Loading ...

Play interactive tourEdit tour

Linux Analysis Report SGEgzPdjRk

Overview

General Information

Sample Name:SGEgzPdjRk
Analysis ID:553480
MD5:bac2f57ce5018c375edb702622eec6b9
SHA1:2506edaa267c8bbb17dbe039f24e928fd8c386bc
SHA256:bcdcdf35b7e12a89a6f5a44877bbc82cb53a23b863722f5a705aa8bbcea9f940
Tags:32elfmipsmirai
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Sample contains only a LOAD segment without any section mappings
Deletes log files
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "systemctl" command used for controlling the systemd system and service manager
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553480
Start date:15.01.2022
Start time:00:47:53
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 10s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:SGEgzPdjRk
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal56.spre.evad.lin@0/53@0/0

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 5192, Parent: 1)
  • logrotate (PID: 5192, Parent: 1, MD5: ff9f6831debb63e53a31ff8057143af6) Arguments: /usr/sbin/logrotate /etc/logrotate.conf
    • gzip (PID: 5233, Parent: 5192, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5234, Parent: 5192, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
      • sh New Fork (PID: 5235, Parent: 5234)
      • invoke-rc.d (PID: 5235, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: invoke-rc.d --quiet cups restart
        • runlevel (PID: 5236, Parent: 5235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: /sbin/runlevel
        • systemctl (PID: 5239, Parent: 5235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-enabled cups.service
        • ls (PID: 5242, Parent: 5235, MD5: e7793f15c2ff7e747b4bc7079f5cd4f7) Arguments: ls /etc/rc[S2345].d/S[0-9][0-9]cups
        • systemctl (PID: 5243, Parent: 5235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active cups.service
    • gzip (PID: 5244, Parent: 5192, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5245, Parent: 5192, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
      • sh New Fork (PID: 5246, Parent: 5245)
      • rsyslog-rotate (PID: 5246, Parent: 5245, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/lib/rsyslog/rsyslog-rotate
        • systemctl (PID: 5247, Parent: 5246, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl kill -s HUP rsyslog.service
  • systemd New Fork (PID: 5193, Parent: 1)
  • install (PID: 5193, Parent: 1, MD5: 55e2520049dc6a62e8c94732e36cdd54) Arguments: /usr/bin/install -d -o man -g man -m 0755 /var/cache/man
  • systemd New Fork (PID: 5232, Parent: 1)
  • find (PID: 5232, Parent: 1, MD5: b68ef002f84cc54dd472238ba7df80ab) Arguments: /usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
  • systemd New Fork (PID: 5240, Parent: 1)
  • mandb (PID: 5240, Parent: 1, MD5: 1dda5ea0027ecf1c2db0f5a3de7e6941) Arguments: /usr/bin/mandb --quiet
  • SGEgzPdjRk (PID: 5281, Parent: 5107, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/SGEgzPdjRk
  • cleanup

Yara Overview

No yara matches

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: SGEgzPdjRkVirustotal: Detection: 24%Perma Link
Source: SGEgzPdjRkReversingLabs: Detection: 34%
Source: /tmp/SGEgzPdjRk (PID: 5283)Socket: 0.0.0.0::0Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)Socket: 0.0.0.0::23Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)Socket: 0.0.0.0::53413Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)Socket: 0.0.0.0::80Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)Socket: 0.0.0.0::52869Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)Socket: 0.0.0.0::37215Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)Socket: 0.0.0.0::0Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)Socket: 0.0.0.0::23Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)Socket: 0.0.0.0::53413Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)Socket: 0.0.0.0::80Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)Socket: 0.0.0.0::52869Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)Socket: 0.0.0.0::37215Jump to behavior
Source: SGEgzPdjRkString found in binary or memory: http://upx.sf.net

System Summary:

barindex
Sample tries to kill multiple processes (SIGKILL)Show sources
Source: /tmp/SGEgzPdjRk (PID: 5283)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 5283, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 720, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 759, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 788, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 800, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 847, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 884, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 1334, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 1335, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 1860, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 1872, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2096, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2097, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2102, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2180, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2208, result: successfulJump to behavior
Source: LOAD without section mappingsProgram segment: 0x100000
Source: /tmp/SGEgzPdjRk (PID: 5283)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 5283, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 720, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 759, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 788, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 800, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 847, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 884, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 1334, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 1335, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 1860, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 1872, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2096, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2097, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2102, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2180, result: successfulJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)SIGKILL sent: pid: 2208, result: successfulJump to behavior
Source: classification engineClassification label: mal56.spre.evad.lin@0/53@0/0

Data Obfuscation:

barindex
Sample is packed with UPXShow sources
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/491/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/793/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/772/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/796/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/774/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/797/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/777/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/799/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/658/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/912/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/759/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/936/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/918/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/1/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/761/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/785/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/884/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/720/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/721/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/788/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/789/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/800/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/801/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/847/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5283)File opened: /proc/904/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2033/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2033/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1582/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1582/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2275/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1612/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1612/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1579/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1579/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1699/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1699/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1335/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1335/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1698/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1698/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2028/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2028/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1334/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1334/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1576/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1576/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2302/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/3236/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2025/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2025/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2146/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2146/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/910/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/912/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/912/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/912/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/759/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/759/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/759/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/517/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2307/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/918/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/918/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/918/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1594/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1594/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2285/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2281/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1349/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1349/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1623/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1623/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/761/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/761/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/761/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1622/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1622/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/884/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/884/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/884/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1983/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1983/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2038/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2038/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1586/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1586/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1465/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1465/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1344/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1344/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1860/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1860/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1463/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/1463/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2156/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/2156/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/800/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/800/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/800/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/801/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/801/fdJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/801/exeJump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5289)File opened: /proc/5028/fdJump to behavior
Source: /usr/sbin/logrotate (PID: 5234)Shell command executed: sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "Jump to behavior
Source: /usr/sbin/logrotate (PID: 5245)Shell command executed: sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslogJump to behavior
Source: /usr/sbin/invoke-rc.d (PID: 5239)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-enabled cups.serviceJump to behavior
Source: /usr/sbin/invoke-rc.d (PID: 5243)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active cups.serviceJump to behavior
Source: /usr/lib/rsyslog/rsyslog-rotate (PID: 5247)Systemctl executable: /usr/bin/systemctl -> systemctl kill -s HUP rsyslog.serviceJump to behavior
Source: /usr/sbin/logrotate (PID: 5192)Truncated file: /var/log/cups/access_log.1Jump to behavior
Source: /usr/sbin/logrotate (PID: 5192)Truncated file: /var/log/syslog.1Jump to behavior
Source: /usr/bin/find (PID: 5232)Queries kernel information via 'uname': Jump to behavior
Source: /tmp/SGEgzPdjRk (PID: 5281)Queries kernel information via 'uname': Jump to behavior
Source: 5240.20.drBinary or memory string: -9915837702310A--gzvmware kernel module
Source: 5240.20.drBinary or memory string: -1116261022170A--gzQEMU User Emulator
Source: 5240.20.drBinary or memory string: qemu-or1k
Source: 5240.20.drBinary or memory string: qemu-riscv64
Source: 5240.20.drBinary or memory string: {cqemu
Source: 5240.20.drBinary or memory string: qemu-arm
Source: 5240.20.drBinary or memory string: (qemu
Source: 5240.20.drBinary or memory string: qemu-tilegx
Source: 5240.20.drBinary or memory string: qemu-hppa
Source: 5240.20.drBinary or memory string: q{rqemu%
Source: 5240.20.drBinary or memory string: )qemu
Source: 5240.20.drBinary or memory string: vmware-toolbox-cmd
Source: 5240.20.drBinary or memory string: qemu-ppc
Source: 5240.20.drBinary or memory string: Tqemu9
Source: 5240.20.drBinary or memory string: qemu-aarch64_be
Source: 5240.20.drBinary or memory string: 0qemu9
Source: 5240.20.drBinary or memory string: qemu-sparc64
Source: 5240.20.drBinary or memory string: qemu-mips64
Source: 5240.20.drBinary or memory string: vV:qemu9
Source: 5240.20.drBinary or memory string: qemu-ppc64le
Source: 5240.20.drBinary or memory string: <glib::param::uint64Glib::Param::UInt643pm315820097650A--gzWrapper for uint64 parameters in GLibx86_64-linux-gnu-ld.gold-1116112426130B--gzThe GNU ELF linkerprinter-profile-1115804162510A--gzProfile using X-Rite ColorMunki and Argyll CMSgrub-fstest-1116214898500A--gzdebug tool for GRUB filesystem driversxdg-user-dir-1115483406210A--gzFind an XDG user dirkmodsign-1115569251480A--gzKernel module signing toolsensible-editor-1115739932820A--gzsensible editing, paging, and web browsingminesMines6615854478170Cgnome-mines-gzinputattach-1115708189280A--gzattach a serial line to an input-layer devicegapplication-1116155671180A--gzD-Bus application launcherip-tunnel-8815816145190A--gztunnel configurationkoi8rxterm-1116140167530A--gzX terminal emulator for KOI8-R environmentsfoo2hiperc-wrapper-1115804162510A-tgzConvert Postscript into a HIPERC printer streamcryptsetup-reencrypt-8816002888050A--gztool for offline LUKS device re-encryptionsyndaemon-1115861716810A--gza program that monitors keyboard activity and disables the touchpad when the keyboard is being used.gslj-1115980290200B--gzFormat and print text for LaserJet printer using ghostscriptfile2brl-1115757179490A--gzTranslate an xml or a text file into an embosser-ready braille filexfdesktop-settings-1115793419820A--gzDesktop settings for Xfceua-1115856013570B--gzManage Ubuntu Advantage services from Canonicallatin4-7715812813670B--gzISO 8859-4 character set encoded in octal, decimal, and hexadecimalsane-genesys-5516003468200A--gzSANE backend for GL646, GL841, GL843, GL847 and GL124 based USB flatbed scannerspdftohtml-1115853266670A--gzprogram to convert PDF files into HTML, XML and PNG imagesbluetooth-sendto-1116015653360A--gzGTK application for transferring files over Bluetoothqemu-ppc64-1116261022170B--gzQEMU User Emulatorcache_metadata_size-8815811608350A--gzEstimate the size of the metadata device needed for a given configuration.net::dbus::exporterNet::DBus::Exporter3pm315773746310A--gzExport object methods and signals to the bussane-pint-5516003468200A--gzSANE backend for scanners that use the PINT device driverbpf-helpers7-7715812813670A--gzlist of eBPF helper functionsfull-4415812813670A--gzalways full devicelogin-1115906478670A--gzbegin session on the systemcups-snmp-8815877390340A--gzcups snmp backend (deprecated)ordchr-3am315728089600A--gzconvert characters to strings and vice versasosreport-1116092694050A--gzCollect and package diagnostic and support datatop-1115827827270A--gzdisplay Linux processesuri::_punycodeURI::_punycode3pm315811897880A--gzencodes Unicode string in Punycodettytty4tty1systemd-localed-8816268940210B--gzLocale bus mechanismlvmsadc-8815816289110
Source: 5240.20.drBinary or memory string: vmware
Source: 5240.20.drBinary or memory string: qemu-cris
Source: 5240.20.drBinary or memory string: libvmtools
Source: 5240.20.drBinary or memory string: qemu-m68k
Source: 5240.20.drBinary or memory string: qemu-xtensa
Source: 5240.20.drBinary or memory string: 9qemu
Source: 5240.20.drBinary or memory string: qemu-sh4
