Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
firmware.m68k.elf

Overview

General Information

Sample name:firmware.m68k.elf
Analysis ID:1502461
MD5:3d40f4a1e6a361269997f6cedf217791
SHA1:c68dee5339c36571876b95b3ef2ded6b04b77dd8
SHA256:00def5e99df9674565416203563aea27cb4b5b00231d22df178d92347093660c
Tags:elffirmware
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502461
Start date and time:2024-09-01 17:37:53 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 56s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:firmware.m68k.elf
Detection:MAL
Classification:mal64.linELF@0/1@0/0

Warnings

  • Excluded IPs from analysis (whitelisted): 8.8.8.8
  • VT rate limit hit for: firmware.m68k.elf

Runtime Messages

Command:/tmp/firmware.m68k.elf
PID:6262
Exit Code:
Exit Code Info:
Killed:True
Standard Output:
Firmware Upgraded
Standard Error:

Process Tree

  • system is lnxubuntu20
  • firmware.m68k.elf (PID: 6262, Parent: 6185, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/firmware.m68k.elf
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
firmware.m68k.elfMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
  • 0x19e85:$s1: LCOGQGPTGP
  • 0x199ba:$s3: CFOKLKQVPCVMP
  • 0x19b88:$s4: QWRGPTKQMP
  • 0x19b12:$s5: HWCLVGAJ

Memory Dumps

SourceRuleDescriptionAuthorStrings
6262.1.00007fce0c001000.00007fce0c01d000.r-x.sdmpMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
  • 0x19e85:$s1: LCOGQGPTGP
  • 0x199ba:$s3: CFOKLKQVPCVMP
  • 0x19b88:$s4: QWRGPTKQMP
  • 0x19b12:$s5: HWCLVGAJ

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: firmware.m68k.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: firmware.m68k.elfReversingLabs: Detection: 50%
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: unknownTCP traffic detected without corresponding DNS query: 46.50.1.120
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: firmware.m68k.elf, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6262.1.00007fce0c001000.00007fce0c01d000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: ELF static info symbol of initial sample.symtab present: no
Source: firmware.m68k.elf, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6262.1.00007fce0c001000.00007fce0c01d000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: classification engineClassification label: mal64.linELF@0/1@0/0
Source: /tmp/firmware.m68k.elf (PID: 6262)Queries kernel information via 'uname': Jump to behavior
Source: firmware.m68k.elf, 6262.1.00007ffcc3bd4000.00007ffcc3bf5000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
Source: firmware.m68k.elf, 6262.1.00007ffcc3bd4000.00007ffcc3bf5000.rw-.sdmpBinary or memory string: gx86_64/usr/bin/qemu-m68k/tmp/firmware.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/firmware.m68k.elf
Source: firmware.m68k.elf, 6262.1.00005604b444d000.00005604b44d2000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
Source: firmware.m68k.elf, 6262.1.00005604b444d000.00005604b44d2000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/m68k

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
firmware.m68k.elf50%ReversingLabsLinux.Trojan.Mirai
firmware.m68k.elf100%AviraLINUX/Mirai.bonb

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
46.50.1.120
unknownPortugal
42863MEO-MOVELPTfalse
109.202.202.202
unknownSwitzerland
13030INIT7CHfalse
91.189.91.43
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
91.189.91.42
unknownUnited Kingdom
41231CANONICAL-ASGBfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
  • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43firmware.arc.elfGet hashmaliciousUnknownBrowse
    SecuriteInfo.com.Linux.Siggen.9999.27011.25101.elfGet hashmaliciousMiraiBrowse
      bot.mpsl.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
        bot.mips.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
          bot.m68k.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
            SecuriteInfo.com.Linux.Siggen.9999.22319.26890.elfGet hashmaliciousMiraiBrowse
              arm5.elfGet hashmaliciousUnknownBrowse
                SecuriteInfo.com.ELF.Mirai-CTV.23934.12709.elfGet hashmaliciousUnknownBrowse
                  aisuru.arm7.elfGet hashmaliciousUnknownBrowse
                    botnt.arm7.elfGet hashmaliciousUnknownBrowse
                      91.189.91.42firmware.arc.elfGet hashmaliciousUnknownBrowse
                        SecuriteInfo.com.Linux.Siggen.9999.20705.30523.elfGet hashmaliciousMiraiBrowse
                          SecuriteInfo.com.Linux.Siggen.9999.27011.25101.elfGet hashmaliciousMiraiBrowse
                            bot.mpsl.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                              bot.mips.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                bot.m68k.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                  SecuriteInfo.com.Linux.Siggen.9999.22319.26890.elfGet hashmaliciousMiraiBrowse
                                    arm5.elfGet hashmaliciousUnknownBrowse
                                      SecuriteInfo.com.ELF.Mirai-CTV.23934.12709.elfGet hashmaliciousUnknownBrowse
                                        aisuru.arm7.elfGet hashmaliciousUnknownBrowse

