Loading ...

Play interactive tourEdit tour

Linux Analysis Report TbbAwD2rFF

Overview

General Information

Sample Name:TbbAwD2rFF
Analysis ID:553482
MD5:4bfbe6217539579ce3d57f22abb60c0b
SHA1:c659582a7f3ca091a0bc3366bc5405d5769f16f8
SHA256:6682e262b37b5b4a2c50c494c8510011a51bdd8114db9d7153d39f01477547b7
Tags:32armelfmirai
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample contains only a LOAD segment without any section mappings
Deletes log files
Uses the "uname" system call to query kernel version information (possible evasion)
Executes commands using a shell command-line interpreter
Executes the "systemctl" command used for controlling the systemd system and service manager
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Non-zero exit code suggests an error during the execution. Lookup the error code for hints.
Static ELF header machine description suggests that the sample might not execute correctly on this machine
Exit code information suggests that the sample terminated abnormally, try to lookup the sample's target architecture

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553482
Start date:15.01.2022
Start time:00:57:56
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 5s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:TbbAwD2rFF
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal52.evad.lin@0/53@0/0

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 5178, Parent: 1)
  • logrotate (PID: 5178, Parent: 1, MD5: ff9f6831debb63e53a31ff8057143af6) Arguments: /usr/sbin/logrotate /etc/logrotate.conf
    • gzip (PID: 5226, Parent: 5178, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5228, Parent: 5178, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
      • sh New Fork (PID: 5229, Parent: 5228)
      • invoke-rc.d (PID: 5229, Parent: 5228, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: invoke-rc.d --quiet cups restart
        • runlevel (PID: 5230, Parent: 5229, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: /sbin/runlevel
        • systemctl (PID: 5231, Parent: 5229, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-enabled cups.service
        • ls (PID: 5232, Parent: 5229, MD5: e7793f15c2ff7e747b4bc7079f5cd4f7) Arguments: ls /etc/rc[S2345].d/S[0-9][0-9]cups
        • systemctl (PID: 5233, Parent: 5229, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active cups.service
    • gzip (PID: 5234, Parent: 5178, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5235, Parent: 5178, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
      • sh New Fork (PID: 5236, Parent: 5235)
      • rsyslog-rotate (PID: 5236, Parent: 5235, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/lib/rsyslog/rsyslog-rotate
        • systemctl (PID: 5237, Parent: 5236, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl kill -s HUP rsyslog.service
  • systemd New Fork (PID: 5179, Parent: 1)
  • install (PID: 5179, Parent: 1, MD5: 55e2520049dc6a62e8c94732e36cdd54) Arguments: /usr/bin/install -d -o man -g man -m 0755 /var/cache/man
  • systemd New Fork (PID: 5196, Parent: 1)
  • find (PID: 5196, Parent: 1, MD5: b68ef002f84cc54dd472238ba7df80ab) Arguments: /usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
  • systemd New Fork (PID: 5225, Parent: 1)
  • mandb (PID: 5225, Parent: 1, MD5: 1dda5ea0027ecf1c2db0f5a3de7e6941) Arguments: /usr/bin/mandb --quiet
  • TbbAwD2rFF (PID: 5254, Parent: 5111, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/TbbAwD2rFF
  • dash New Fork (PID: 5316, Parent: 4331)
  • rm (PID: 5316, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.usZgbwIR1M /tmp/tmp.mj4Q8ra5Vb /tmp/tmp.WjKA4MytJL
  • cleanup

Yara Overview

No yara matches

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: TbbAwD2rFFVirustotal: Detection: 42%Perma Link
Source: TbbAwD2rFFReversingLabs: Detection: 44%
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:39242 -> 34.249.145.219:443
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 39242 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 190.108.87.214
Source: unknownTCP traffic detected without corresponding DNS query: 185.94.98.38
Source: unknownTCP traffic detected without corresponding DNS query: 185.94.98.38
Source: unknownTCP traffic detected without corresponding DNS query: 193.49.58.83
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 178.219.124.78
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 14.167.206.80
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 113.102.205.192
Source: TbbAwD2rFFString found in binary or memory: http://upx.sf.net
Source: LOAD without section mappingsProgram segment: 0x8000
Source: classification engineClassification label: mal52.evad.lin@0/53@0/0