Source: 5240.20.drBinary or memory string: Dprezip-bin-1116269780060A--gzprefix zip delta word list compressor/decompressornameif-8815490444730A--gzname network interfaces based on MAC addressesxdg-user-dirs-update-1115483406210A--gzUpdate XDG user dir configurationip-link-8815816145190A--gznetwork device configurationhpsa-4415812813670A--gzHP Smart Array SCSI driverhd4-4415812813670A--gzMFM/IDE hard disk devicessane-canon630u-5516003468200A--gzSANE backend for the Canon 630u USB flatbed scannersg_copy_results-8815825816070A--gzsend SCSI RECEIVE COPY RESULTS command (XCOPY related)grub-macbless-8816214898500A--gzbless a mac file/directoryntfstruncate-8815568625640A-tgztruncate a file on an NTFS volumelessfile-1115936459130B--gz"input preprocessor" for less.sane-artec-5516003468200A--gzSANE backend for Artec flatbed scannersrmdir-1115676799200A--gzremove empty directoriessystemd-networkd-wait-online.service-8816268940210A--gzWait for network to come onlinemkfs.ntfs-8815568625640B-tgzcreate an NTFS file systemsg_inq-8815825816070A--gzissue SCSI INQUIRY command and/or decode its responseradattr.so-8815955079440Cpppd-radattr-gzc_rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valuestc-htb-8815816145190A--gzHierarchy Token Bucketgvfs-open-1115868766090A--gzsg_rbuf-8815825816070A--gzreads data using SCSI READ BUFFER commandglib-compile-schemas-1116155671180A--gzGSettings schema compileropenssl-srp-1ssl116164130370B--gzmaintain SRP password fileopenssl-rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valueslibvmtools-3315837702310A--gzvmware shared librarypasswd5-5515906478670A--gzthe password filenet::dbus::dumperNet::DBus::Dumper3pm315773746310A--gzStringify Net::DBus objects suitable for printingsane-hp4200-5516003468200A--gzSANE backend for Hewlett-Packard 4200 scannersposixoptions-7715812813670A--gzoptional parts of the POSIX standardnetworkmanager.confNetworkManager.conf5516002723180A--gzNetworkManager configuration fileownership-8815771238010A--gzCompaq ownership tag retrieveroakdecode-1115804162510A--gzDecode an OAKT printer stream into human readable form.gvfs-save-1115868766090A--gzmkfs.minix-8815953177680A--gzmake a Minix filesystemuri7-7715812813670A--gzuniform resource identifier (URI), including a URL or URNedit-1115714399500B--gzexecute programs via entries in the mailcap filegit-diff-files-1116148628880A--gzCompares files in the working tree and the index.ldaprc-5516136581350Cldap.conf-gzpactl-1116219586470A--gzControl a running PulseAudio sound servertempfile-1115756848240A--gzcreate a temporary file in a safe mannerhp-check-1115857238880A--gzDependency/Vers
Source: SGEgzPdjRk, 5281.1.000000002b189417.00000000d3104406.rw-.sdmp, SGEgzPdjRk, 5283.1.000000002b189417.00000000d3104406.rw-.sdmp, SGEgzPdjRk, 5284.1.000000002b189417.00000000d3104406.rw-.sdmp, SGEgzPdjRk, 5291.1.000000002b189417.00000000d3104406.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/SGEgzPdjRkSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SGEgzPdjRk
Source: 5240.20.drBinary or memory string: .qemu{
Source: 5240.20.drBinary or memory string: qemu-ppc64abi32
Source: 5240.20.drBinary or memory string: qemu-ppc64
Source: 5240.20.drBinary or memory string: qemu-i386
Source: 5240.20.drBinary or memory string: qemu-x86_64
Source: 5240.20.drBinary or memory string: H~6\nqemu*q
Source: 5240.20.drBinary or memory string: @qemu
Source: 5240.20.drBinary or memory string: Fqqemu
Source: 5240.20.drBinary or memory string: N4qemu
Source: 5240.20.drBinary or memory string: ~6\nqemu*q
Source: SGEgzPdjRk, 5281.1.00000000d0e78c37.00000000d9fecb7a.rw-.sdmp, SGEgzPdjRk, 5283.1.00000000d0e78c37.00000000d9fecb7a.rw-.sdmp, SGEgzPdjRk, 5284.1.00000000d0e78c37.00000000d9fecb7a.rw-.sdmp, SGEgzPdjRk, 5291.1.00000000d0e78c37.00000000d9fecb7a.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
Source: 5240.20.drBinary or memory string: qemu-mips64el
Source: 5240.20.drBinary or memory string: hqemu
Source: 5240.20.drBinary or memory string: &mqemu
Source: 5240.20.drBinary or memory string: $qemu
Source: 5240.20.drBinary or memory string: qemu-sparc
Source: 5240.20.drBinary or memory string: qemu-microblaze
Source: 5240.20.drBinary or memory string: qemu-user
Source: 5240.20.drBinary or memory string: qemu-aarch64
Source: 5240.20.drBinary or memory string: qemu-sh4eb
Source: 5240.20.drBinary or memory string: iqemu
Source: 5240.20.drBinary or memory string: qemu-mipsel
Source: 5240.20.drBinary or memory string: qemuP`
Source: 5240.20.drBinary or memory string: qemu-alpha
Source: 5240.20.drBinary or memory string: qemu-microblazeel
Source: 5240.20.drBinary or memory string: \qemu
Source: 5240.20.drBinary or memory string: qemu-xtensaeb
Source: 5240.20.drBinary or memory string: qemu-mipsn32el
Source: 5240.20.drBinary or memory string: SAqemu
Source: 5240.20.drBinary or memory string: Vqemu
Source: 5240.20.drBinary or memory string: qemu-mipsn32
Source: 5240.20.drBinary or memory string: qemuAU
Source: 5240.20.drBinary or memory string: qemu-riscv32
Source: 5240.20.drBinary or memory string: qemu-sparc32plus
Source: 5240.20.drBinary or memory string: 7,qemu
Source: 5240.20.drBinary or memory string: qemu-s390x
Source: SGEgzPdjRk, 5281.1.00000000d0e78c37.00000000d9fecb7a.rw-.sdmp, SGEgzPdjRk, 5283.1.00000000d0e78c37.00000000d9fecb7a.rw-.sdmp, SGEgzPdjRk, 5284.1.00000000d0e78c37.00000000d9fecb7a.rw-.sdmp, SGEgzPdjRk, 5291.1.00000000d0e78c37.00000000d9fecb7a.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: 5240.20.drBinary or memory string: vmware-checkvm
Source: 5240.20.drBinary or memory string: qemu-nios2
Source: SGEgzPdjRk, 5281.1.000000002b189417.00000000d3104406.rw-.sdmp, SGEgzPdjRk, 5283.1.000000002b189417.00000000d3104406.rw-.sdmp, SGEgzPdjRk, 5284.1.000000002b189417.00000000d3104406.rw-.sdmp, SGEgzPdjRk, 5291.1.000000002b189417.00000000d3104406.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
Source: 5240.20.drBinary or memory string: qemu-armeb
Source: 5240.20.drBinary or memory string: -4415868968400A--gzVMware SVGA video driver
Source: 5240.20.drBinary or memory string: 7xml::parser::style::streamXML::Parser::Style::Stream3pm315701248990A--gzStream style for XML::Parsersystemd-timedated-8816268940210B--gzTime and date bus mechanismxfce4-keyboard-settings-1115867081120A--gzKeyboard settings for Xfcepygettext2-1115841026830B--gzPython equivalent of xgettext(1)sudoedit-8816110660620B--gzexecute a command as another userintro7-7715812813670A--gzintroduction to overview and miscellany sectionsprof-1115812813670A--gzread and display shared object profiling datadhclient.conf-5516219398220A--gzDHCP client configuration filepam_group-8815953742440A--gzPAM module for group accesssystemd-ask-password-1116268940210A--gzQuery the user for a system passwordupdate-dictcommon-hunspell-8815422954860A--gzrebuild hunspell database and emacsen stuffqemu-nios2-1116261022170B--gzQEMU User Emulatorlwp::useragentLWP::UserAgent3pm315750405830A--gzWeb user agent classgpgcompose-1115838662460A--gzGenerate a stream of OpenPGP packetsecho-1115676799200A--gzdisplay a line of textio::socket::ssl::utilsIO::Socket::SSL::Utils3pm315817106800A--gz- loading, storing, creating certificates and keyscurl-1116268709580A--gztransfer a URLgetcap-8815819434600A--gzexamine file capabilitieszegrep-1115762517060B--gzsearch possibly compressed files for a regular expressiongrub-syslinux2cfg-1116214898500A--gztransform syslinux config into grub.cfgrtc-4415812813670A--gzreal-time clockglib::codegenGlib::CodeGen3pm315820097650A--gzcode generation utilities for Glib-based bindings.wpa_cli-8816146062790A--gzWPA command line clientiso_8859_3-7715812813670B--gzISO 8859-3 character set encoded in octal, decimal, and hexadecimaliso_8859-9-7715812813670A-tgzISO 8859-9 character set encoded in octal, decimal, and hexadecimallvextend-8815816289110A--gzAdd space to a logical volumeresolvectl-1116268940210A--gzResolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolverchgrp-1115676799200A--gzchange group ownershipsystemd-cgls-1116268940210A--gzRecursively show control group contentspygettext3.8-1113852085880A--gzPython equivalent of xgettext(1)ping4-8815804258830B--gzsend ICMP ECHO_REQUEST to network hostsidmapwb-8816000845410A--gzwinbind ID mapping plugin for cifs-utilsapturl-gtk-8815799493830B--gzgraphical apt-protocol interpreting package installersane-epsonds-5516003468200A--gzSANE backend for EPSON ESC/I-2 scannersgvfs-monitor-file-1115868766090A--gzrstart-1115829564830A--gza sample implementation of a Remote Start clientgit-stage-1116148628880A--gzAdd file contents to the staging areatc-pedit-8815816145190A--gzgeneric packet editor actioniptables-save-881582899
Source: 5240.20.drBinary or memory string: I_qemu
Source: 5240.20.drBinary or memory string: -1116261022170B--gzQEMU User Emulator
Source: 5240.20.drBinary or memory string: -3315837702310A--gzvmware shared library
Source: 5240.20.drBinary or memory string: qemu-mips
Source: 5240.20.drBinary or memory string: qemuj\
Source: 5240.20.drBinary or memory string: {qemuQ&
Source: 5240.20.drBinary or memory string: Wgnome-text-editor-111629209547491759146B--gztext editor for the GNOME Desktopx11::protocol::connection::filehandleX11::Protocol::Connection::FileHandle3pm314314075500A--gzPerl module base class for FileHandle-based X11 connectionshtbHTB8815816145190Ctc-htb-gzcifscreds-1116000845410A--gzmanage NTLM credentials in kernel keyringiwconfig-8815490049440A--gzconfigure a wireless network interfaceossl_store-file-7ssl716164130370A--gzThe store 'file' scheme loadertc-stab-8815816145190A--gzGeneric size table manipulationsnotifier-7715877390340A--gzcups notification interfaceqemu-arm-1116261022170B--gzQEMU User EmulatorgemfileGemfile5516263767190Cgemfile2.7-gzglib::object::subclassGlib::Object::Subclass3pm315820097650A--gzregister a perl class as a GObject classnetcat-111612200165426646725B--gzarbitrary TCP and UDP connections and listensdpkg::changelog::parseDpkg::Changelog::Parse3perl315849439740A--gzgeneric changelog parser for dpkg-parsechangelogmpris-proxy-1116243432320A--gzBluetooth mpris-proxybundle-pristine2.7-1116263767190A--gzRestores installed gems to their pristine conditionfsck.ext3-8815816604980B--gzcheck a Linux ext2/ext3/ext4 file systemvolname-1115625752510A--gzreturn volume nameiso-8859-9-7715812813670B--gzISO 8859-9 character set encoded in octal, decimal, and hexadecimalheadhead1HEAD1psd-4415812813670A--gzdriver for SCSI disk driveschrt-1115953177680A--gzmanipulate the real-time attributes of a processvcs-4415812813670A--gzvirtual console memorygit-upload-archive-1116148628880A--gzSend archive back to git-archivenet::dbus::binding::message::errorNet::DBus::Binding::Message::Error3pm315773746310A--gza message encoding a method call errorpkcs11.conf-5516097870510A--gzConfiguration files for PKCS#11 modulessfill-1115227593860A--gzsecure free disk and inode space wiper (secure_deletion toolkit)ldattach-8815953177680A--gzattach a line discipline to a serial linethin_restore-8815811608350A--gzrestore thin provisioning metadata file to device or file.phar.phar7.4-1116254980150B--gzPHAR (PHP archive) command line toolbundle-outdated2.7-1116263767190A--gzList installed gems with newer versions availablemail::addressMail::Address3pm315640244160A--gzparse mail addressesopenssl-ca-1ssl116164130370B--gzsample minimal CA applicationchardet3-1115765858900A--gzuniversal character encoding detectorerb2.7-1116263767190A--gzRuby Templatingchktrust-1115826667350A--gzCheck the trust of a PE executable.sg_raw-8815825816070A--gzsend arbitrary SCSI command to a devicegvfs-trash-1115868766090A--gzintro1-1115812813670A--gzintroduction to user commandsmailcap-5515714399500A--gzmetamail capabilities filegigoloGigolo1gig
Source: 5240.20.drBinary or memory string: vmware-xferlogs

