Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
linux_arm64.elf

Overview

General Information

Sample name:linux_arm64.elf
Analysis ID:1543427
MD5:8014c239074b291949ad02412c68dcaa
SHA1:0f3ba8516e4e05659e02c3c79337598186eca9d4
SHA256:6563fa59ed29306a47ea2b0aa67bedc77e1d25c8a911569a042a269775747c77
Tags:elfuser-abuse_ch
Infos:

Detection

Chaos
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Yara detected Chaos
Drops files in suspicious directories
Sample tries to set files in /etc globally writable
Uses known network protocols on non-standard ports
Writes identical ELF files to multiple locations
Creates hidden files and/or directories
Creates hidden files without content (potentially used as a mutex)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "sleep" command used to delay execution and potentially evade sandboxes
Executes the "systemctl" command used for controlling the systemd system and service manager
Reads CPU information from /sys indicative of miner or evasive malware
Reads the 'hosts' file potentially containing internal network hosts
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Sleeps for long times indicative of sandbox evasion
Suricata IDS alerts with low severity for network traffic
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes shell script file to disk with an unusual file extension

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1543427
Start date and time:2024-10-27 20:58:05 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 27s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:linux_arm64.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/56@2/0

Warnings

  • Report size exceeded maximum capacity and may have missing behavior information.
  • VT rate limit hit for: linux_arm64.elf

Runtime Messages

Command:/tmp/linux_arm64.elf
PID:6221
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • linux_arm64.elf (PID: 6221, Parent: 6138, MD5: 02e8e39e1b46472a60d128a6da84a2b8) Arguments: /tmp/linux_arm64.elf
    • bash (PID: 6226, Parent: 6221, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c /etc/32678&
      • bash New Fork (PID: 6234, Parent: 6226)
      • 32678 (PID: 6234, Parent: 1860, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/32678
        • 32678 New Fork (PID: 6239, Parent: 6234)
        • sleep (PID: 6239, Parent: 6234, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60
    • service (PID: 6232, Parent: 6221, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start
      • service New Fork (PID: 6237, Parent: 6232)
      • basename (PID: 6237, Parent: 6232, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 6240, Parent: 6232)
      • basename (PID: 6240, Parent: 6232, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 6242, Parent: 6232)
      • systemctl (PID: 6242, Parent: 6232, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
      • service New Fork (PID: 6252, Parent: 6232)
        • service New Fork (PID: 6253, Parent: 6252)
        • systemctl (PID: 6253, Parent: 6252, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
        • service New Fork (PID: 6254, Parent: 6252)
        • sed (PID: 6254, Parent: 6252, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    • systemctl (PID: 6232, Parent: 1860, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service
    • linux_arm64.elf (PID: 6235, Parent: 6221, MD5: 02e8e39e1b46472a60d128a6da84a2b8) Arguments: /tmp/linux_arm64.elf
      • update-rc.d (PID: 6255, Parent: 6235, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d linux_kill defaults
        • systemctl (PID: 6268, Parent: 6255, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
      • bash (PID: 6320, Parent: 6235, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable linux.service;systemctl start linux.service;journalctl -xe --no-pager"
        • bash New Fork (PID: 6323, Parent: 6320)
        • systemctl (PID: 6323, Parent: 6320, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
        • bash New Fork (PID: 6341, Parent: 6320)
        • systemctl (PID: 6341, Parent: 6320, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable linux.service
        • bash New Fork (PID: 6347, Parent: 6320)
        • systemctl (PID: 6347, Parent: 6320, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start linux.service
        • bash New Fork (PID: 6562, Parent: 6320)
        • journalctl (PID: 6562, Parent: 6320, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: journalctl -xe --no-pager
  • systemd New Fork (PID: 6271, Parent: 6270)
  • snapd-env-generator (PID: 6271, Parent: 6270, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 6338, Parent: 6337)
  • snapd-env-generator (PID: 6338, Parent: 6337, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 6345, Parent: 6344)
  • snapd-env-generator (PID: 6345, Parent: 6344, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 6348, Parent: 1)
  • System.img.config (PID: 6348, Parent: 1, MD5: 02e8e39e1b46472a60d128a6da84a2b8) Arguments: /boot/System.img.config
    • pkill (PID: 6355, Parent: 6348, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 32678
    • sh (PID: 6544, Parent: 6348, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /etc/32678&
      • sh New Fork (PID: 6550, Parent: 6544)
      • 32678 (PID: 6550, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/32678
        • 32678 New Fork (PID: 6564, Parent: 6550)
        • sleep (PID: 6564, Parent: 6550, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60
        • 32678 New Fork (PID: 6607, Parent: 6550)
        • id.services.conf (PID: 6607, Parent: 6550, MD5: 02e8e39e1b46472a60d128a6da84a2b8) Arguments: /etc/id.services.conf
          • pkill (PID: 6613, Parent: 6607, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 32678
          • sh (PID: 6615, Parent: 6607, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /etc/32678&
            • sh New Fork (PID: 6628, Parent: 6615)
            • 32678 (PID: 6628, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/32678
              • 32678 New Fork (PID: 6638, Parent: 6628)
              • sleep (PID: 6638, Parent: 6628, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60
          • service (PID: 6621, Parent: 6607, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start
            • service New Fork (PID: 6637, Parent: 6621)
            • basename (PID: 6637, Parent: 6621, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 6639, Parent: 6621)
            • basename (PID: 6639, Parent: 6621, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 6640, Parent: 6621)
            • systemctl (PID: 6640, Parent: 6621, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
            • service New Fork (PID: 6646, Parent: 6621)
              • service New Fork (PID: 6647, Parent: 6646)
              • systemctl (PID: 6647, Parent: 6646, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
              • service New Fork (PID: 6648, Parent: 6646)
              • sed (PID: 6648, Parent: 6646, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
          • systemctl (PID: 6621, Parent: 1, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service
          • id.services.conf (PID: 6629, Parent: 6607, MD5: 02e8e39e1b46472a60d128a6da84a2b8) Arguments: /etc/id.services.conf
    • service (PID: 6548, Parent: 6348, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start
      • service New Fork (PID: 6560, Parent: 6548)
      • basename (PID: 6560, Parent: 6548, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 6565, Parent: 6548)
      • basename (PID: 6565, Parent: 6548, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 6566, Parent: 6548)
      • systemctl (PID: 6566, Parent: 6548, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
      • service New Fork (PID: 6575, Parent: 6548)
        • service New Fork (PID: 6576, Parent: 6575)
        • systemctl (PID: 6576, Parent: 6575, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
        • service New Fork (PID: 6577, Parent: 6575)
        • sed (PID: 6577, Parent: 6575, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    • systemctl (PID: 6548, Parent: 1, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service
    • System.img.config (PID: 6555, Parent: 6348, MD5: 02e8e39e1b46472a60d128a6da84a2b8) Arguments: /boot/System.img.config
  • sshd New Fork (PID: 6350, Parent: 936)
  • sshd (PID: 6350, Parent: 936, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
  • sshd New Fork (PID: 6363, Parent: 936)
  • sshd (PID: 6363, Parent: 936, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
    • sshd New Fork (PID: 6384, Parent: 6363)
  • sshd New Fork (PID: 6498, Parent: 936)
  • sshd (PID: 6498, Parent: 936, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
    • sshd New Fork (PID: 6512, Parent: 6498)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
ChaosMulti-functional malware written in Go, targeting both Linux and Windows, evolved from elf.kaiji.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.chaos

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
linux_arm64.elfJoeSecurity_ChaosGoYara detected ChaosJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    /etc/id.services.confJoeSecurity_ChaosGoYara detected ChaosJoe Security
      /boot/System.img.configJoeSecurity_ChaosGoYara detected ChaosJoe Security

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-27T20:58:53.091952+010028500231A Network Trojan was detected154.12.82.117878192.168.2.2352100TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: linux_arm64.elfReversingLabs: Detection: 42%
        Source: /tmp/linux_arm64.elf (PID: 6235)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6613)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