Data Obfuscation:

barindex
Sample is packed with UPXShow sources
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /usr/sbin/logrotate (PID: 5228)Shell command executed: sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "Jump to behavior
Source: /usr/sbin/logrotate (PID: 5235)Shell command executed: sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslogJump to behavior
Source: /usr/sbin/invoke-rc.d (PID: 5231)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-enabled cups.serviceJump to behavior
Source: /usr/sbin/invoke-rc.d (PID: 5233)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active cups.serviceJump to behavior
Source: /usr/lib/rsyslog/rsyslog-rotate (PID: 5237)Systemctl executable: /usr/bin/systemctl -> systemctl kill -s HUP rsyslog.serviceJump to behavior
Source: /usr/bin/dash (PID: 5316)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.usZgbwIR1M /tmp/tmp.mj4Q8ra5Vb /tmp/tmp.WjKA4MytJLJump to behavior
Source: /usr/sbin/logrotate (PID: 5178)Truncated file: /var/log/cups/access_log.1Jump to behavior
Source: /usr/sbin/logrotate (PID: 5178)Truncated file: /var/log/syslog.1Jump to behavior
Source: /tmp/TbbAwD2rFF (PID: 5254)Queries kernel information via 'uname': Jump to behavior
Source: TbbAwD2rFF, 5254.1.00000000a6d691c2.000000005c059f65.rw-.sdmpBinary or memory string: yU!/etc/qemu-binfmt/arm
Source: 5225.8.drBinary or memory string: -9915837702310A--gzvmware kernel module
Source: 5225.8.drBinary or memory string: -1116261022170A--gzQEMU User Emulator
Source: 5225.8.drBinary or memory string: qemu-or1k
Source: 5225.8.drBinary or memory string: qemu-riscv64
Source: 5225.8.drBinary or memory string: {cqemu
Source: 5225.8.drBinary or memory string: qemu-arm
Source: 5225.8.drBinary or memory string: (qemu
Source: 5225.8.drBinary or memory string: qemu-tilegx
Source: 5225.8.drBinary or memory string: qemu-hppa
Source: 5225.8.drBinary or memory string: q{rqemu%
Source: 5225.8.drBinary or memory string: )qemu
Source: 5225.8.drBinary or memory string: vmware-toolbox-cmd
Source: 5225.8.drBinary or memory string: qemu-ppc
Source: 5225.8.drBinary or memory string: Tqemu9
Source: TbbAwD2rFF, 5254.1.0000000010a07e2e.00000000f3c1c139.rw-.sdmpBinary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Source: TbbAwD2rFF, 5254.1.0000000010a07e2e.00000000f3c1c139.rw-.sdmpBinary or memory string: Cx86_64/usr/bin/qemu-arm/tmp/TbbAwD2rFFSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/TbbAwD2rFF
Source: 5225.8.drBinary or memory string: qemu-aarch64_be
Source: 5225.8.drBinary or memory string: 0qemu9
Source: 5225.8.drBinary or memory string: qemu-sparc64
Source: 5225.8.drBinary or memory string: qemu-mips64
Source: 5225.8.drBinary or memory string: vV:qemu9
Source: 5225.8.drBinary or memory string: qemu-ppc64le
Source: 5225.8.drBinary or memory string: <glib::param::uint64Glib::Param::UInt643pm315820097650A--gzWrapper for uint64 parameters in GLibx86_64-linux-gnu-ld.gold-1116112426130B--gzThe GNU ELF linkerprinter-profile-1115804162510A--gzProfile using X-Rite ColorMunki and Argyll CMSgrub-fstest-1116214898500A--gzdebug tool for GRUB filesystem driversxdg-user-dir-1115483406210A--gzFind an XDG user dirkmodsign-1115569251480A--gzKernel module signing toolsensible-editor-1115739932820A--gzsensible editing, paging, and web browsingminesMines6615854478170Cgnome-mines-gzinputattach-1115708189280A--gzattach a serial line to an input-layer devicegapplication-1116155671180A--gzD-Bus application launcherip-tunnel-8815816145190A--gztunnel configurationkoi8rxterm-1116140167530A--gzX terminal emulator for KOI8-R environmentsfoo2hiperc-wrapper-1115804162510A-tgzConvert Postscript into a HIPERC printer streamcryptsetup-reencrypt-8816002888050A--gztool for offline LUKS device re-encryptionsyndaemon-1115861716810A--gza program that monitors keyboard activity and disables the touchpad when the keyboard is being used.gslj-1115980290200B--gzFormat and print text for LaserJet printer using ghostscriptfile2brl-1115757179490A--gzTranslate an xml or a text file into an embosser-ready braille filexfdesktop-settings-1115793419820A--gzDesktop settings for