024
                                                                                          Path:/var/tmp/nginx_kel
                                                                                          Arguments:/var/tmp/nginx_kel sv
                                                                                          File size:5773336 bytes
                                                                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9