        Networking

        barindex
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 808 -> 53972
        Source: unknownNetwork traffic detected: HTTP traffic on port 53976 -> 808
        Source: unknownNetwork traffic detected: HTTP traffic on port 808 -> 53976
        Source: global trafficTCP traffic: 192.168.2.23:53972 -> 154.12.82.11:808
        Source: /tmp/linux_arm64.elf (PID: 6235)Reads hosts file: /etc/hostsJump to behavior
        Source: Network trafficSuricata IDS: 2850023 - Severity 1 - ETPRO JA3 Hash - Possible Ligolo Server/Golang Binary Response : 154.12.82.11:7878 -> 192.168.2.23:52100
        Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
        Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
        Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: unknownTCP traffic detected without corresponding DNS query: 154.12.82.11
        Source: global trafficHTTP traffic detected: GET /password.txt HTTP/1.1Host: 154.12.82.11:808User-Agent: Go-http-client/1.1Accept-Encoding: gzip
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http2: Transport conn %p received error from processing frame %v: %vhttp2: Transport received unsolicited DATA frame; closing connectionhttp: message cannot contain multiple Content-Length headers; got %qpadding bytes must all be zeros unless AllowIllegalWrites is enabledreflect: reflect.Value.UnsafePointer on an invalid notinheap pointerhttp2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)tls: handshake message of length %d bytes exceeds maximum of %d bytestls: peer doesn't support the certificate custom signature algorithmsbytes.Buffer: UnreadByte: previous operation was not a successful readcannot convert slice with length %y to pointer to array with length %xgot %s for stream %d; expected CONTINUATION following %s for stream %dx509: PKCS#8 wrapping contained private key with unknown algorithm: %vx509: certificate relies on legacy Common Name field, use SANs insteadMozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)Sogou Pic Spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)dynamic table size update MUST occur at the beginning of a header blockssh: no common algorithm for %s; client offered: %v, server offered: %vtls: peer doesn't support any of the certificate's signature algorithmstoo many concurrent operations on a single file or socket (max 1048575)x509: issuer has name constraints but leaf doesn't have a SAN extensionMozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)tls: server's certificate contains an unsupported type of public key: %Ttls: received unexpected handshake message of type %T when waiting for %T91289437fa036b34da55d57af6192768c27bd433fa012169d626d934e0051b24dd67dd3cf49d7cc827bc012d259d7ac226e70829239d7ac226e7082968de60d520eb433722c07fd236f6crypto/elliptic: internal error: Unmarshal rejected a valid point encodingmalformed response from server: malformed non-numeric status pseudo headernet/http: server replied with more than declared Content-Length; truncatedtls: certificate RSA key size too small for supported signature algorithmsUnsolicited response received on idle HTTP channel starting with %q; err=%vtls: internal error: attempted to read record with pending application datatls: failed to send closeNotify alert (but connection was closed anyway): %wtls: server certificate contains incorrect key type for selected ciphersuite((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}MapIter.Next called on an iterator that does not have an associated map Valuecrypto/tls: ExportKeyingMaterial is unavailable when renegotiation is enabled115792089210356248762697446949407573529996955224135760342422259061068512044369115792089210356248762697446949407573530086143415290314195533631308867097853951ssh: internal error: algorithmSignerWrapper invoked with non-default algorithmssh: unable to authenticate, attempted methods %v, no supported methods remainx509: signature check attempt
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http: RoundTripper implementation (%T) returned a nil *Response with a nil errortls: either ServerName or InsecureSkipVerify must be specified in the tls.Configx509: invalid signature: parent certificate cannot sign this kind of certificaterefusing to use HTTP_PROXY value in CGI environment; see golang.org/s/cgihttpproxyx509: a root or intermediate certificate is not authorized to sign for this name: (possibly because of %q while trying to verify candidate authority certificate %q)Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)x509: issuer has name constraints but leaf contains unknown or unconstrained name: tls: downgrade attempt detected, possibly due to a MitM attack or a broken middleboxx509: signature algorithm specifies an %s public key, but have public key of type %Treflect.Value.Interface: cannot return value obtained from unexported field or methodx509: failed to parse private key (use ParseECPrivateKey instead for this key format)Mozilla/5.0 (compatible; YoudaoBot/1.0; http://www.youdao.com/help/webmaster/spider/;)reflect: New of type that may not be allocated in heap (possibly undefined cgo C type)x509: a root or intermediate certificate is not authorized for an extended key usage: fxfzUc6gtMGc/i26ld3KydGKy1k7QqyMMyxjbU1Rlk+F9LQxnaTeCHGHsDUpaBeOWDeY6l+2kHlB7EWTLcGwfg==whv+Kf1cEtOXzr+zuvmef2as0WfbUDm8l2LMWBMel10NDnbShg9CsMUt327VJhOTbXLoPYJVTKy8MBPCVwoT8A==x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%qapplication/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5tls: handshake hash for a client certificate requested after discarding the handshake buffertls: unsupported certificate: private key is *ed25519.PrivateKey, expected ed25519.PrivateKey3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5faa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aefhttp: RoundTripper implementation (%T) returned a *Response with content length %d but a nil BodyNoClientCertRequestClientCertRequireAnyClientCertVerifyClientCertIfGivenRequireAndVerifyClientCertcipher: the nonce can't have zero length, or the security of the key will be immediately compromised1.0.3<<RMS>> equals www.yahoo.com (Yahoo)
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://help.yahoo.com/help/us/ysearch/slurp)x509:
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://search.msn.com/msnbot.htm
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.baidu.com/search/spider.html)Mozilla/5.0
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.baidu.com/search/spider.html)http2:
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.youdao.com/help/webmaster/spider/;)reflect:
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://yandex.com/bots)http:
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: https://search.yahoo.com/search?p=illegal
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: https://www.baidu.com/s?wd=insufficient
        Source: linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: https://www.so.com/s?q=index
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /usr/bin/pkill (PID: 6355)SIGKILL sent: pid: 6234, result: successfulJump to behavior
        Source: /usr/bin/pkill (PID: 6613)SIGKILL sent: pid: 6550, result: successfulJump to behavior
        Source: classification engineClassification label: mal72.troj.evad.linELF@0/56@2/0
        Source: ELF file sectionSubmission: linux_arm64.elf
        Source: ELF file sectionDropped file: id.services.conf.12.dr
        Source: ELF file sectionDropped file: System.img.config.19.dr