Xfceua-1115856013570B--gzManage Ubuntu Advantage services from Canonicallatin4-7715812813670B--gzISO 8859-4 character set encoded in octal, decimal, and hexadecimalsane-genesys-5516003468200A--gzSANE backend for GL646, GL841, GL843, GL847 and GL124 based USB flatbed scannerspdftohtml-1115853266670A--gzprogram to convert PDF files into HTML, XML and PNG imagesbluetooth-sendto-1116015653360A--gzGTK application for transferring files over Bluetoothqemu-ppc64-1116261022170B--gzQEMU User Emulatorcache_metadata_size-8815811608350A--gzEstimate the size of the metadata device needed for a given configuration.net::dbus::exporterNet::DBus::Exporter3pm315773746310A--gzExport object methods and signals to the bussane-pint-5516003468200A--gzSANE backend for scanners that use the PINT device driverbpf-helpers7-7715812813670A--gzlist of eBPF helper functionsfull-4415812813670A--gzalways full devicelogin-1115906478670A--gzbegin session on the systemcups-snmp-8815877390340A--gzcups snmp backend (deprecated)ordchr-3am315728089600A--gzconvert characters to strings and vice versasosreport-1116092694050A--gzCollect and package diagnostic and support datatop-1115827827270A--gzdisplay Linux processesuri::_punycodeURI::_punycode3pm315811897880A--gzencodes Unicode string in Punycodettytty4tty1systemd-localed-8816268940210B--gzLocale bus mechanismlvmsadc-8815816289110
Source: 5225.8.drBinary or memory string: vmware
Source: 5225.8.drBinary or memory string: qemu-cris
Source: 5225.8.drBinary or memory string: libvmtools
Source: 5225.8.drBinary or memory string: qemu-m68k
Source: 5225.8.drBinary or memory string: qemu-xtensa
Source: 5225.8.drBinary or memory string: 9qemu
Source: 5225.8.drBinary or memory string: qemu-sh4
Source: 5225.8.drBinary or memory string: Dprezip-bin-1116269780060A--gzprefix zip delta word list compressor/decompressornameif-8815490444730A--gzname network interfaces based on MAC addressesxdg-user-dirs-update-1115483406210A--gzUpdate XDG user dir configurationip-link-8815816145190A--gznetwork device configurationhpsa-4415812813670A--gzHP Smart Array SCSI driverhd4-4415812813670A--gzMFM/IDE hard disk devicessane-canon630u-5516003468200A--gzSANE backend for the Canon 630u USB flatbed scannersg_copy_results-8815825816070A--gzsend SCSI RECEIVE COPY RESULTS command (XCOPY related)grub-macbless-8816214898500A--gzbless a mac file/directoryntfstruncate-8815568625640A-tgztruncate a file on an NTFS volumelessfile-1115936459130B--gz"input preprocessor" for less.sane-artec-5516003468200A--gzSANE backend for Artec flatbed scannersrmdir-1115676799200A--gzremove empty directoriessystemd-networkd-wait-online.service-8816268940210A--gzWait for network to come onlinemkfs.ntfs-8815568625640B-tgzcreate an NTFS file systemsg_inq-8815825816070A--gzissue SCSI INQUIRY command and/or decode its responseradattr.so-8815955079440Cpppd-radattr-gzc_rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valuestc-htb-8815816145190A--gzHierarchy Token Bucketgvfs-open-1115868766090A--gzsg_rbuf-8815825816070A--gzreads data using SCSI READ BUFFER commandglib-compile-schemas-1116155671180A--gzGSettings schema compileropenssl-srp-1ssl116164130370B--gzmaintain SRP password fileopenssl-rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valueslibvmtools-3315837702310A--gzvmware shared librarypasswd5-5515906478670A--gzthe password filenet::dbus::dumperNet::DBus::Dumper3pm315773746310A--gzStringify Net::DBus objects suitable for printingsane-hp4200-5516003468200A--gzSANE backend for Hewlett-Packard 4200 scannersposixoptions-7715812813670A--gzoptional parts of the POSIX standardnetworkmanager.confNetworkManager.conf5516002723180A--gzNetworkManager configuration fileownership-8815771238010A--gzCompaq ownership tag retrieveroakdecode-1115804162510A--gzDecode an OAKT printer stream into human readable form.gvfs-save-1115868766090A--gzmkfs.minix-8815953177680A--gzmake a Minix filesystemuri7-7715812813670A--gzuniform resource identifier (URI), including a URL or URNedit-1115714399500B--gzexecute programs via entries in the mailcap filegit-diff-files-1116148628880A--gzCompares files in the working tree and the index.ldaprc-5516136581350Cldap.conf-gzpactl-1116219586470A--gzControl a running PulseAudio sound servertempfile-1115756848240A--gzcreate a temporary file in a safe mannerhp-check-1115857238880A--gzDependency/Vers