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsScripting1Systemd Service1Systemd Service1Scripting1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsIndicator Removal on Host1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 553480 Sample: SGEgzPdjRk Startdate: 15/01/2022 Architecture: LINUX Score: 56 56 Multi AV Scanner detection for submitted file 2->56 58 Sample is packed with UPX 2->58 8 systemd mandb SGEgzPdjRk 2->8         started        10 systemd logrotate 2->10         started        12 systemd install 2->12         started        14 systemd find 2->14         started        process3 process4 16 SGEgzPdjRk 8->16         started        18 SGEgzPdjRk 8->18         started        21 SGEgzPdjRk 8->21         started        23 logrotate sh 10->23         started        25 logrotate sh 10->25         started        27 logrotate gzip 10->27         started        29 logrotate gzip 10->29         started        signatures5 31 SGEgzPdjRk 16->31         started        34 SGEgzPdjRk 16->34         started        36 SGEgzPdjRk 16->36         started        38 SGEgzPdjRk 16->38         started        60 Sample tries to kill multiple processes (SIGKILL) 18->60 40 sh invoke-rc.d 23->40         started        42 sh rsyslog-rotate 25->42         started        process6 signatures7 62 Sample tries to kill multiple processes (SIGKILL) 31->62 44 SGEgzPdjRk 34->44         started        46 invoke-rc.d runlevel 40->46         started        48 invoke-rc.d systemctl 40->48         started        50 invoke-rc.d ls 40->50         started        52 invoke-rc.d systemctl 40->52         started        54 rsyslog-rotate systemctl 42->54         started        process8