        Persistence and Installation Behavior

        barindex
        Sample tries to set files in /etc globally writable
        Source: /tmp/linux_arm64.elf (PID: 6221)File: /etc/id.services.conf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6221)File: /etc/32678 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Writes identical ELF files to multiple locations
        Source: /tmp/linux_arm64.elf (PID: 6235)File with SHA-256 6563FA59ED29306A47EA2B0AA67BEDC77E1D25C8A911569A042A269775747C77 written: /boot/System.img.configJump to dropped file
        Source: /tmp/linux_arm64.elf (PID: 6221)File with SHA-256 6563FA59ED29306A47EA2B0AA67BEDC77E1D25C8A911569A042A269775747C77 written: /etc/id.services.confJump to dropped file
        Source: /tmp/linux_arm64.elf (PID: 6235)File: /dev/.oldJump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6235)File: /dev/.imgJump to behavior
        Source: /etc/id.services.conf (PID: 6629)File: /dev/.oldJump to behavior
        Source: /etc/id.services.conf (PID: 6629)File: /dev/.imgJump to behavior
        Source: /boot/System.img.config (PID: 6555)File: /dev/.old
        Source: /boot/System.img.config (PID: 6555)File: /dev/.img
        Source: /boot/System.img.config (PID: 6555)Empty hidden file: /dev/.old
        Source: /boot/System.img.config (PID: 6555)Empty hidden file: /dev/.img
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6234/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6234/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6355/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6355/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6235/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6235/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1582/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1582/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/3088/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/3088/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/230/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/230/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/110/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/110/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/231/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/231/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/111/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/111/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/232/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/232/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1579/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1579/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/112/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/112/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/233/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/233/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1699/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1699/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/113/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/113/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/234/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/234/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1335/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1335/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1698/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1698/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/114/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/114/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/235/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/235/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1334/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1334/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1576/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1576/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/2302/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/2302/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/115/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/115/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/236/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/236/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/116/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/116/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/237/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/237/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/117/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/117/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/118/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/118/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/910/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/910/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6348/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6348/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/119/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/119/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6347/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/6347/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/912/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/912/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/10/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/10/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/2307/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/2307/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/11/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/11/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/918/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/918/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/12/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/12/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/13/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/13/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/14/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/14/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/15/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/15/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/16/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/16/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/17/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/17/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/18/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/18/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1594/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1594/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/120/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/120/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/121/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/121/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1349/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1349/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/1/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/122/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/122/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/243/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/243/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/123/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6355)File opened: /proc/123/cmdlineJump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6226)Shell command executed: /bin/bash -c /etc/32678&Jump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6320)Shell command executed: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable linux.service;systemctl start linux.service;journalctl -xe --no-pager"Jump to behavior
        Source: /boot/System.img.config (PID: 6355)Pkill executable: /usr/bin/pkill -> pkill -9 32678Jump to behavior
        Source: /etc/id.services.conf (PID: 6613)Pkill executable: /usr/bin/pkill -> pkill -9 32678Jump to behavior
        Source: /usr/sbin/service (PID: 6232)Systemctl executable: /usr/bin/systemctl -> systemctl start crond.serviceJump to behavior
        Source: /usr/sbin/service (PID: 6242)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
        Source: /usr/sbin/service (PID: 6253)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
        Source: /usr/sbin/update-rc.d (PID: 6268)Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reloadJump to behavior
        Source: /bin/bash (PID: 6323)Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reloadJump to behavior
        Source: /bin/bash (PID: 6341)Systemctl executable: /usr/bin/systemctl -> systemctl enable linux.serviceJump to behavior
        Source: /bin/bash (PID: 6347)Systemctl executable: /usr/bin/systemctl -> systemctl start linux.serviceJump to behavior
        Source: /usr/sbin/service (PID: 6621)Systemctl executable: /usr/bin/systemctl -> systemctl start crond.serviceJump to behavior
        Source: /usr/sbin/service (PID: 6640)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
        Source: /usr/sbin/service (PID: 6647)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
        Source: /usr/sbin/service (PID: 6548)Systemctl executable: /usr/bin/systemctl -> systemctl start crond.serviceJump to behavior
        Source: /usr/sbin/service (PID: 6566)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
        Source: /usr/sbin/service (PID: 6576)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6221)File: /etc/id.services.conf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6221)File: /etc/32678 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6235)File: /boot/System.img.config (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6221)File written: /etc/id.services.confJump to dropped file
        Source: /tmp/linux_arm64.elf (PID: 6235)File written: /boot/System.img.configJump to dropped file
        Source: /tmp/linux_arm64.elf (PID: 6221)Writes shell script file to disk with an unusual file extension: /etc/32678Jump to dropped file
        Source: /tmp/linux_arm64.elf (PID: 6235)Writes shell script file to disk with an unusual file extension: /etc/init.d/linux_killJump to dropped file
        Source: /usr/sbin/service (PID: 6254)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior
        Source: /usr/sbin/service (PID: 6648)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior
        Source: /usr/sbin/service (PID: 6577)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

        Hooking and other Techniques for Hiding and Protection

        barindex
        Drops files in suspicious directories
        Source: /tmp/linux_arm64.elf (PID: 6235)File: /etc/init.d/linux_killJump to dropped file
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 808 -> 53972
        Source: unknownNetwork traffic detected: HTTP traffic on port 53976 -> 808
        Source: unknownNetwork traffic detected: HTTP traffic on port 808 -> 53976
        Source: /etc/32678 (PID: 6239)Sleep executable: /usr/bin/sleep -> sleep 60Jump to behavior
        Source: /etc/32678 (PID: 6564)Sleep executable: /usr/bin/sleep -> sleep 60Jump to behavior
        Source: /etc/32678 (PID: 6638)Sleep executable: /usr/bin/sleep -> sleep 60Jump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6235)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6355)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6613)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/sleep (PID: 6239)Sleeps longer then 60s: 60.0sJump to behavior
        Source: /usr/bin/sleep (PID: 6564)Sleeps longer then 60s: 60.0sJump to behavior
        Source: /usr/bin/sleep (PID: 6638)Sleeps longer then 60s: 60.0sJump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6221)Queries kernel information via 'uname': Jump to behavior
        Source: /bin/bash (PID: 6226)Queries kernel information via 'uname': Jump to behavior
        Source: /tmp/linux_arm64.elf (PID: 6235)Queries kernel information via 'uname': Jump to behavior
        Source: /bin/bash (PID: 6320)Queries kernel information via 'uname': Jump to behavior
        Source: /boot/System.img.config (PID: 6348)Queries kernel information via 'uname': Jump to behavior
        Source: /etc/id.services.conf (PID: 6607)Queries kernel information via 'uname': Jump to behavior
        Source: /etc/id.services.conf (PID: 6629)Queries kernel information via 'uname': Jump to behavior
        Source: /boot/System.img.config (PID: 6555)Queries kernel information via 'uname':
        Source: System.img.config, 6555.1.000055fd54683000.000055fd54bff000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/aarch64
        Source: id.services.conf, 6629.1.00007ffc3cdce000.00007ffc3cdef000.rw-.sdmpBinary or memory string: Bx86_64/usr/bin/qemu-aarch64/etc/id.services.conf
        Source: 32678, 6607.1.00007ffdf72ec000.00007ffdf730d000.rw-.sdmp, id.services.conf, 6607.1.00007ffdf72ec000.00007ffdf730d000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-aarch64/etc/id.services.confJOURNAL_STREAM=9:75215PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binINVOCATION_ID=4f9991526ab544b5958a0438d46ce107LANG=en_US.UTF-8PWD=//etc/id.services.conf
        Source: systemd, 6348.1.000055b756e78000.000055b75740e000.rw-.sdmp, System.img.config, 6348.1.000055b756e78000.000055b75740e000.rw-.sdmpBinary or memory string: Urg.qemu.gdb.arm.sys.regs">@
        Source: System.img.config, 6555.1.000055fd54683000.000055fd54bff000.rw-.sdmpBinary or memory string: U1/etc/qemu-binfmt/aarch64O
        Source: id.services.conf, 6629.1.0000560380721000.0000560380c9d000.rw-.sdmpBinary or memory string: Vrg.qemu.gdb.arm.sys.regs">
        Source: 32678, 6607.1.00005651e4440000.00005651e49d8000.rw-.sdmp, id.services.conf, 6607.1.00005651e4440000.00005651e49d8000.rw-.sdmpBinary or memory string: QV1/etc/qemu-binfmt/aarch64O
        Source: System.img.config, 6555.1.000055fd54683000.000055fd54bff000.rw-.sdmpBinary or memory string: Urg.qemu.gdb.arm.sys.regs">
        Source: systemd, 6348.1.00007fff57283000.00007fff572a4000.rw-.sdmp, System.img.config, 6348.1.00007fff57283000.00007fff572a4000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-aarch64/boot/System.img.configLANG=en_US.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binINVOCATION_ID=4f9991526ab544b5958a0438d46ce107JOURNAL_STREAM=9:75215/boot/System.img.config
        Source: System.img.config, 6555.1.00007ffd0e5f9000.00007ffd0e61a000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-aarch64/boot/System.img.config
        Source: System.img.config, 6555.1.000055fd54683000.000055fd54bff000.rw-.sdmpBinary or memory string: rg.qemu.gdb.arm.sys.regs">
        Source: linux_arm64.elf, 6221.1.00007ffeb6b49000.00007ffeb6b6a000.rw-.sdmpBinary or memory string: N~x86_64/usr/bin/qemu-aarch64/tmp/linux_arm64.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/linux_arm64.elf
        Source: 32678, 6607.1.00005651e4440000.00005651e49d8000.rw-.sdmp, id.services.conf, 6607.1.00005651e4440000.00005651e49d8000.rw-.sdmpBinary or memory string: QVrg.qemu.gdb.arm.sys.regs">
        Source: System.img.config, 6555.1.00007ffd0e5f9000.00007ffd0e61a000.rw-.sdmpBinary or memory string: /usr/bin/qemu-aarch64
        Source: id.services.conf, 6629.1.0000560380721000.0000560380c9d000.rw-.sdmpBinary or memory string: V1/etc/qemu-binfmt/aarch64O