Source: TbbAwD2rFF, 5254.1.00000000a6d691c2.000000005c059f65.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: 5225.8.drBinary or memory string: .qemu{
Source: 5225.8.drBinary or memory string: qemu-ppc64abi32
Source: 5225.8.drBinary or memory string: qemu-ppc64
Source: 5225.8.drBinary or memory string: qemu-i386
Source: 5225.8.drBinary or memory string: qemu-x86_64
Source: 5225.8.drBinary or memory string: H~6\nqemu*q
Source: 5225.8.drBinary or memory string: @qemu
Source: 5225.8.drBinary or memory string: Fqqemu
Source: 5225.8.drBinary or memory string: N4qemu
Source: 5225.8.drBinary or memory string: ~6\nqemu*q
Source: 5225.8.drBinary or memory string: qemu-mips64el
Source: 5225.8.drBinary or memory string: hqemu
Source: 5225.8.drBinary or memory string: &mqemu
Source: 5225.8.drBinary or memory string: $qemu
Source: 5225.8.drBinary or memory string: qemu-sparc
Source: 5225.8.drBinary or memory string: qemu-microblaze
Source: 5225.8.drBinary or memory string: qemu-user
Source: 5225.8.drBinary or memory string: qemu-aarch64
Source: 5225.8.drBinary or memory string: qemu-sh4eb
Source: 5225.8.drBinary or memory string: iqemu
Source: 5225.8.drBinary or memory string: qemu-mipsel
Source: 5225.8.drBinary or memory string: qemuP`
Source: 5225.8.drBinary or memory string: qemu-alpha
Source: 5225.8.drBinary or memory string: qemu-microblazeel
Source: 5225.8.drBinary or memory string: \qemu
Source: 5225.8.drBinary or memory string: qemu-xtensaeb
Source: 5225.8.drBinary or memory string: qemu-mipsn32el
Source: 5225.8.drBinary or memory string: SAqemu
Source: 5225.8.drBinary or memory string: Vqemu
Source: 5225.8.drBinary or memory string: qemu-mipsn32
Source: 5225.8.drBinary or memory string: qemuAU
Source: 5225.8.drBinary or memory string: qemu-riscv32
Source: 5225.8.drBinary or memory string: qemu-sparc32plus
Source: 5225.8.drBinary or memory string: 7,qemu
Source: 5225.8.drBinary or memory string: qemu-s390x
Source: 5225.8.drBinary or memory string: vmware-checkvm
Source: 5225.8.drBinary or memory string: qemu-nios2
Source: 5225.8.drBinary or memory string: qemu-armeb
Source: 5225.8.drBinary or memory string: -4415868968400A--gzVMware SVGA video driver
Source: 5225.8.drBinary or memory string: 7xml::parser::style::streamXML::Parser::Style::Stream3pm315701248990A--gzStream style for XML::Parsersystemd-timedated-8816268940210B--gzTime and date bus mechanismxfce4-keyboard-settings-1115867081120A--gzKeyboard settings for Xfcepygettext2-1115841026830B--gzPython equivalent of xgettext(1)sudoedit-8816110660620B--gzexecute a command as another userintro7-7715812813670A--gzintroduction to overview and miscellany sectionsprof-1115812813670A--gzread and display shared object profiling datadhclient.conf-5516219398220A--gzDHCP client configuration filepam_group-8815953742440A--gzPAM module for group accesssystemd-ask-password-1116268940210A--gzQuery the user for a system passwordupdate-dictcommon-hunspell-8815422954860A--gzrebuild hunspell database and emacsen stuffqemu-nios2-1116261022170B--gzQEMU User Emulatorlwp::useragentLWP::UserAgent3pm315750405830A--gzWeb user agent classgpgcompose-1115838662460A--gzGenerate a stream of OpenPGP packetsecho-1115676799200A--gzdisplay a line of textio::socket::ssl::utilsIO::Socket::SSL::Utils3pm315817106800A--gz- loading, storing, creating certificates and keyscurl-1116268709580A--gztransfer a URLgetcap-8815819434600A--gzexamine file capabilitieszegrep-1115762517060B--gzsearch possibly compressed files for a regular expressiongrub-syslinux2cfg-1116214898500A--gztransform syslinux config into grub.cfgrtc-4415812813670A--gzreal-time clockglib::codegenGlib::CodeGen3pm315820097650A--gzcode generation utilities for Glib-based bindings.wpa_cli-8816146062790A--gzWPA command line clientiso_8859_3-7715812813670B--gzISO 8859-3 character set encoded in octal, decimal, and hexadecimaliso_8859-9-7715812813670A-tgzISO 8859-9 character