                                          Domains

                                          No context

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          CANONICAL-ASGBfirmware.powerpc.elfGet hashmaliciousUnknownBrowse
                                          • 185.125.190.26
                                          firmware.arc.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          SecuriteInfo.com.Linux.Siggen.9999.20705.30523.elfGet hashmaliciousMiraiBrowse
                                          • 91.189.91.42
                                          SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elfGet hashmaliciousMiraiBrowse
                                          • 185.125.190.26
                                          SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elfGet hashmaliciousMiraiBrowse
                                          • 185.125.190.26
                                          SecuriteInfo.com.Linux.Siggen.9999.27011.25101.elfGet hashmaliciousMiraiBrowse
                                          • 91.189.91.42
                                          bot.mpsl.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                          • 91.189.91.42
                                          bot.sh4.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                          • 185.125.190.26
                                          bot.mips.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                          • 91.189.91.42
                                          bot.m68k.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                          • 91.189.91.42
                                          MEO-MOVELPTenjTj0J3qX.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 31.22.172.53
                                          RDEHNTKF1V.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 89.214.177.25
                                          arm4.elfGet hashmaliciousMiraiBrowse
                                          • 89.214.128.87
                                          Rn1AkuRExh.elfGet hashmaliciousMiraiBrowse
                                          • 188.140.21.247
                                          Ep3pKtF7kg.elfGet hashmaliciousMiraiBrowse
                                          • 89.214.165.224
                                          MYb7GhRJl7.elfGet hashmaliciousMiraiBrowse
                                          • 46.50.30.224
                                          VRRoiuUVMq.elfGet hashmaliciousUnknownBrowse
                                          • 188.140.68.230
                                          x44pCciC79.elfGet hashmaliciousMiraiBrowse
                                          • 89.214.224.5
                                          IjITuswg7J.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 188.140.21.242
                                          6A9jBmgfEz.elfGet hashmaliciousMiraiBrowse
                                          • 88.214.157.240
                                          INIT7CHfirmware.arc.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          SecuriteInfo.com.Linux.Siggen.9999.20705.30523.elfGet hashmaliciousMiraiBrowse
                                          • 109.202.202.202
                                          SecuriteInfo.com.Linux.Siggen.9999.27011.25101.elfGet hashmaliciousMiraiBrowse
                                          • 109.202.202.202
                                          bot.mpsl.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                          • 109.202.202.202
                                          bot.mips.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                          • 109.202.202.202
                                          bot.m68k.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                          • 109.202.202.202
                                          SecuriteInfo.com.Linux.Siggen.9999.22319.26890.elfGet hashmaliciousMiraiBrowse
                                          • 109.202.202.202
                                          arm5.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          SecuriteInfo.com.ELF.Mirai-CTV.23934.12709.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          aisuru.arm7.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          /etc/d

                                          Download File
                                          Process:/tmp/firmware.m68k.elf
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):10
                                          Entropy (8bit):2.9219280948873623
                                          Encrypted:false
                                          SSDEEP:3:gjOjn:gj+n
                                          MD5:71A6F6DD73EA38C435B5B6C9F28C44E9
                                          SHA1:9BE254EEA88814F23221F89D4230D0FED68A950A
                                          SHA-256:61C9D50F37AD80ED026650CEB8E88F42ACDC34826D07771F233F62897A7F9DA2
                                          SHA-512:D72D5DA72814F1A75E97E7C35C30231C41E61ECCDAFFAD0A630454488F480C80D64F277D0B3BA3768DED9A74242106FE49BA22BFCDE18753787233540C62C26D
                                          Malicious:false
                                          Reputation:low
                                          Preview:947516406.