        Stealing of Sensitive Information

        barindex
        Yara detected Chaos
        Source: Yara matchFile source: linux_arm64.elf, type: SAMPLE
        Source: Yara matchFile source: /etc/id.services.conf, type: DROPPED
        Source: Yara matchFile source: /boot/System.img.config, type: DROPPED

        Remote Access Functionality

        barindex
        Yara detected Chaos
        Source: Yara matchFile source: linux_arm64.elf, type: SAMPLE
        Source: Yara matchFile source: /etc/id.services.conf, type: DROPPED
        Source: Yara matchFile source: /boot/System.img.config, type: DROPPED

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid Accounts1
        Command and Scripting Interpreter        		1
        Systemd Service        		1
        Systemd Service        		1
        Masquerading        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        Data Manipulation
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Scripting        		Boot or Logon Initialization Scripts1
        Hide Artifacts        		LSASS Memory1
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable Media11
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Virtualization/Sandbox Evasion        		Security Account Manager1
        File and Directory Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Ingress Tool Transfer        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        File and Directory Permissions Modification        		NTDS1
        System Information Discovery        		Distributed Component Object ModelInput Capture2
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Disable or Modify Tools        		LSA SecretsInternet Connection DiscoverySSHKeylogging3
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Hidden Files and Directories        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543427 Sample: linux_arm64.elf Startdate: 27/10/2024 Architecture: LINUX Score: 72 110 109.202.202.202, 80 INIT7CH Switzerland 2->110 112 154.12.82.11, 52100, 53972, 53976 COGENT-174US United States 2->112 114 3 other IPs or domains 2->114 116 Multi AV Scanner detection for submitted file 2->116 118 Yara detected Chaos 2->118 120 Uses known network protocols on non-standard ports 2->120 12 linux_arm64.elf 2->12         started        16 systemd System.img.config 2->16         started        18 sshd sshd 2->18         started        20 5 other processes 2->20 signatures3 process4 file5 106 /etc/id.services.conf, ELF 12->106 dropped 108 /etc/32678, POSIX 12->108 dropped 126 Sample tries to set files in /etc globally writable 12->126 128 Writes identical ELF files to multiple locations 12->128 22 linux_arm64.elf linux_arm64.elf 12->22         started        26 linux_arm64.elf service systemctl 12->26         started        28 linux_arm64.elf bash 12->28         started        30 System.img.config sh 16->30         started        32 System.img.config service systemctl 16->32         started        34 System.img.config pkill 16->34         started        36 System.img.config System.img.config 16->36         started        38 sshd 18->38         started        40 sshd 20->40         started        signatures6 process7 file8 102 /etc/init.d/linux_kill, POSIX 22->102 dropped 104 /boot/System.img.config, ELF 22->104 dropped 122 Writes identical ELF files to multiple locations 22->122 124 Drops files in suspicious directories 22->124 42 linux_arm64.elf bash 22->42         started        44 linux_arm64.elf update-rc.d 22->44         started        46 service 26->46         started        48 service basename 26->48         started        56 2 other processes 26->56 50 bash 32678 28->50         started        52 sh 32678 30->52         started        54 service 32->54         started        58 3 other processes 32->58 signatures9 process10 process11 76 4 other processes 42->76 60 update-rc.d systemctl 44->60         started        62 service systemctl 46->62         started        64 service sed 46->64         started        66 32678 sleep 50->66         started        68 32678 id.services.conf 52->68         started        70 32678 sleep 52->70         started        72 service systemctl 54->72         started        74 service sed 54->74         started        process12 78 id.services.conf service systemctl 68->78         started        80 id.services.conf sh 68->80         started        82 id.services.conf pkill 68->82         started        84 id.services.conf id.services.conf 68->84         started        process13 86 service 78->86         started        88 service basename 78->88         started        90 service basename 78->90         started        92 service systemctl 78->92         started        94 sh 32678 80->94         started        process14 96 service systemctl 86->96         started        98 service sed 86->98         started        100 32678 sleep 94->100         started       

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        linux_arm64.elf42%ReversingLabsLinux.Trojan.Multiverze

        Dropped Files

        SourceDetectionScannerLabelLink
        /boot/System.img.config42%ReversingLabsLinux.Trojan.Multiverze
        /etc/326780%ReversingLabs
        /etc/id.services.conf42%ReversingLabsLinux.Trojan.Multiverze
        /etc/init.d/linux_kill0%ReversingLabs

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.google.com
        		172.217.18.4
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://154.12.82.11:808/password.txtfalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.baidu.com/search/spider.html)Mozilla/5.0linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drfalse
              		unknown
              http://search.msn.com/msnbot.htmlinux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                		unknown
                https://www.so.com/s?q=indexlinux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                  		unknown
                  http://help.yahoo.com/help/us/ysearch/slurp)x509:linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                    		unknown
                    https://www.baidu.com/s?wd=insufficientlinux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                      		unknown
                      http://www.youdao.com/help/webmaster/spider/;)reflect:linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                        		unknown
                        http://www.baidu.com/search/spider.html)http2:linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                          		unknown
                          http://yandex.com/bots)http:linux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                            		unknown
                            https://search.yahoo.com/search?p=illegallinux_arm64.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              154.12.82.11
                              		unknownUnited States
                              		174COGENT-174USfalse
                              109.202.202.202
                              		unknownSwitzerland
                              		13030INIT7CHfalse
                              91.189.91.43
                              		unknownUnited Kingdom
                              		41231CANONICAL-ASGBfalse
                              91.189.91.42
                              		unknownUnited Kingdom
                              		41231CANONICAL-ASGBfalse

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              154.12.82.11linux_386.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              linux_amd64.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              na.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              na.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              na.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              na.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              na.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              na.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              na.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              na.elfGet hashmaliciousChaosBrowse
                              • 154.12.82.11:808/password.txt
                              109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                              • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                              91.189.91.43linux_386.elfGet hashmaliciousChaosBrowse
                                .i.elfGet hashmaliciousUnknownBrowse
                                  na.elfGet hashmaliciousUnknownBrowse
                                    parm6.elfGet hashmaliciousUnknownBrowse
                                      debug.dbg.elfGet hashmaliciousMiraiBrowse
                                        na.elfGet hashmaliciousUnknownBrowse
                                          arm5.elfGet hashmaliciousUnknownBrowse
                                            linux_amd64.elfGet hashmaliciousChaosBrowse
                                              linux_mips_softfloat.elfGet hashmaliciousChaosBrowse
                                                linux_mips64_softfloat.elfGet hashmaliciousChaosBrowse
                                                  91.189.91.42linux_386.elfGet hashmaliciousChaosBrowse
                                                    amd64.elfGet hashmaliciousUnknownBrowse
                                                      .i.elfGet hashmaliciousUnknownBrowse
                                                        na.elfGet hashmaliciousUnknownBrowse
                                                          parm6.elfGet hashmaliciousUnknownBrowse
                                                            debug.dbg.elfGet hashmaliciousMiraiBrowse
                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                                  linux_amd64.elfGet hashmaliciousChaosBrowse
                                                                    linux_mips_softfloat.elfGet hashmaliciousChaosBrowse

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      www.google.comlinux_386.elfGet hashmaliciousChaosBrowse
                                                                      • 142.250.184.228
                                                                      linux_amd64.elfGet hashmaliciousChaosBrowse
                                                                      • 142.250.184.196
                                                                      CQlUZ4KuAa.exeGet hashmaliciousVidarBrowse
                                                                      • 142.250.186.100
                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                      • 216.58.206.68
                                                                      SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exeGet hashmaliciousLummaCBrowse
                                                                      • 142.251.40.100
                                                                      2QPrBtk3J8.exeGet hashmaliciousUnknownBrowse
                                                                      • 142.250.185.228
                                                                      v9dVG4fAGa.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                      • 142.250.184.196
                                                                      LkCinYWgNh.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                      • 172.217.16.196
                                                                      R40XD2LfcZ.exeGet hashmaliciousClipboard HijackerBrowse
                                                                      • 172.217.18.4
                                                                      v9dVG4fAGa.exeGet hashmaliciousClipboard HijackerBrowse
                                                                      • 142.250.185.196