set encoded in octal, decimal, and hexadecimallvextend-8815816289110A--gzAdd space to a logical volumeresolvectl-1116268940210A--gzResolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolverchgrp-1115676799200A--gzchange group ownershipsystemd-cgls-1116268940210A--gzRecursively show control group contentspygettext3.8-1113852085880A--gzPython equivalent of xgettext(1)ping4-8815804258830B--gzsend ICMP ECHO_REQUEST to network hostsidmapwb-8816000845410A--gzwinbind ID mapping plugin for cifs-utilsapturl-gtk-8815799493830B--gzgraphical apt-protocol interpreting package installersane-epsonds-5516003468200A--gzSANE backend for EPSON ESC/I-2 scannersgvfs-monitor-file-1115868766090A--gzrstart-1115829564830A--gza sample implementation of a Remote Start clientgit-stage-1116148628880A--gzAdd file contents to the staging areatc-pedit-8815816145190A--gzgeneric packet editor actioniptables-save-881582899
Source: 5225.8.drBinary or memory string: I_qemu
Source: TbbAwD2rFF, 5254.1.0000000010a07e2e.00000000f3c1c139.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: 5225.8.drBinary or memory string: -1116261022170B--gzQEMU User Emulator
Source: 5225.8.drBinary or memory string: -3315837702310A--gzvmware shared library
Source: 5225.8.drBinary or memory string: qemu-mips
Source: 5225.8.drBinary or memory string: qemuj\
Source: 5225.8.drBinary or memory string: {qemuQ&
Source: 5225.8.drBinary or memory string: Wgnome-text-editor-111629209547491759146B--gztext editor for the GNOME Desktopx11::protocol::connection::filehandleX11::Protocol::Connection::FileHandle3pm314314075500A--gzPerl module base class for FileHandle-based X11 connectionshtbHTB8815816145190Ctc-htb-gzcifscreds-1116000845410A--gzmanage NTLM credentials in kernel keyringiwconfig-8815490049440A--gzconfigure a wireless network interfaceossl_store-file-7ssl716164130370A--gzThe store 'file' scheme loadertc-stab-8815816145190A--gzGeneric size table manipulationsnotifier-7715877390340A--gzcups notification interfaceqemu-arm-1116261022170B--gzQEMU User EmulatorgemfileGemfile5516263767190Cgemfile2.7-gzglib::object::subclassGlib::Object::Subclass3pm315820097650A--gzregister a perl class as a GObject classnetcat-111612200165426646725B--gzarbitrary TCP and UDP connections and listensdpkg::changelog::parseDpkg::Changelog::Parse3perl315849439740A--gzgeneric changelog parser for dpkg-parsechangelogmpris-proxy-1116243432320A--gzBluetooth mpris-proxybundle-pristine2.7-1116263767190A--gzRestores installed gems to their pristine conditionfsck.ext3-8815816604980B--gzcheck a Linux ext2/ext3/ext4 file systemvolname-1115625752510A--gzreturn volume nameiso-8859-9-7715812813670B--gzISO 8859-9 character set encoded in octal, decimal, and hexadecimalheadhead1HEAD1psd-4415812813670A--gzdriver for SCSI disk driveschrt-1115953177680A--gzmanipulate the real-time attributes of a processvcs-4415812813670A--gzvirtual console memorygit-upload-archive-1116148628880A--gzSend archive back to git-archivenet::dbus::binding::message::errorNet::DBus::Binding::Message::Error3pm315773746310A--gza message encoding a method call errorpkcs11.conf-5516097870510A--gzConfiguration files for PKCS#11 modulessfill-1115227593860A--gzsecure free disk and inode space wiper (secure_deletion toolkit)ldattach-8815953177680A--gzattach a line discipline to a serial linethin_restore-8815811608350A--gzrestore thin provisioning metadata file to device or file.phar.phar7.4-1116254980150B--gzPHAR (PHP archive) command line toolbundle-outdated2.7-1116263767190A--gzList installed gems with newer versions availablemail::addressMail::Address3pm315640244160A--gzparse mail addressesopenssl-ca-1ssl116164130370B--gzsample minimal CA applicationchardet3-1115765858900A--gzuniversal character encoding detectorerb2.7-1116263767190A--gzRuby Templatingchktrust-1115826667350A--gzCheck the trust of a PE executable.sg_raw-8815825816070A--gzsend arbitrary SCSI command to a devicegvfs-trash-1115868766090A--gzintro1-1115812813670A--gzintroduction to user commandsmailcap-5515714399500A--gzmetamail capabilities filegigoloGigolo1gig
Source: 5225.8.drBinary or memory string: vmware-xferlogs