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SGEgzPdjRk25%VirustotalBrowse
SGEgzPdjRk35%ReversingLabsLinux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netSGEgzPdjRkfalse
    high

    Contacted IPs

    No contacted IP infos


    Runtime Messages

    Command:/tmp/SGEgzPdjRk
    Exit Code:0
    Exit Code Info:
    Killed:False
    Standard Output:
    Connected To CNC
    Standard Error:

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASN

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    /var/cache/man/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):622592
    Entropy (8bit):4.657516417799966
    Encrypted:false
    SSDEEP:6144:rb7cWWov4H5N80nuDSyvxYCWZ0/VmpRELAR/QuU/MzUCl1NZ:H4WWoGgvSiOp2kl
    MD5:0C99179B6C5CFE82203424AD7DAD0D8F
    SHA1:CAC50B64B1352723FF8F58BB1B103B93C396539B
    SHA-256:CEC6859D12C6A981ACA4D7C88F6E62E9616FB4D765C4A52147A7DA7BAD4F2420
    SHA-512:4226FDE9F558FFEF2107C330DB942E7E665C51C520A840221541AD255D0995AF64101C69D42C4BD43037364CC4D152851625A53DC56CC188DC28A3DC8C5602F6
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview: .W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/cs/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):1.6070136442091312
    Encrypted:false
    SSDEEP:48:bhVGQeUzGLIsWUMZJ5CggJHtheYdiKNHTlJ8NK:bhVGaGLIWMZXZgxeYtzll
    MD5:D0CA2EBA9E7A17D4680AA9DDC5F88946
    SHA1:270F443EFF85209052AE8FFA86660AFB0FAAD39B
    SHA-256:9504DC65F8B4E057D0939FA3B2C640FC703D0290EE19381836BAA5EB3EFBADBD
    SHA-512:9F999B0467E396E78A91F0BFE56E191DB9D9AFA6DC47858F3427CB44A39D5A13A206542A471CE15C8851674A234B9A7A49AAB7E6D5AF8D080BBC99C2BA3C56D8
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/cs/index.db.jXqXSr
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/da/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):2.24195239843379
    Encrypted:false
    SSDEEP:96:bhHY2DzMnpU0QMiloesQdUTn3WVE0UnknJfsWdv0SBpEVvsb6eZeGfRL+:dYKM+oagn3WW5nkniWdv0SAVE6eZee6
    MD5:4DF08004EE4C5384C02376841F2B50BC
    SHA1:C02E58212CA012913390B4C1CCD64DD3353009EE
    SHA-256:F4D6A62A734E2844B99F3AD0EB480373AFBE56B29C0CFC9C70D9DFDF19D95C02
    SHA-512:6146001CA7028F58595235F244AE8FC4ECAEA3E95C83276514FC704E91B7596678E74CDE9963D680F2493F9C04AFDEBC4DB5094E2AB7C1A949E9378307AE0116
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/da/index.db.138Yms
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/de/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):45056
    Entropy (8bit):4.16308917006812
    Encrypted:false
    SSDEEP:768:gMGrknsA3KVtOOcmGMrTJDEEf5R1OHhiVDdtq5:/GrkncXD+qmHhGLq
    MD5:EA52C9E6E4422CD44CFB274A7BBC2EF2
    SHA1:9476C1D7DECEA272043517CB0B5F25F59563FD04
    SHA-256:C8706AC2DD72D0337A1242F3C7E88D8880478A2569D8BDE4B3598CDDA30CC17C
    SHA-512:1779F8E486C193BE2D751C94576456D0FEE52EEA81C63043FC5F4672490A9876252F96BF7B1E5ADFA30027293F605311A26F2B98578E5423A59005A441D693D1
    Malicious:false
    Reputation:low
    Preview: .W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/de/index.db.sI6NCp
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):45056
    Entropy (8bit):0.20558603354177746
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:55880A8B73FD160B73198E09A21C83DB
    SHA1:5EB780702D2501747AF46F7525EF5C635EC5E64C
    SHA-256:66BD4C98AF40E2E208AC102ACD0F555A6C118E7258D91B833BE1D53EBFFB7BBB
    SHA-512:388924B8CAE80CCA6CA8E5109D0239A963A66CC0454450223EC7FB2A188F6F05E49632E535DC06E49DF6D007B221AA6B3D5F23C80203BCC861FF95EFA10AC1F9
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/es/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):2.469907427008948
    Encrypted:false
    SSDEEP:96:bhj9SeW/8iDdO/tktuGWTaZxzn3zbHGc2WjAXGBCgfd6Dgzs30z8ztvpWF4DXst:99PGo9Tmn3zbNBSw/fd6Oz8ztQSDXo
    MD5:3DBF4FF017D406F407BFBC2011BCAE9E
    SHA1:FF64864ACA18DFA7869715CE8AA5ECC3DABA54B6
    SHA-256:640C040F364061A5825E913682798C9BC8E1081088894D3FEB2C3EC39D02A379
    SHA-512:3DCC8F432487C532A1F69D321EB57EFE5CFE65AA3C99B81EA1A56613F8F460EA9ED7D2031615F2E60A3F2EE279D411848E5387CC8B8D5F28D8F8D0055D72489B
    Malicious:false
    Preview: .W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/es/index.db.h1ygwq
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):0.3847690842836057
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:F0B902DEA5EF122A0B1F0F496DDC781B
    SHA1:90176D320A9C3601787D53CC346DC743367D53F1
    SHA-256:CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
    SHA-512:3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/fi/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.5882948808594274
    Encrypted:false
    SSDEEP:12:Ey20yaajjjjjjjjjjjjjjjjjjjjjjjjjjGjjjjjjjjjjjjjjjjjjjjjjjjjjjjjp:bhjz+9Ab
    MD5:09F6ED1A60B8A4203EA97CF5926C6AFF
    SHA1:C28F4E393D55AD057E3C7608741904B796F67076
    SHA-256:56664D61D0BB8BF34CCA28C73CB314CB73EA1C4FAC64D2208B43F63C009FC855
    SHA-512:476EAE37D827C8BB322213799AB52DBE8FA43274DB3447BC5FEDFED64ECCEAF2C11DA375FDA09B37977D03CA1910E22443B22A3EEA875CE6F3BC698F8ADCC0E2
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/fi/index.db.CYTRGq
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/fr.ISO8859-1/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.9312184489410064
    Encrypted:false
    SSDEEP:12:Ey20yIpyjjjjjjjjjjjjjjjjjjjjjjjjXjjjjjjjjjjjjjjjjjjjjjjjjjjjjGz7:bhbpFi043WmkN2GmGufUeDDx+yxrq3
    MD5:43ADE2E40B8B5A0DFA0A155FC9A02F7F
    SHA1:3D04BDFFD0E2A8433150C87D334014099336A5C5
    SHA-256:81E48EE4653A5E6F25C33133F24F045EB1EB2CC6724ECE0C5336612AB711273E
    SHA-512:C9C5C436A0E986A39CE3FA1CAF15A92D509F4450744BAE0283204B58CDD6FE9B8EEB8D3E2CAFB4B1ACB46729317FFAEFE86B0DD2D60472CAB30B204CC2003B03
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/fr.ISO8859-1/index.db.cYBTBq
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/fr.UTF-8/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.9312184489410064
    Encrypted:false
    SSDEEP:12:Ey20yIpyjjjjjjjjjjjjjjjjjjjjjjjjXjjjjjjjjjjjjjjjjjjjjjjjjjjjjGz7:bhbpFi043WmkN2GmGufUeDDx+yxrq3
    MD5:43ADE2E40B8B5A0DFA0A155FC9A02F7F
    SHA1:3D04BDFFD0E2A8433150C87D334014099336A5C5
    SHA-256:81E48EE4653A5E6F25C33133F24F045EB1EB2CC6724ECE0C5336612AB711273E
    SHA-512:C9C5C436A0E986A39CE3FA1CAF15A92D509F4450744BAE0283204B58CDD6FE9B8EEB8D3E2CAFB4B1ACB46729317FFAEFE86B0DD2D60472CAB30B204CC2003B03
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/fr.UTF-8/index.db.staMSr
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/fr/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):40960
    Entropy (8bit):3.8303353466047136
    Encrypted:false
    SSDEEP:768:A4VX6Bd+dla5HmdT8qHl87BaIPay4uz8HkszHnwNO:A4ROd+dStM83PavzHC
    MD5:A59D183876E7FD34D1B9FC7A7A96BAA9
    SHA1:DC64603903514A89CD73FC1C856DA86D2E7EEE8C
    SHA-256:1FB7E0D49FA373091E02614554FD285AF6F41E7AEBCFD0768E197B08B59A3362
    SHA-512:6C83D65939ABCE4EC648FFCAC4D7EF72B570FDDE04AC6AF9690C991B368A3929662FBD7B953A0E0F544923429CC86A159FCD8FB43E5E58CB63FC03DAD1568876
    Malicious:false
    Preview: .W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/fr/index.db.vp8Oes
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):40960
    Entropy (8bit):0.22208993462959856
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:425CB57CD9B42556C8089FE7A7A3E495
    SHA1:4F33F9A9897218FDED958FD8F8D7AF7CD8BC48F3
    SHA-256:85E01EFF2AC0C83C827E118D5CE2CD1E1A19E059688B6E0D09CB3CC131F065D3
    SHA-512:8C7D4DACF5C5C5C4B78775048427AF99ED8057590AA3A69FD5B3F875B6DDD249A6DB0AF3A51BB96A7F629D1017B272317583A8DFF89FB3968FFE2F246F040F33
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/hu/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.9419610786280751
    Encrypted:false
    SSDEEP:24:bh04IR9rYz9kvNQFl46MdnqfPE9eTuF0Ce:bhXIHakVQmnqXqeT/Ce
    MD5:18F02B57872A97DE1E82FF5348A5AF1B
    SHA1:52F332343B120B1C950AC02B3C923556C70DC62A
    SHA-256:5C605DE68B3E05754698485F73413F4052AEA8C3AAE6012AC6416B3B6B056DF7
    SHA-512:E33A8412F52D26BDE55E4D72E0D9D09EB777F4B882F5BB1C4625AB392EE321D6ACD8795001BF50CCDACFAC131A1263B1398F208799F753554C43349136EB8BEC
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/hu/index.db.9RkNQq