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CANONICAL-ASGBlinux_386.elfGet hashmaliciousChaosBrowse
                                                                      • 91.189.91.42
                                                                      amd64.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      .i.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      parm6.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      debug.dbg.elfGet hashmaliciousMiraiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      arm5.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      linux_amd64.elfGet hashmaliciousChaosBrowse
                                                                      • 91.189.91.42
                                                                      linux_mips_softfloat.elfGet hashmaliciousChaosBrowse
                                                                      • 91.189.91.42
                                                                      CANONICAL-ASGBlinux_386.elfGet hashmaliciousChaosBrowse
                                                                      • 91.189.91.42
                                                                      amd64.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      .i.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      parm6.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      debug.dbg.elfGet hashmaliciousMiraiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      arm5.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      linux_amd64.elfGet hashmaliciousChaosBrowse
                                                                      • 91.189.91.42
                                                                      linux_mips_softfloat.elfGet hashmaliciousChaosBrowse
                                                                      • 91.189.91.42
                                                                      COGENT-174USlinux_386.elfGet hashmaliciousChaosBrowse
                                                                      • 154.12.82.11
                                                                      linux_amd64.elfGet hashmaliciousChaosBrowse
                                                                      • 154.12.82.11
                                                                      debug.dbg.elfGet hashmaliciousMirai, MoobotBrowse
                                                                      • 72.13.138.173
                                                                      sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                      • 38.21.100.89
                                                                      x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                      • 38.95.215.168
                                                                      la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                      • 38.73.2.108
                                                                      nabm68k.elfGet hashmaliciousUnknownBrowse
                                                                      • 38.52.1.106
                                                                      nklsh4.elfGet hashmaliciousUnknownBrowse
                                                                      • 38.239.134.118
                                                                      nabmips.elfGet hashmaliciousUnknownBrowse
                                                                      • 38.173.120.137
                                                                      splarm7.elfGet hashmaliciousUnknownBrowse
                                                                      • 149.55.17.218
                                                                      INIT7CHlinux_386.elfGet hashmaliciousChaosBrowse
                                                                      • 109.202.202.202
                                                                      amd64.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      .i.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      parm6.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      debug.dbg.elfGet hashmaliciousMiraiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      arm5.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      linux_amd64.elfGet hashmaliciousChaosBrowse
                                                                      • 109.202.202.202
                                                                      linux_mips_softfloat.elfGet hashmaliciousChaosBrowse
                                                                      • 109.202.202.202

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      /etc/32678linux_386.elfGet hashmaliciousChaosBrowse
                                                                        linux_amd64.elfGet hashmaliciousChaosBrowse
                                                                          na.elfGet hashmaliciousChaosBrowse
                                                                            na.elfGet hashmaliciousChaosBrowse
                                                                              na.elfGet hashmaliciousChaosBrowse
                                                                                na.elfGet hashmaliciousChaosBrowse
                                                                                  na.elfGet hashmaliciousChaosBrowse
                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                      na.elfGet hashmaliciousChaosBrowse
                                                                                        na.elfGet hashmaliciousChaosBrowse

                                                                                          Created / dropped Files

                                                                                          /boot/System.img.config

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped
                                                                                          Category:dropped
                                                                                          Size (bytes):5177344
                                                                                          Entropy (8bit):6.1098977861220956
                                                                                          Encrypted:false
                                                                                          SSDEEP:49152:7H+5dH9Zq/34LCFNoUAFKVCsV5EN2q3OY2NXxB1:r+5dH+/34LCFNoUTVCsrEN
                                                                                          MD5:8014C239074B291949AD02412C68DCAA
                                                                                          SHA1:0F3BA8516E4E05659E02C3C79337598186ECA9D4
                                                                                          SHA-256:6563FA59ED29306A47EA2B0AA67BEDC77E1D25C8A911569A042A269775747C77
                                                                                          SHA-512:30AA5D41CB3EE86D72586B1D03AF03008E7DA5130AB154ABF24DC3BE2B35BEC285919E5C59AFF5CFC2501EABA8F5DD42BBF18511CB27319559B60E7111C74D0E
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_ChaosGo, Description: Yara detected Chaos, Source: /boot/System.img.config, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 42%
                                                                                          Reputation:low
                                                                                          Preview:.ELF............................@...................@.8...@.............@.......@.......@...............................................................d.......d.................................................$.......$.......................%.......&.......&..... .%..... .%.......................K.......L.......L.............0...............Q.td.......................................................e.*....................................................................................................................................................$.............................j.................&.......%......L.............. ........................................L5.....................................r...............`M6.....`M5..................... ...............|...............@e6.....@e5.....`............... ................................n6......n5......................................................n6......n5......S.............. ...............B.................L.......K.....

                                                                                          /etc/32678

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:POSIX shell script, ASCII text executable
                                                                                          Category:dropped
                                                                                          Size (bytes):61
                                                                                          Entropy (8bit):4.483513158259707
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:TKH4vSNMOsUF4K0WJTDALWpgGAn:hisUF4kDALWRAn
                                                                                          MD5:768EAF287796DA19E1CF5E0B2FB1B161
                                                                                          SHA1:6A1CE2EE5CCC86D1F33806FEB14547B35290DF2A
                                                                                          SHA-256:1D22620DFB2A6715E5D745AED5CF841EDE0E75E1747F12B9B925A2D346BC7ECB
                                                                                          SHA-512:E6AF30C9DF4F7F47696069511E64ECBC8E841629D692EE4056503DF3533FB7A7A74960698826260355E1DBA7B6C562482A27A39BB51A4237473CE4B68472D620
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                          Joe Sandbox View:
                                                                                          • Filename: linux_386.elf, Detection: malicious, Browse
                                                                                          • Filename: linux_amd64.elf, Detection: malicious, Browse
                                                                                          • Filename: na.elf, Detection: malicious, Browse
                                                                                          • Filename: na.elf, Detection: malicious, Browse
                                                                                          • Filename: na.elf, Detection: malicious, Browse
                                                                                          • Filename: na.elf, Detection: malicious, Browse
                                                                                          • Filename: na.elf, Detection: malicious, Browse
                                                                                          • Filename: na.elf, Detection: malicious, Browse
                                                                                          • Filename: na.elf, Detection: malicious, Browse
                                                                                          • Filename: na.elf, Detection: malicious, Browse
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview:#!/bin/sh.while [ 1 ]; do.sleep 60./etc/id.services.conf.done

                                                                                          /etc/id.services.conf

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped
                                                                                          Category:dropped
                                                                                          Size (bytes):5177344
                                                                                          Entropy (8bit):6.1098977861220956
                                                                                          Encrypted:false
                                                                                          SSDEEP:49152:7H+5dH9Zq/34LCFNoUAFKVCsV5EN2q3OY2NXxB1:r+5dH+/34LCFNoUTVCsrEN
                                                                                          MD5:8014C239074B291949AD02412C68DCAA
                                                                                          SHA1:0F3BA8516E4E05659E02C3C79337598186ECA9D4
                                                                                          SHA-256:6563FA59ED29306A47EA2B0AA67BEDC77E1D25C8A911569A042A269775747C77
                                                                                          SHA-512:30AA5D41CB3EE86D72586B1D03AF03008E7DA5130AB154ABF24DC3BE2B35BEC285919E5C59AFF5CFC2501EABA8F5DD42BBF18511CB27319559B60E7111C74D0E
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_ChaosGo, Description: Yara detected Chaos, Source: /etc/id.services.conf, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 42%
                                                                                          Reputation:low
                                                                                          Preview:.ELF............................@...................@.8...@.............@.......@.......@...............................................................d.......d.................................................$.......$.......................%.......&.......&..... .%..... .%.......................K.......L.......L.............0...............Q.td.......................................................e.*....................................................................................................................................................$.............................j.................&.......%......L.............. ........................................L5.....................................r...............`M6.....`M5..................... ...............|...............@e6.....@e5.....`............... ................................n6......n5......................................................n6......n5......S.............. ...............B.................L.......K.....