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsScripting1Systemd Service1Systemd Service1Scripting1OS Credential DumpingSecurity Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsIndicator Removal on Host1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)File Deletion1NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 553482 Sample: TbbAwD2rFF Startdate: 15/01/2022 Architecture: LINUX Score: 52 39 14.167.206.80, 23, 56182 VNPT-AS-VNVNPTCorpVN Viet Nam 2->39 41 185.94.98.38, 23, 46374 NETMIHANIR Iran (ISLAMIC Republic Of) 2->41 43 8 other IPs or domains 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 Sample is packed with UPX 2->47 9 systemd logrotate 2->9         started        11 systemd mandb TbbAwD2rFF 2->11         started        13 systemd install 2->13         started        15 2 other processes 2->15 signatures3 process4 process5 17 logrotate sh 9->17         started        19 logrotate sh 9->19         started        21 logrotate gzip 9->21         started        23 logrotate gzip 9->23         started        process6 25 sh invoke-rc.d 17->25         started        27 sh rsyslog-rotate 19->27         started        process7 29 invoke-rc.d runlevel 25->29         started        31 invoke-rc.d systemctl 25->31         started        33 invoke-rc.d ls 25->33         started        35 invoke-rc.d systemctl 25->35         started        37 rsyslog-rotate systemctl 27->37         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
TbbAwD2rFF43%VirustotalBrowse
TbbAwD2rFF44%ReversingLabsLinux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netTbbAwD2rFFfalse
    high

    Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public

    IPDomainCountryFlagASNASN NameMalicious
    34.249.145.219
    unknownUnited States
    16509AMAZON-02USfalse
    113.102.205.192
    unknownChina
    58466CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNfalse
    190.108.87.214
    unknownPeru
    28032INTERNEXAPERUSAPEfalse
    185.94.98.38
    unknownIran (ISLAMIC Republic Of)
    204213NETMIHANIRfalse
    14.167.206.80
    unknownViet Nam
    45899VNPT-AS-VNVNPTCorpVNfalse
    109.202.202.202
    unknownSwitzerland
    13030INIT7CHfalse
    178.219.124.78
    unknownPoland
    202281C3-ASPLfalse
    91.189.91.43
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse
    193.49.58.83
    unknownFrance
    2200FR-RENATERReseauNationaldetelecommunicationspourlaTecfalse
    91.189.91.42
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse


    Runtime Messages

    Command:/tmp/TbbAwD2rFF
    Exit Code:139
    Exit Code Info:SIGSEGV (11) Segmentation fault invalid memory reference
    Killed:False
    Standard Output:

    Standard Error:qemu: uncaught target signal 11 (Segmentation fault) - core dumped

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
    34.249.145.2191xdKlyRFRVGet hashmaliciousBrowse
      TO3yjFBDGlGet hashmaliciousBrowse
        wq1sIhh7DtGet hashmaliciousBrowse
          uIzFj6o3kPGet hashmaliciousBrowse
            5n6d6C1fOMGet hashmaliciousBrowse
              ebj1OBzGQnGet hashmaliciousBrowse
                ISyoQsetoyGet hashmaliciousBrowse
                  EFEyyIX6FHGet hashmaliciousBrowse
                    AFI2dO6P4yGet hashmaliciousBrowse
                      bashGet hashmaliciousBrowse
                        lb32Get hashmaliciousBrowse
                          pscan2Get hashmaliciousBrowse
                            8JCPlge9DVGet hashmaliciousBrowse
                              dV5z1I8w7cGet hashmaliciousBrowse
                                sU5ouw3DxgGet hashmaliciousBrowse
                                  IPBLa2OljgGet hashmaliciousBrowse
                                    CbSVvsvDDrGet hashmaliciousBrowse
                                      jj2KASImRHGet hashmaliciousBrowse
                                        Fourloko.armGet hashmaliciousBrowse
                                          6Wp2z2zlpXGet hashmaliciousBrowse
                                            109.202.202.202gJlt5ysY1JGet hashmaliciousBrowse
                                              zL75awJdRSGet hashmaliciousBrowse
                                                1xdKlyRFRVGet hashmaliciousBrowse
                                                  e0vSVsXfnFGet hashmaliciousBrowse
                                                    50wyAz87PxGet hashmaliciousBrowse
                                                      TO3yjFBDGlGet hashmaliciousBrowse
                                                        23Get hashmaliciousBrowse
                                                          rEwoho1ZZpGet hashmaliciousBrowse
                                                            file.shGet hashmaliciousBrowse
                                                              luNKbE5d6SGet hashmaliciousBrowse
                                                                4H6uSpvv5zGet hashmaliciousBrowse
                                                                  3HzqkbeKdqGet hashmaliciousBrowse
                                                                    EART4pT44dGet hashmaliciousBrowse
                                                                      TaGQI2YsXqGet hashmaliciousBrowse
                                                                        darm7Get hashmaliciousBrowse
                                                                          4M7eKBXgmPGet hashmaliciousBrowse
                                                                            qbWKt83HokGet hashmaliciousBrowse
                                                                              wq1sIhh7DtGet hashmaliciousBrowse
                                                                                SecuriteInfo.com.ELF.Mirai-BPTTrj.3667.4214Get hashmaliciousBrowse
                                                                                  SecuriteInfo.com.Linux.Mirai.4338.9322.23669Get hashmaliciousBrowse
                                                                                    91.189.91.43gJlt5ysY1JGet hashmaliciousBrowse
                                                                                      zL75awJdRSGet hashmaliciousBrowse
                                                                                        1xdKlyRFRVGet hashmaliciousBrowse
                                                                                          e0vSVsXfnFGet hashmaliciousBrowse
                                                                                            50wyAz87PxGet hashmaliciousBrowse
                                                                                              TO3yjFBDGlGet hashmaliciousBrowse
                                                                                                23Get hashmaliciousBrowse
                                                                                                  rEwoho1ZZpGet hashmaliciousBrowse
                                                                                                    file.shGet hashmaliciousBrowse
                                                                                                      luNKbE5d6SGet hashmaliciousBrowse
                                                                                                        4H6uSpvv5zGet hashmaliciousBrowse
                                                                                                          3HzqkbeKdqGet hashmaliciousBrowse
                                                                                                            EART4pT44dGet hashmaliciousBrowse
                                                                                                              TaGQI2YsXqGet hashmaliciousBrowse
                                                                                                                darm7Get hashmaliciousBrowse
                                                                                                                  4M7eKBXgmPGet hashmaliciousBrowse
                                                                                                                    qbWKt83HokGet hashmaliciousBrowse
                                                                                                                      wq1sIhh7DtGet hashmaliciousBrowse
                                                                                                                        SecuriteInfo.com.ELF.Mirai-BPTTrj.3667.4214Get hashmaliciousBrowse
                                                                                                                          SecuriteInfo.com.Linux.Mirai.4338.9322.23669Get hashmaliciousBrowse