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/id/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):1.309811236154278
    Encrypted:false
    SSDEEP:48:bhESUeDVrWTVd5ekRv/KSmGWqR0VouC4btU8IzTC74ExJKGtII:bhEVeBqTVdAcn3Iowl4UBtx
    MD5:3AFDA1B0F729816929FF7A6628D776D5
    SHA1:5982940A5782F11AEB5BF859C055DE3FEFBDF5DB
    SHA-256:77809D5F38F6D96A2E8BA9BE0DFBB16C10B6B1FF7D2BA1DD5FB9437F73C47E7F
    SHA-512:6D4CE03475C68EDC0AE928E7F65BB8C06198721146A1266F55455AF3D5E24F44A569E007C0DC44BC7745C1573DBC7F02B8C4094F9BD97FAF6A0B5894BE0E07E5
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/id/index.db.OMLgop
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/index.db.FfIscr
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):622592
    Entropy (8bit):0.022159377425242585
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:2E442DBA85DEDFDCB07090FDF9DE90D0
    SHA1:02658086E93854D13D82B1F0D80F4B78D26DCA51
    SHA-256:62406BFE7657964E490DE65A0007F7C1D59B62B2B9AD35BA55BA219673378848
    SHA-512:FDBBA0DEF310CF7DBF448CFB6E5C9CDCEFBF6A0CAEB26CA3AFA91A388FBA10A9E77BCC27CA9B0AEA2A7B67F964849E147FB44862C7394C2C7CDCB572C06FCB05
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/it/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):3.3621193886235408
    Encrypted:false
    SSDEEP:384:Jtp0q5d98n3SaMfhtxfmbMy+HseeNwoMbHf:JDd9QSBf
    MD5:B228DE097081AF360D337CF8C8FF2C6F
    SHA1:7DD2C4640925B225F98014566F73C35F4E960940
    SHA-256:1056CECADA78542B173EE469C9BEAF61F81298EBBD21B54EA6EE449028E18B3F
    SHA-512:F61D7F9040E452C4B1B77F3657BE4252475C3BF23D78EED903A5E55FA97BA0571BA3AD90DBA7F77C334DF5B721F909B12720515034421A4AAB0450D1D43B32E4
    Malicious:false
    Preview: .W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/it/index.db.VSKzYp
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):0.3847690842836057
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:F0B902DEA5EF122A0B1F0F496DDC781B
    SHA1:90176D320A9C3601787D53CC346DC743367D53F1
    SHA-256:CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
    SHA-512:3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/ja/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):3.667488020062395
    Encrypted:false
    SSDEEP:192:CF4pPRfAgFn35FF1veUMjGiEGBuPhiB0PUKwA+U:5PRfAgFn35MSeAPUjN
    MD5:D3CD7D67F8155491493BB7235FB9AA57
    SHA1:5A7AE62A7AFE50EFCCED06CBD56AE2A0A284EFF3
    SHA-256:6958349ECA637F99AABC419B5E402CFB50BC5B8867F31BCB67F064F47A209929
    SHA-512:1168BF697CDE563F7D82A71EAE1CD496EA81D178B26F87EAAF2EDEED13274B1E3500CE1C981647717598495EBE1FF8F8AC54AD33547506E566C925D7002F5CFF
    Malicious:false
    Preview: .W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/ja/index.db.VfIoao
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):0.3847690842836057
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:F0B902DEA5EF122A0B1F0F496DDC781B
    SHA1:90176D320A9C3601787D53CC346DC743367D53F1
    SHA-256:CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
    SHA-512:3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/ko/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.7847786157292606
    Encrypted:false
    SSDEEP:12:Ey20yYn0jjjjjjjjjjjjjjjjjjjjjjjjjjGjjjjjjjjjjjjjjjjjjjjjjjjjmjj7:bhXYznMk31RFe6f
    MD5:FBA25855E1C99D8F87E8AC13E2E2ECB1
    SHA1:D99351AC40D6CC4C9BE54E0E018C44A9A88983D7
    SHA-256:C0E18ED1CEFF427FD4D57D1B79CE1AF7320AC8453BAF8A0349C08267464C4D71
    SHA-512:0969DF6506E083A4995A18518BC3C4472157E7790EEC26C08221B0FC6DE9C7DA0ADB11CF92C56BC35B89BC60447F3D991F935E352552B58FB9BD1D4B2579FBB0
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/ko/index.db.N9VQls
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/nl/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):2.554204221242331
    Encrypted:false
    SSDEEP:192:H8Y5a2oquB2aCYn3lvu3whjXVobdbs7dq1KJGbtf0Hoa:hoquYaCYn3Q8jXqbdbs7dGbKHoa
    MD5:27FED1CA8EB0101C459D9A617C833293
    SHA1:503B2A3E33FE79FF2CD58F831ED33DB358849BEA
    SHA-256:C3033C4F7CF0D6108611EF5A62CA893F98EE6463DDCFF7100D3BAFDEB0036D9E
    SHA-512:7BD630F5E0C5A91C34D2E48D0053923C9F2F5BAA07D21FDA79E60F3AFDF759E594E6639562C1F3EE68DD080D417009DC3AFB7DA534E3B8C29FF7B10438C3FD4E
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/nl/index.db.oe9k9o
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/pl/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):2.880948418505059
    Encrypted:false
    SSDEEP:192:7Sf8026LXqn3ZTV6pXAmA44BRqvc3X3GVAjvAk/AvdWjWftxA:E802uXqn3/6pxARqr8kdWjW1
    MD5:37CEBCD3F5BF6322785FFF568EE33131
    SHA1:201298C827C77C60CD314BF721DC4C27EF95BD64
    SHA-256:012C5597C5DD8654EB14432AFCEFD9B131F2CE75AD21488991A5A688929AAEA6
    SHA-512:CCC8A8CCF4ACA332CAF610155DE9E7C4A12D1C45C98D20766B86098A3D2EF332189F159E3956944CD302DF652FE7A6F0D07CA39CBE7DF4A655D3211452487582
    Malicious:false
    Preview: .W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/pl/index.db.1iZcXq
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):0.3847690842836057
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:F0B902DEA5EF122A0B1F0F496DDC781B
    SHA1:90176D320A9C3601787D53CC346DC743367D53F1
    SHA-256:CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
    SHA-512:3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/pt/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):2.4110695640960995
    Encrypted:false
    SSDEEP:192:mva8yGn35+0+eo8TAnBW4VppKP8qtRJI:Sa8Rn35+peo8T8V/fqlI
    MD5:782FF89B6FA5932F7019AF9CF3F82E43
    SHA1:2ECE8DC134E3A292E2545AA2DCD24114A5FC5749
    SHA-256:01E77D9235C524F2A61EA03953607C13831C391A5B9AB0D9094F9C38F0EEB02E
    SHA-512:2305BEC024CA5D8B43267F5487B02081A0A746B73608E11217D19C91AD857B6A5D8E935194AC4228DA3A5383086E60D593095309E64BAF38841A6E32D7EA7805
    Malicious:false
    Preview: .W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/pt/index.db.97DJlr
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):0.3847690842836057
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:F0B902DEA5EF122A0B1F0F496DDC781B
    SHA1:90176D320A9C3601787D53CC346DC743367D53F1
    SHA-256:CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
    SHA-512:3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/pt_BR/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):1.7510008687365202
    Encrypted:false
    SSDEEP:48:bhX6G+IwvnUZe4Gv/KSmGROqAQAuSe0dDOfInYbmucrm3QEAvJBFIz:bhq5bnUY4Gn3P+/Z1tvJDQ
    MD5:A11F5E85A2A07AF84255570AE29318FB
    SHA1:D06BF25E5FD4A17BCF7C5BD77ACD747F0FE181E8
    SHA-256:8FFA8BC408B254217275A622D054853CB72B08409A11AA49C4C664C0DABFB62F
    SHA-512:059F3CBC93750B68942D88EDD4AD2531B2291CEC421EB903280B9105010D1C8AD70F9F3CFA1B1A50D5110DCBFDB807A6E7A3F9EBC9A48AC8C3A49DEC4B6B3899
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/pt_BR/index.db.s1P5ap
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/ru/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):24576
    Entropy (8bit):3.440634655325007
    Encrypted:false
    SSDEEP:384:SpjHrhEon3PRekEF3PS6y13Vi6w5TlmmcOB:Q3hNEk23MuxrB
    MD5:DF5C1114538C5D8EA1EE929FFAC24E3C
    SHA1:B6331AF77566B63EA8204BE85F5DC99FAF51479E
    SHA-256:F238C75DAD82E10AB011A9BF79775B2A5F5889644A5A06835933340845A08555
    SHA-512:9514A424CC2A9290F749F527F515B35E45C6A829CB3930DBFB39DC9D70A684640A31686EC77258FF285FE89B6DD44BB01A478848FF9B3EBD764741A6F7856704
    Malicious:false
    Preview: .W..............................`......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/ru/index.db.mQhIks
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):24576
    Entropy (8bit):0.3337394253577246
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:5B66CE03BFE548DEE335E0518E4E0554
    SHA1:65397845DC679AA972454B0FF237A513C0F490CB
    SHA-256:C38BB21B1D92166794DC09807C9A55B67B0A760C684FEEDD0C931F8415DD6D29
    SHA-512:A31C3D23F25607333250443490F0EE295BB702B46A636905FD413E8AEAA8ED23AAB42106868D2938718555C9DEEFB69FB416CAF5228A422F64D6CA8DB438FEE8
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/sl/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.8558400366712392
    Encrypted:false
    SSDEEP:12:Ey20y8jjjjjjjjjjjjjjjjjjjjjjjjjjGjjjKuV0jjjjjjjjjjjjjjjjjjjjjjje:bhaVZjx6ot7m13SmZQs