                                                                                          /etc/init.d/linux_kill

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:POSIX shell script, ASCII text executable
                                                                                          Category:dropped
                                                                                          Size (bytes):189
                                                                                          Entropy (8bit):5.112939120919767
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:TKH4vfSgisKhW0GNstXWQfvYqkNDH2MDGKLQsUkDJREpsVWRQ0kDJRKVtAKOW0T6:hnSgisKhdtXpvPkVLDqklv4Q0klaARB6
                                                                                          MD5:3909975F7CC0D1121C1819B800069F31
                                                                                          SHA1:3E68DE708C2E6C40FAB6794AFDEE3104E5590189
                                                                                          SHA-256:6876DAC71F13A068AFB863D257134275F2EDBA43B2ACAF4924FABF97C079070B
                                                                                          SHA-512:50600CCEEB03B05F45AE61D890CAEE9F51FF390B6776930866E527E071D65D08241FC66673FD9B99D62FBC77D3C00FC3DE4D7378CBC42F5DABA5D83072B0906E
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview:#!/bin/sh...### BEGIN INIT INFO...#chkconfig: 2345 10 90...#description:System.img.config...# Default-Start:.2 3 4 5...# Default-Stop:...### END INIT INFO.../boot/System.img.config...exit 0

                                                                                          /memfd:snapd-env-generator (deleted)

                                                                                          Download File
                                                                                          Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):76
                                                                                          Entropy (8bit):3.7627880354948586
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                                                          MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                                                          SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                                                          SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                                                          SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                                                          Malicious:false
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                                                                          /tmp/qemu-open.1YVwmG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.26TWpG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.2XyBbG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.7kAmCE (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.7qVzhD (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.8C3RjF (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.9H6ngD (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.BSmOYE (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.ByOKeD (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.CCRXqG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.EdcOwD (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.EfitpD (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.G0eyHF (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.KH0TID (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.LxmW5D (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.PZLgmF (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.Pvr9mH (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.R6eh1C (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.SY4iwG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.SukxTE (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.W383UG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.WOcyHF (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.Xa5hyG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.XnSgKE (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.YXHJSE (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.YuLLFE (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.YwZv8E (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.fHJ3MF (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.h6N62E (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.hNmSRF (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.iDtXbF (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.kUIHID (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.kvHicF (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.l4d2bG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.lGGffG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.laolqD (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.mbgFxG (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.nfkBUE (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.oQ1rJE (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.oRXIRC (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.p37nfF (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.uyLc6D (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.v6FFLE (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.xpWF8F (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.yDJM7C (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /tmp/qemu-open.zJgL8E (deleted)

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):123
                                                                                          Entropy (8bit):3.013622804948815
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ZZgJMLIvDEYMdSdRFNvX:ZeJMLIY3dSj
                                                                                          MD5:CE5FB9D898EB0353A96892172BB31216
                                                                                          SHA1:E10304A2B1894DDB3E8EECCCACC7EFF0F21C8DD1
                                                                                          SHA-256:17E2A2D301AB9C8839CA0F5BD4FB077D8933944623B815A5119573B25FDF238A
                                                                                          SHA-512:DAE463E13156A4D56C1B06BC0E428C98317D4A735531B267C2D0A763DC39D790DD114C1DAA579DD9CE29B929F72D823A7ACDD04FCCE02E7372F1877FCE549950
                                                                                          Malicious:false
                                                                                          Preview:6235 (/tmp/linux_arm64.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                                                          /usr/lib/systemd/system/linux.service

                                                                                          Download File
                                                                                          Process:/tmp/linux_arm64.elf
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):207
                                                                                          Entropy (8bit):4.790870113084517
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:z86XWRBADMD+ns7HrDC17HrDfsRs7HrDCLQmWA4Rn:znWR2D2+nsr4rfs6rCLHWrn
                                                                                          MD5:D80CCC7CED99538F22336F2EC0249087
                                                                                          SHA1:BE4DE9F604E065B53076A3D7BA702FE98C6B8746
                                                                                          SHA-256:0DC3E8552C3E6217E0DC7FD440C7BA4C9CD6E676CE2561E4F71949D2783AE968
                                                                                          SHA-512:D798E6516571FCD03BDFFBD5405F320FB23422CEB563901658EFA4101B4568EABC27730F40C0BCF6DDE5509F01BA6965DD61F64675DAD695924F1DEA1746E6DE
                                                                                          Malicious:false
                                                                                          Preview:[Unit].Description=linux.After=network.target.[Service].Type=forking.ExecStart=/boot/System.img.config.ExecReload=/boot/System.img.config.ExecStop=/boot/System.img.config.[Install].WantedBy=multi-user.target

                                                                                          /var/log/btmp

                                                                                          Download File
                                                                                          Process:/usr/sbin/sshd
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):384
                                                                                          Entropy (8bit):0.8735982127940438
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:NEuaDLwbXWXMCld2/l:WPMbGcCW/
                                                                                          MD5:CBA826F3408BC51F7AD2499D61938551
                                                                                          SHA1:30BF68D7F3BEDAA3229ED360372C627755A971ED
                                                                                          SHA-256:61A4A94519BA6DD7EA4CBFF8AFD584433109D98BB6A812A420F000D59160C9A0
                                                                                          SHA-512:668B0FF56BFD54F92B77AD21B40914697AFBEDF8B02BD4F6A8D26475D8CB5F902021E01D7433B22FFF11253585504092D1AD35A577A8F3666105CBB499345AFE
                                                                                          Malicious:false
                                                                                          Preview:....b...ssh:notty...........................root............................192.168.2.23...............................................................................................................................................................................................................................................................g........................................

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped
                                                                                          Entropy (8bit):6.1098977861220956
                                                                                          TrID:
                                                                                          • ELF Executable and Linkable format (generic) (4004/1) 98.45%
                                                                                          • Lumena CEL bitmap (63/63) 1.55%
                                                                                          File name:linux_arm64.elf
                                                                                          File size:5'177'344 bytes
                                                                                          MD5:8014c239074b291949ad02412c68dcaa
                                                                                          SHA1:0f3ba8516e4e05659e02c3c79337598186eca9d4
                                                                                          SHA256:6563fa59ed29306a47ea2b0aa67bedc77e1d25c8a911569a042a269775747c77
                                                                                          SHA512:30aa5d41cb3ee86d72586b1d03af03008e7da5130ab154abf24dc3be2b35bec285919e5c59aff5cfc2501eaba8f5dd42bbf18511cb27319559b60e7111c74d0e
                                                                                          SSDEEP:49152:7H+5dH9Zq/34LCFNoUAFKVCsV5EN2q3OY2NXxB1:r+5dH+/34LCFNoUTVCsrEN
                                                                                          TLSH:48365B65BD5EE462E6C833783B7193D4323EBC489F4192235610FFAE99F67688F12112
                                                                                          File Content Preview:.ELF............................@...................@.8...@.............@.......@.......@...............................................................d.......d.................................................$.......$.......................%.......&....