                                          Static File Info

                                          General

                                          File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
                                          Entropy (8bit):6.35736902913948
                                          TrID:
                                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                          File name:firmware.m68k.elf
                                          File size:115'740 bytes
                                          MD5:3d40f4a1e6a361269997f6cedf217791
                                          SHA1:c68dee5339c36571876b95b3ef2ded6b04b77dd8
                                          SHA256:00def5e99df9674565416203563aea27cb4b5b00231d22df178d92347093660c
                                          SHA512:48d972bafb7f5e621297e9b2a7fc9448ecf0950591101bd85f4cf3e7c2f459c55e4a3697a81b5cb60acf958b4e59653ae8b540c5af46fa267f1a4d5eb6f3032c
                                          SSDEEP:3072:4/sv5n//X5HCt1wKtGywOqPVjx83uP2ZDwry4m2KCqHu0h9/Zaxk+:LhCt1wKtGywOqPsFWy4jVqH9hyxk+
                                          TLSH:AEB339D7F800DEBDF80BD6BA44234A1AB131A3515F530B27B367BC67AD320E54926E46
                                          File Content Preview:.ELF.......................D...4.........4. ...(.................................. .......................(....... .dt.Q............................NV..a....da.....N^NuNV..J9...Lf>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........LN^NuNV..N^NuN

                                          Static ELF Info

                                          ELF header

                                          Class:ELF32
                                          Data:2's complement, big endian
                                          Version:1 (current)
                                          Machine:MC68000
                                          Version Number:0x1
                                          Type:EXEC (Executable file)
                                          OS/ABI:UNIX - System V
                                          ABI Version:0
                                          Entry Point Address:0x80000144
                                          Flags:0x0
                                          ELF Header Size:52
                                          Program Header Offset:52
                                          Program Header Size:32
                                          Number of Program Headers:3
                                          Section Header Offset:115340
                                          Section Header Size:40
                                          Number of Section Headers:10
                                          Header String Table Index:9

                                          Sections

                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                          NULL0x00x00x00x00x0000
                                          .initPROGBITS0x800000940x940x140x00x6AX002
                                          .textPROGBITS0x800000a80xa80x196ae0x00x6AX004
                                          .finiPROGBITS0x800197560x197560xe0x00x6AX002
                                          .rodataPROGBITS0x800197640x197640x27440x00x2A002
                                          .ctorsPROGBITS0x8001deac0x1beac0x80x00x3WA004
                                          .dtorsPROGBITS0x8001deb40x1beb40x80x00x3WA004
                                          .dataPROGBITS0x8001dec00x1bec00x38c0x00x3WA004
                                          .bssNOBITS0x8001e24c0x1c24c0x253c0x00x3WA004
                                          .shstrtabSTRTAB0x00x1c24c0x3e0x00x0001

                                          Program Segments

                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                          LOAD0x00x800000000x800000000x1bea80x1bea86.37840x5R E0x2000.init .text .fini .rodata
                                          LOAD0x1beac0x8001deac0x8001deac0x3a00x28dc3.11590x6RW 0x2000.ctors .dtors .data .bss
                                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 1, 2024 17:38:45.782290936 CEST235424446.50.1.120192.168.2.23
                                          Sep 1, 2024 17:38:45.782402039 CEST5424423192.168.2.2346.50.1.120
                                          Sep 1, 2024 17:38:49.555046082 CEST43928443192.168.2.2391.189.91.42
                                          Sep 1, 2024 17:38:54.674336910 CEST4251680192.168.2.23109.202.202.202
                                          Sep 1, 2024 17:38:54.930161953 CEST42836443192.168.2.2391.189.91.43
                                          Sep 1, 2024 17:39:10.288081884 CEST43928443192.168.2.2391.189.91.42
                                          Sep 1, 2024 17:39:20.526725054 CEST42836443192.168.2.2391.189.91.43
                                          Sep 1, 2024 17:39:24.622055054 CEST4251680192.168.2.23109.202.202.202
                                          Sep 1, 2024 17:39:51.242328882 CEST43928443192.168.2.2391.189.91.42
                                          Sep 1, 2024 17:40:11.719455957 CEST42836443192.168.2.2391.189.91.43

                                          System Behavior

                                          General

                                          Start time (UTC):15:38:45
                                          Start date (UTC):01/09/2024
                                          Path:/tmp/firmware.m68k.elf
                                          Arguments:/tmp/firmware.m68k.elf
                                          File size:4463432 bytes
                                          MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                          Chronological Activities