    MD5:67697BEA7C23E4805A82FE9755BB3CAE
    SHA1:14ACAFF0BECBDB116E4C0BC329E59DEF68CF46D1
    SHA-256:553DA7FF76999B7CCC4450498B11E6BD98B3B1E5FF81D82A53568F84B0D270D5
    SHA-512:D966DD6430003E708C6EE10764DC072A1ED0A252E6E1C822CBD28271A2EDD4B1F61C7F9AA7D1D442D6175791A104A365DE25B9C2598500AE705C9250C8BA46A1
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/sl/index.db.iZThrs
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/sr/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):1.3868484511023333
    Encrypted:false
    SSDEEP:48:bhLSUCt/WFekRv/KSmGWqApnEVyfNsu+tBNGg2PgULLE2vRy2QwfoQEDiR2e3iRj:bhLVC48cn3Vu2FtBv7AtboQIqb3qwK
    MD5:0DD75ECC81E4E564EA56A57FF32A24D3
    SHA1:859C0FE5F86A2C5A32BAD7920787BE845F34C4FB
    SHA-256:DB778B175D19DEFA4180D0B12D675AD0B8B22CC4BB77702D9EC8510F894EB3B1
    SHA-512:7B0C56A76797383527509F8036EB4911F8925E7ACC005CDC3269F0A43231479E3A0A9887BF4D2979F05CBFE18324997DEF715FDA6921EEF827B385C9D902C708
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/sr/index.db.CCNCvr
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/sv/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):2.5432558448090097
    Encrypted:false
    SSDEEP:96:bhk/+fz7b9ldxbe2Vn3iwkVJIB0D6c6aZ4+1Wrzbxpl4/tMe1:imrn9lHbe2Vn3iwKhD6cvTAbl4/tMe
    MD5:D97454D6B1F39F39966A809BCA3D9647
    SHA1:276931CED8F34B7651C1BDFC8522FF0560E2C377
    SHA-256:DCB8CE7F4F21595D851100F315C56B717541DB898AEB9ED9C0CCC9FF217A5801
    SHA-512:3E014F3EA8EEE79B87726EDA6291AC2D0BD9B22803EE848F61CA2AAD39D5FB87704410C57C648EE4AF8A1B78EFB0D766524F6DB750208C9BAC346079FD8EE69E
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/sv/index.db.0Hu6Fr
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/tr/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):1.7558188637474321
    Encrypted:false
    SSDEEP:96:bhWV1OIM7cn3UZiPU1wywyoEpJmz6W2Mzgg:YDOL4n3fPvywrzgMU
    MD5:5F905B930E7310E72BC3DF5C50F8E579
    SHA1:50B1AD3115F095C743CB26F87ECCE406FAC3523B
    SHA-256:1DB72BA77CA01F25CA9768999825D8F97F5ED4D00E17C9130D6F7CDE34130270
    SHA-512:A6066F4DF4097DB93673CD156BBE5F910C3F64D01E1671E481BC9FBDD720DBD6F8CEF337E20404F7C6AE97B2FA1F5E67088041ACBB6EA85D6758924D5740D06C
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/tr/index.db.JHMT2p
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/zh_CN/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):2.6210042560348144
    Encrypted:false
    SSDEEP:48:bh5roGafX8XKu5YIoBHtF2YekDsv/KSmGWNmA/y0uJNI/oyjaOUUfEHKn9nnjoEJ:bhdoLfX8N9oBNF2XFn3UD/9FZiy0aoN
    MD5:39398A15564A55EB7BFE895D7668A5A3
    SHA1:28DA677435B87176E08AFABBF8B51F7B93E22948
    SHA-256:A4C0216476E357ED3A23E71333DBE7DE91E04370EF049032EE8E47BB1EDBD83B
    SHA-512:B4E69212338C742F8C83194552078A86E4BED59375D82563C0B4059B7E0D6A58D6317151AB1F2A6FB20D2FF6DB7C550DF6A6984B2BB873A111D58AF9AEB7D95E
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/zh_CN/index.db.UpDzbs
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/zh_TW/5240
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):1.0170167917961734
    Encrypted:false
    SSDEEP:24:bhAvIZuF4ptmpzf50dhOv8WvxjMMhFmMKxevOfOots+:bhDi4p+ahOhFFKxewj
    MD5:1FC5F2B98E5BC25B10373353D91B86B1
    SHA1:D848DA35B0731328195D59C1E996B95C4952F1F9
    SHA-256:509FAD18B4454CD70D974755F6156D4A5FA9B960AB9FF468D1FC350F0B64F379
    SHA-512:95BC2E289EDE5D9A3F56C9D8AE9DD13D9379BE2ABF8927CDABBE92B9F57A8EB667E9C08E4DFD82BF9F1F57118CE6E495722ADA2668AFF4FA0540F46C0A6D5138
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/cache/man/zh_TW/index.db.GCJ7Fo
    Process:/usr/bin/mandb
    File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.45676214072558463
    Encrypted:false
    SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
    MD5:EE429C7E8B222AFF73C611A8C358B661
    SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
    SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
    SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
    Malicious:false
    Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    /var/lib/logrotate/status.tmp
    Process:/usr/sbin/logrotate
    File Type:ASCII text
    Category:dropped
    Size (bytes):1614
    Entropy (8bit):4.8152687339393045
    Encrypted:false
    SSDEEP:48:UH4qJFNJr0tcK5Npq4pNeJNcsXNU3N6NA555xHtNq4wNZNDNU1LN3o9NFqJNCNqQ:krQLm4pUxe3Mm7A4wTteJY+nCA5eC9kR
    MD5:2B88968D1959AD096CBC02E95B5683DE
    SHA1:7E7D4FD580C10404DAEEDE3FF9EE169C3B46FBDF
    SHA-256:4185B50773A1AA5DCBE45F4EF77FD402B87F50678974C7415CF68A2E578AF036
    SHA-512:8A7077477455E9C94CC172DE55B1F8A42BA8354EE1604B5CE1AE3D9AE8CBE3DF1E484E6F7071B2F913EC2E65A1F7B498908967C0C841B1FDDEC1BB2E418B7390
    Malicious:false
    Preview: logrotate state -- version 2."/var/log/syslog" 2022-1-15-0:48:25."/var/log/dpkg.log" 2022-1-14-23:47:59."/var/log/speech-dispatcher/debug-flite" 2021-8-20-13:0:0."/var/log/unattended-upgrades/unattended-upgrades.log" 2022-1-14-23:47:59."/var/log/unattended-upgrades/unattended-upgrades-shutdown.log" 2021-9-17-9:23:29."/var/log/auth.log" 2022-1-14-23:47:59."/var/log/apt/term.log" 2022-1-14-23:47:59."/var/log/ppp-connect-errors" 2021-8-20-13:0:0."/var/log/apport.log" 2021-9-17-9:23:29."/var/log/speech-dispatcher/speech-dispatcher-protocol.log" 2021-8-20-13:0:0."/var/log/apt/history.log" 2022-1-14-23:47:59."/var/log/boot.log" 2021-8-20-13:0:0."/var/log/alternatives.log" 2021-9-17-9:23:29."/var/log/lightdm/*.log" 2021-8-20-13:0:0."/var/log/mail.log" 2021-8-20-13:0:0."/var/log/debug" 2021-8-20-13:0:0."/var/log/kern.log" 2022-1-14-23:47:59."/var/log/cups/access_log" 2022-1-15-0:48:25."/var/log/ufw.log" 2021-8-20-13:0:0."/var/log/speech-dispatcher/speech-dispatcher.log" 2021-8-20-13:0:0."/var/
    /var/log/cups/access_log.1.gz
    Process:/bin/gzip
    File Type:gzip compressed data, last modified: Fri Jan 14 23:47:59 2022, from Unix
    Category:dropped
    Size (bytes):196
    Entropy (8bit):6.871094507575131
    Encrypted:false
    SSDEEP:3:Ft7HMmP0V9jACedtg3Sw3mDJJmypZKVJ1TE2Cx8JQt5eRrax+snecxB5tNGOAhGk:X7ujDedtg3SwGJJdsEgJQjIKecxPDAwk
    MD5:4B1D3531EBAC29505CEDB72A65C68E5A
    SHA1:90EE15AB1E001CBE31E6105665DC14F09B5D3911
    SHA-256:AD4D6ECDCC9E749A5220064A521942D005DACE4BC7E4D28566F053865E2999B1
    SHA-512:4B73D2BCE3B0A65A29BE7BD7C9FB31CCA7D382B145807A8C6A67BC3EDA15A40907620262F1BD955C2546BF4263620CED4C8E31BF7EE4D6606CE594E34C653F96
    Malicious:false
    Preview: .......a......0......jj....,.E......M.....l.........Ug.....w^.F.T0.%+.H.(..= .oM...m[S~.... .J...&..l.4....0...R..>............'f,+d..e...)T.U..8+.C.[....m .9t.b =F..W.x...}.tZ..*...
    /var/log/syslog.1.gz
    Process:/bin/gzip
    File Type:gzip compressed data, last modified: Fri Jan 14 23:47:59 2022, from Unix
    Category:dropped
    Size (bytes):3080
    Entropy (8bit):7.944039645242147
    Encrypted:false
    SSDEEP:96:CGdnigvESDIv4PYgiiuWLAFaT4Rj1fRYw04RZ:CGdnnvESZ3uWpsJRdZ
    MD5:E9DCC41E7337E3A07F4B1D76965AC401
    SHA1:C7BE3CA16C0877E158C00B4FFDCA350B220838C2
    SHA-256:DB62AFDCEE99648AB383DB102042AB599E9124F8873A3643158E49C8A9513F05
    SHA-512:356C5ADCAA81FB75094C019DF58D682CAAFF423C7D4490A952C8EC552D93C0D0757A17CF35A834DCB9E33C6E05240D64C332705D754613982D7452812C7C2CC0
    Malicious:false
    Preview: .......a...\is......./N:!...:...f7.:Q....@$$.".. -;../H].E..$..". ..>pyH2dxH....7.4...<.(..<a....Y.Ob.8..s.....MA|...<ft.....+.N..h.x.%..t...(2........,U....9...W$.e...<Z.4.6.....Y...q...!.a...D$.. .b..)....H@.q...9>.f.p!~..L...[.#p..x/?..j.I...y.v]#....|\&.=.a....Zp..X>.......i.y.Egr.......8O.S .*TXs.....t._.N...I.Nc:A))0@`.t.0.5K.0..&.G.7^....D....7.T.FG..;..6k8....$.E.Mf.O(.JP_K.5.C9.+05'`h>]...!.....A...[.B!..`..CH.|`..^......A..@k..y\LAi.L.t&.....j......}...4...i........5....qH.a.a@.....t..b.%.@5..U *....Jc....o..g..GJ.P.....q..it.:..G..p....m.W......Ee...=..I.!.O...0\P....x....#....U....Vs..,.."`o../.8.h..@..+..7..E.....w....WG....H<..q0Z.4....z.{...z.a.zhZ.Ml_.m.U.b.....vL..!..\.G..\x....e..>6..(..Q?|.T...'.......?.|.t........w..?.sB....7..........c....)......Z1.?#6._g..8...%.....3.......8g).A...]<..n.8...%j..G S.d.eh..w...BL)+."....h...e.......Q..)!`....)...E.[.vtU....9...Y.......,+.4.."..My.....C.E*0.#4es4'.OsLg..B..j....D@..Y....1.t.