                                                                                          Static ELF Info

                                                                                          ELF header

                                                                                          Class:ELF64
                                                                                          Data:2's complement, little endian
                                                                                          Version:1 (current)
                                                                                          Machine:AArch64
                                                                                          Version Number:0x1
                                                                                          Type:EXEC (Executable file)
                                                                                          OS/ABI:UNIX - System V
                                                                                          ABI Version:0
                                                                                          Entry Point Address:0x71cf0
                                                                                          Flags:0x0
                                                                                          ELF Header Size:64
                                                                                          Program Header Offset:64
                                                                                          Program Header Size:56
                                                                                          Number of Program Headers:7
                                                                                          Section Header Offset:456
                                                                                          Section Header Size:64
                                                                                          Number of Section Headers:14
                                                                                          Header String Table Index:3

                                                                                          Sections

                                                                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                          NULL0x00x00x00x00x0000
                                                                                          .textPROGBITS0x110000x10000x24b0a00x00x6AX0016
                                                                                          .rodataPROGBITS0x2600000x2500000x104c810x00x2A0032
                                                                                          .shstrtabSTRTAB0x00x354ca00xa50x00x0001
                                                                                          .typelinkPROGBITS0x364d600x354d600x17cc0x00x2A0032
                                                                                          .itablinkPROGBITS0x3665400x3565400x9600x00x2A0032
                                                                                          .gosymtabPROGBITS0x366ea00x356ea00x00x00x2A001
                                                                                          .gopclntabPROGBITS0x366ea00x356ea00x1553800x00x2A0032
                                                                                          .go.buildinfoPROGBITS0x4c00000x4b00000xd00x00x3WA0016
                                                                                          .noptrdataPROGBITS0x4c00e00x4b00e00x313780x00x3WA0032
                                                                                          .dataPROGBITS0x4f14600x4e14600xba700x00x3WA0032
                                                                                          .bssNOBITS0x4fcee00x4ecee00x320a00x00x3WA0032
                                                                                          .noptrbssNOBITS0x52ef800x51ef800xf3b00x00x3WA0032
                                                                                          .note.go.buildidNOTE0x10f9c0xf9c0x640x00x2A004

                                                                                          Program Segments

                                                                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                          PHDR0x400x100400x100400x1880x1881.51350x4R 0x10000
                                                                                          NOTE0xf9c0x10f9c0x10f9c0x640x645.37330x4R 0x4.note.go.buildid
                                                                                          LOAD0x00x100000x100000x24c0a00x24c0a06.32680x5R E0x10000.text .note.go.buildid
                                                                                          LOAD0x2500000x2600000x2600000x25c2200x25c2205.48070x4R 0x10000.rodata .typelink .itablink .gosymtab .gopclntab
                                                                                          LOAD0x4b00000x4c00000x4c00000x3cee00x7e3305.27100x6RW 0x10000.go.buildinfo .noptrdata .data .bss .noptrbss
                                                                                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x8
                                                                                          LOOS+50415800x00x00x00x00x00.00000x2a00 0x8

                                                                                          Network Behavior

                                                                                          Suricata IDS Alerts

                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                          2024-10-27T20:58:53.091952+01002850023ETPRO JA3 Hash - Possible Ligolo Server/Golang Binary Response1154.12.82.117878192.168.2.2352100TCP

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Oct 27, 2024 20:58:46.148736954 CET43928443192.168.2.2391.189.91.42
                                                                                          Oct 27, 2024 20:58:49.511779070 CET53972808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:49.517129898 CET80853972154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:49.517179012 CET53972808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:49.583465099 CET53972808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:49.588830948 CET80853972154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:50.490791082 CET80853972154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:50.494529009 CET53972808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:50.676865101 CET80853972154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:50.720114946 CET53972808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:51.524105072 CET42836443192.168.2.2391.189.91.43
                                                                                          Oct 27, 2024 20:58:51.938268900 CET53972808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:51.943908930 CET80853972154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:51.946687937 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:51.952090025 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:51.952167988 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:52.106242895 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:52.111731052 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:52.803833961 CET4251680192.168.2.23109.202.202.202
                                                                                          Oct 27, 2024 20:58:53.091844082 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:53.091938019 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:53.091936111 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:53.091952085 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:53.092017889 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:53.092017889 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:53.459738016 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:53.465213060 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:53.510103941 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:53.515510082 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:53.828784943 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:53.828850985 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:54.828068018 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:54.828165054 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:58.467684984 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:58:58.467757940 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:58.771719933 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:58:58.777194977 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:03.472105026 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:03.472189903 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:06.881884098 CET43928443192.168.2.2391.189.91.42
                                                                                          Oct 27, 2024 20:59:08.475019932 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:08.475106001 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:08.808053017 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:08.813432932 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:11.306827068 CET53976808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:11.312258959 CET80853976154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:11.312341928 CET53976808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:11.400567055 CET53976808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:11.405915022 CET80853976154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:12.294460058 CET80853976154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:12.294527054 CET53976808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:12.848648071 CET4051222192.168.2.23192.168.2.1
                                                                                          Oct 27, 2024 20:59:13.479510069 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:13.479577065 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:17.120485067 CET42836443192.168.2.2391.189.91.43
                                                                                          Oct 27, 2024 20:59:18.483895063 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:18.483983994 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:18.842745066 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:18.848365068 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:23.263632059 CET4251680192.168.2.23109.202.202.202
                                                                                          Oct 27, 2024 20:59:23.485807896 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:23.485887051 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:28.488815069 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:28.488928080 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:29.034790039 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:29.040370941 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:33.491478920 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:33.491576910 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:38.671853065 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:38.672080040 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:42.301152945 CET53976808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:42.306668043 CET80853976154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:43.499186993 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:43.499340057 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:47.836357117 CET43928443192.168.2.2391.189.91.42
                                                                                          Oct 27, 2024 20:59:48.502530098 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:48.502892017 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:53.506400108 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:53.506633997 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 20:59:58.510010958 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 20:59:58.510319948 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:03.514897108 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:03.515239000 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:08.313822985 CET42836443192.168.2.2391.189.91.43
                                                                                          Oct 27, 2024 21:00:08.515918970 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:08.516437054 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:12.408982038 CET53976808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:12.414406061 CET80853976154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:13.520530939 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:13.521133900 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:18.523885012 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:18.524249077 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:23.528141022 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:23.528466940 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:28.530832052 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:28.531032085 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:33.533628941 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:33.534070015 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:38.537488937 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:38.537708044 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:43.124635935 CET53976808192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:43.130321980 CET80853976154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:43.541493893 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:43.541594028 CET521007878192.168.2.23154.12.82.11
                                                                                          Oct 27, 2024 21:00:48.545205116 CET787852100154.12.82.11192.168.2.23
                                                                                          Oct 27, 2024 21:00:48.545382977 CET521007878192.168.2.23154.12.82.11

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Oct 27, 2024 20:58:48.848759890 CET3495153192.168.2.238.8.8.8
                                                                                          Oct 27, 2024 20:58:48.856123924 CET53349518.8.8.8192.168.2.23
                                                                                          Oct 27, 2024 20:58:49.480407953 CET5163953192.168.2.238.8.8.8
                                                                                          Oct 27, 2024 20:58:49.487595081 CET53516398.8.8.8192.168.2.23

                                                                                          ICMP Packets

                                                                                          TimestampSource IPDest IPChecksumCodeType
                                                                                          Oct 27, 2024 20:59:12.848680973 CET192.168.2.1192.168.2.238294(Port unreachable)Destination Unreachable

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Oct 27, 2024 20:58:48.848759890 CET192.168.2.238.8.8.80xb065Standard query (0)www.google.com28IN (0x0001)false
                                                                                          Oct 27, 2024 20:58:49.480407953 CET192.168.2.238.8.8.80x566dStandard query (0)www.google.comA (IP address)IN (0x0001)false

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Oct 27, 2024 20:58:48.856123924 CET8.8.8.8192.168.2.230xb065No error (0)www.google.com28IN (0x0001)false
                                                                                          Oct 27, 2024 20:58:49.487595081 CET8.8.8.8192.168.2.230x566dNo error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false

                                                                                          HTTP Request Dependency Graph

                                                                                          • 154.12.82.11:808

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          0192.168.2.2353972154.12.82.11808
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Oct 27, 2024 20:58:50.490791082 CET115INHTTP/1.1 400 Bad Request
                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                          Connection: close
                                                                                          Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                          Data Ascii: 400 Bad Request


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          1192.168.2.2353976154.12.82.11808
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Oct 27, 2024 20:59:11.400567055 CET121OUTGET /password.txt HTTP/1.1
                                                                                          Host: 154.12.82.11:808
                                                                                          User-Agent: Go-http-client/1.1
                                                                                          Accept-Encoding: gzip
                                                                                          Oct 27, 2024 20:59:12.294460058 CET213INHTTP/1.1 200 OK
                                                                                          Accept-Ranges: bytes
                                                                                          Content-Length: 16
                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                          Last-Modified: Sat, 21 May 2022 04:57:31 GMT
                                                                                          Date: Sun, 27 Oct 2024 19:59:12 GMT
                                                                                          Data Raw: cb 5e cf 60 9d e0 4a 51 15 21 27 9b bc c8 4c c8
                                                                                          Data Ascii: ^`JQ!'L