    Static File Info

    General

    File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
    Entropy (8bit):7.8741042811561925
    TrID:
    • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
    • ELF Executable and Linkable format (generic) (4004/1) 49.84%
    File name:SGEgzPdjRk
    File size:26184
    MD5:bac2f57ce5018c375edb702622eec6b9
    SHA1:2506edaa267c8bbb17dbe039f24e928fd8c386bc
    SHA256:bcdcdf35b7e12a89a6f5a44877bbc82cb53a23b863722f5a705aa8bbcea9f940
    SHA512:f4619179ceabd6c0e919a75f40ef6cf46489211265ad03caba99e94414a33a28b88a130e7198c1d9ade1daac1831a720e2933b37abab4a59b1fc1ede3031c4e3
    SSDEEP:768:DU3QyUyNoYr3MgzqAEAM01bwTJgGlzDpbuR1JP:g3QfYT9OErbiVJux
    File Content Preview:.ELF......................Q....4.........4. ...(......................e...e................p.E.p.E.p....................UPX!.d.....................U.......?.E.h4...@b..) ..]....E..X...~.N{CS...P.X~Y..m...}..1.@)O..{+s....\..%q.c..s.n...@...,..N...........

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, big endian
    Version:1 (current)
    Machine:MIPS R3000
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x1051d8
    Flags:0x1007
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:2
    Section Header Offset:0
    Section Header Size:40
    Number of Section Headers:0
    Header String Table Index:0

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x1000000x1000000x651c0x651c4.17150x5R E0x10000
    LOAD0x18700x4518700x4518700x00x00.00000x6RW 0x10000

    Network Behavior

    No network behavior found

    System Behavior