                                                                                          System Behavior

                                                                                          General

                                                                                          Start time (UTC):19:58:45
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/tmp/linux_arm64.elf
                                                                                          Arguments:/tmp/linux_arm64.elf
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:46
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/tmp/linux_arm64.elf
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:46
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/bin/bash
                                                                                          Arguments:/bin/bash -c /etc/32678&
                                                                                          File size:1183448 bytes
                                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:46
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/bin/bash
                                                                                          Arguments:-
                                                                                          File size:1183448 bytes
                                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/32678
                                                                                          Arguments:/etc/32678
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/32678
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sleep
                                                                                          Arguments:sleep 60
                                                                                          File size:39256 bytes
                                                                                          MD5 hash:fcba58db24e5e3672c4d70a3bb01d7a4

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:46
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/tmp/linux_arm64.elf
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:46
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:service crond start
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/basename
                                                                                          Arguments:basename /usr/sbin/service
                                                                                          File size:39256 bytes
                                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/basename
                                                                                          Arguments:basename /usr/sbin/service
                                                                                          File size:39256 bytes
                                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl --quiet is-active multi-user.target
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:48
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:48
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:48
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl list-unit-files --full --type=socket
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:48
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:48
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sed
                                                                                          Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                                                          File size:121288 bytes
                                                                                          MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:07
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl start crond.service
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:46
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/tmp/linux_arm64.elf
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:47
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/tmp/linux_arm64.elf
                                                                                          Arguments:/tmp/linux_arm64.elf
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:48
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/tmp/linux_arm64.elf
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:48
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/update-rc.d
                                                                                          Arguments:update-rc.d linux_kill defaults
                                                                                          File size:3478464 bytes
                                                                                          MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:49
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/update-rc.d
                                                                                          Arguments:-
                                                                                          File size:3478464 bytes
                                                                                          MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:50
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl daemon-reload
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:12
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/tmp/linux_arm64.elf
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:12
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/bin/bash
                                                                                          Arguments:/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable linux.service;systemctl start linux.service;journalctl -xe --no-pager"
                                                                                          File size:1183448 bytes
                                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:12
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/bin/bash
                                                                                          Arguments:-
                                                                                          File size:1183448 bytes
                                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:12
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl daemon-reload
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:13
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/bin/bash
                                                                                          Arguments:-
                                                                                          File size:1183448 bytes
                                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:13
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl enable linux.service
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:15
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/bin/bash
                                                                                          Arguments:-
                                                                                          File size:1183448 bytes
                                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:15
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl start linux.service
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/bin/bash
                                                                                          Arguments:-
                                                                                          File size:1183448 bytes
                                                                                          MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/journalctl
                                                                                          Arguments:journalctl -xe --no-pager
                                                                                          File size:80120 bytes
                                                                                          MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:51
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/lib/systemd/systemd
                                                                                          Arguments:-
                                                                                          File size:1620224 bytes
                                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:58:51
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          File size:22760 bytes
                                                                                          MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:13
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/lib/systemd/systemd
                                                                                          Arguments:-
                                                                                          File size:1620224 bytes
                                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:13
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          File size:22760 bytes
                                                                                          MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:15
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/lib/systemd/systemd
                                                                                          Arguments:-
                                                                                          File size:1620224 bytes
                                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:15
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                          File size:22760 bytes
                                                                                          MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:17
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/lib/systemd/systemd
                                                                                          Arguments:-
                                                                                          File size:1620224 bytes
                                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:17
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/boot/System.img.config
                                                                                          Arguments:/boot/System.img.config
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:18
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/boot/System.img.config
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:18
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/pkill
                                                                                          Arguments:pkill -9 32678
                                                                                          File size:30968 bytes
                                                                                          MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/boot/System.img.config
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sh
                                                                                          Arguments:sh -c /etc/32678&
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/32678
                                                                                          Arguments:/etc/32678
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/32678
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sleep
                                                                                          Arguments:sleep 60
                                                                                          File size:39256 bytes
                                                                                          MD5 hash:fcba58db24e5e3672c4d70a3bb01d7a4

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/32678
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/id.services.conf
                                                                                          Arguments:/etc/id.services.conf
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/id.services.conf
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/pkill
                                                                                          Arguments:pkill -9 32678
                                                                                          File size:30968 bytes
                                                                                          MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/id.services.conf
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sh
                                                                                          Arguments:sh -c /etc/32678&
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sh
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/32678
                                                                                          Arguments:/etc/32678
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/32678
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sleep
                                                                                          Arguments:sleep 60
                                                                                          File size:39256 bytes
                                                                                          MD5 hash:fcba58db24e5e3672c4d70a3bb01d7a4

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/id.services.conf
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:service crond start
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/basename
                                                                                          Arguments:basename /usr/sbin/service
                                                                                          File size:39256 bytes
                                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/basename
                                                                                          Arguments:basename /usr/sbin/service
                                                                                          File size:39256 bytes
                                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl --quiet is-active multi-user.target
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:40
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:40
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:40
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl list-unit-files --full --type=socket
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:40
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:40
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sed
                                                                                          Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                                                          File size:121288 bytes
                                                                                          MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:42
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl start crond.service
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/id.services.conf
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):20:00:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/etc/id.services.conf
                                                                                          Arguments:/etc/id.services.conf
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/boot/System.img.config
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:service crond start
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/basename
                                                                                          Arguments:basename /usr/sbin/service
                                                                                          File size:39256 bytes
                                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/basename
                                                                                          Arguments:basename /usr/sbin/service
                                                                                          File size:39256 bytes
                                                                                          MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:37
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl --quiet is-active multi-user.target
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:38
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:38
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:38
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl list-unit-files --full --type=socket
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          Chronological Activities


                                                                                          General

                                                                                          Start time (UTC):19:59:38
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/service
                                                                                          Arguments:-
                                                                                          File size:129816 bytes
                                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                          General

                                                                                          Start time (UTC):19:59:38
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/sed
                                                                                          Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                                                          File size:121288 bytes
                                                                                          MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                                                          General

                                                                                          Start time (UTC):19:59:39
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/bin/systemctl
                                                                                          Arguments:systemctl start crond.service
                                                                                          File size:996584 bytes
                                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/boot/System.img.config
                                                                                          Arguments:-
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          General

                                                                                          Start time (UTC):19:59:36
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/boot/System.img.config
                                                                                          Arguments:/boot/System.img.config
                                                                                          File size:5706200 bytes
                                                                                          MD5 hash:02e8e39e1b46472a60d128a6da84a2b8

                                                                                          General

                                                                                          Start time (UTC):19:59:18
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/sshd
                                                                                          Arguments:-
                                                                                          File size:876328 bytes
                                                                                          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                                                          General

                                                                                          Start time (UTC):19:59:18
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/sshd
                                                                                          Arguments:/usr/sbin/sshd -D -R
                                                                                          File size:876328 bytes
                                                                                          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                                                          General

                                                                                          Start time (UTC):19:59:21
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/sshd
                                                                                          Arguments:-
                                                                                          File size:876328 bytes
                                                                                          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                                                          General

                                                                                          Start time (UTC):19:59:21
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/sshd
                                                                                          Arguments:/usr/sbin/sshd -D -R
                                                                                          File size:876328 bytes
                                                                                          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                                                          General

                                                                                          Start time (UTC):19:59:24
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/sshd
                                                                                          Arguments:-
                                                                                          File size:876328 bytes
                                                                                          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                                                          General

                                                                                          Start time (UTC):19:59:31
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/sshd
                                                                                          Arguments:-
                                                                                          File size:876328 bytes
                                                                                          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                                                          General

                                                                                          Start time (UTC):19:59:31
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/sshd
                                                                                          Arguments:/usr/sbin/sshd -D -R
                                                                                          File size:876328 bytes
                                                                                          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                                                          General

                                                                                          Start time (UTC):19:59:33
                                                                                          Start date (UTC):27/10/2024
                                                                                          Path:/usr/sbin/sshd
                                                                                          Arguments:-
                                                                                          File size:876328 bytes
                                                                                          MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340