                                                                                                                            Domains

                                                                                                                            No context

                                                                                                                            ASN

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            NETMIHANIRtriage_dropped_file.exeGet hashmaliciousBrowse
                                                                                                                            • 89.32.248.27
                                                                                                                            xkp0987654334567890.exeGet hashmaliciousBrowse
                                                                                                                            • 89.39.208.172
                                                                                                                            lF3mtKMEWz.rtfGet hashmaliciousBrowse
                                                                                                                            • 89.42.211.109
                                                                                                                            IMS211323.xlsxGet hashmaliciousBrowse
                                                                                                                            • 89.42.211.109
                                                                                                                            Swit_copy.exeGet hashmaliciousBrowse
                                                                                                                            • 89.32.248.27
                                                                                                                            dqVPlpmWYt.exeGet hashmaliciousBrowse
                                                                                                                            • 217.144.105.105
                                                                                                                            zJsbHB4YyL.docGet hashmaliciousBrowse
                                                                                                                            • 188.212.22.181
                                                                                                                            IMG_5368437937.exeGet hashmaliciousBrowse
                                                                                                                            • 89.32.249.155
                                                                                                                            Note-357.xlsGet hashmaliciousBrowse
                                                                                                                            • 217.144.104.116
                                                                                                                            gunzipped.exeGet hashmaliciousBrowse
                                                                                                                            • 89.32.249.155
                                                                                                                            Document.exeGet hashmaliciousBrowse
                                                                                                                            • 89.32.249.155
                                                                                                                            05765-2201.docGet hashmaliciousBrowse
                                                                                                                            • 89.39.208.61
                                                                                                                            PO 2420208.exeGet hashmaliciousBrowse
                                                                                                                            • 89.39.208.218
                                                                                                                            98.docGet hashmaliciousBrowse
                                                                                                                            • 89.39.208.61
                                                                                                                            file.docGet hashmaliciousBrowse
                                                                                                                            • 217.144.106.11
                                                                                                                            MENSAJE.docGet hashmaliciousBrowse
                                                                                                                            • 217.144.106.11
                                                                                                                            MENSAJE.docGet hashmaliciousBrowse
                                                                                                                            • 217.144.106.11
                                                                                                                            Archivo_AB-96114571.docGet hashmaliciousBrowse
                                                                                                                            • 217.144.106.11
                                                                                                                            MENSAJE.docGet hashmaliciousBrowse
                                                                                                                            • 217.144.106.11
                                                                                                                            5390080_2021_1-259043.docGet hashmaliciousBrowse
                                                                                                                            • 217.144.106.11
                                                                                                                            AMAZON-02US1xdKlyRFRVGet hashmaliciousBrowse
                                                                                                                            • 34.249.145.219
                                                                                                                            phantom.armGet hashmaliciousBrowse
                                                                                                                            • 18.167.172.122
                                                                                                                            nSg5RM0w0dGet hashmaliciousBrowse
                                                                                                                            • 52.94.98.4
                                                                                                                            VAkpLB9NSDGet hashmaliciousBrowse
                                                                                                                            • 65.11.83.24
                                                                                                                            TO3yjFBDGlGet hashmaliciousBrowse
                                                                                                                            • 34.249.145.219
                                                                                                                            macosx.dllGet hashmaliciousBrowse
                                                                                                                            • 13.224.97.87
                                                                                                                            OLKHN707341.vbsGet hashmaliciousBrowse
                                                                                                                            • 13.224.102.104
                                                                                                                            0CA57F85E88001EDD67DFF84428375DE282F0F92E5BEF.exeGet hashmaliciousBrowse
                                                                                                                            • 52.218.105.35
                                                                                                                            1nJGU59JPU.exeGet hashmaliciousBrowse
                                                                                                                            • 13.224.96.29
                                                                                                                            file.shGet hashmaliciousBrowse
                                                                                                                            • 54.171.230.55
                                                                                                                            kGl1qp3Ox8.exeGet hashmaliciousBrowse
                                                                                                                            • 52.218.104.171
                                                                                                                            72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exeGet hashmaliciousBrowse
                                                                                                                            • 3.13.191.225
                                                                                                                            hWLlYv2MAXGet hashmaliciousBrowse
                                                                                                                            • 52.78.77.106
                                                                                                                            03B8CA0BE4A43FB9CDCC8DC6898F93A71B25412C97107.exeGet hashmaliciousBrowse
                                                                                                                            • 52.14.18.129
                                                                                                                            EART4pT44dGet hashmaliciousBrowse
                                                                                                                            • 54.171.230.55
                                                                                                                            4M7eKBXgmPGet hashmaliciousBrowse
                                                                                                                            • 54.171.230.55
                                                                                                                            CK8BFmrJs3Get hashmaliciousBrowse
                                                                                                                            • 13.53.138.107
                                                                                                                            vEnkH2eeB8Get hashmaliciousBrowse
                                                                                                                            • 184.169.138.24
                                                                                                                            DH-1642092507.xllGet hashmaliciousBrowse
                                                                                                                            • 13.224.92.74
                                                                                                                            DHLExpress.xlsxGet hashmaliciousBrowse
                                                                                                                            • 3.64.163.50
                                                                                                                            CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNN9fUU4K448Get hashmaliciousBrowse
                                                                                                                            • 59.37.132.51
                                                                                                                            d1FRzig7D0Get hashmaliciousBrowse
                                                                                                                            • 113.104.22.106
                                                                                                                            gx86Get hashmaliciousBrowse
                                                                                                                            • 14.215.188.246
                                                                                                                            oQEsh4CvbbGet hashmaliciousBrowse
                                                                                                                            • 125.88.193.114
                                                                                                                            loligang.x86Get hashmaliciousBrowse
                                                                                                                            • 14.22.234.10
                                                                                                                            ltOWLF06E2Get hashmaliciousBrowse
                                                                                                                            • 113.105.10.192
                                                                                                                            yKQzFIK5uJGet hashmaliciousBrowse
                                                                                                                            • 59.37.181.28
                                                                                                                            x5US96njwtGet hashmaliciousBrowse
                                                                                                                            • 113.98.248.7
                                                                                                                            a2lzHiNAYQGet hashmaliciousBrowse
                                                                                                                            • 121.14.0.8
                                                                                                                            gIW78T8mCKGet hashmaliciousBrowse
                                                                                                                            • 113.100.2.179
                                                                                                                            armGet hashmaliciousBrowse
                                                                                                                            • 113.100.2.169
                                                                                                                            sora.armGet hashmaliciousBrowse
                                                                                                                            • 42.240.232.65
                                                                                                                            x86-20211227-1850Get hashmaliciousBrowse
                                                                                                                            • 124.40.196.65
                                                                                                                            arm-20211227-1850Get hashmaliciousBrowse
                                                                                                                            • 113.102.64.112
                                                                                                                            YeIevCqrJ2Get hashmaliciousBrowse
                                                                                                                            • 110.43.250.191
                                                                                                                            IAEKAiR8SLGet hashmaliciousBrowse
                                                                                                                            • 103.215.44.86
                                                                                                                            4Flzip0g1YGet hashmaliciousBrowse
                                                                                                                            • 116.63.78.245
                                                                                                                            fRSSToFVnMGet hashmaliciousBrowse
                                                                                                                            • 119.147.180.38
                                                                                                                            MjZDIRW3qiGet hashmaliciousBrowse
                                                                                                                            • 113.99.32.7
                                                                                                                            qpaMf73US7Get hashmaliciousBrowse
                                                                                                                            • 45.116.51.27

                                                                                                                            JA3 Fingerprints

                                                                                                                            No context

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            /var/cache/man/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):622592
                                                                                                                            Entropy (8bit):4.657516417799966
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:rb7cWWov4H5N80nuDSyvxYCWZ0/VmpRELAR/QuU/MzUCl1NZ:H4WWoGgvSiOp2kl
                                                                                                                            MD5:0C99179B6C5CFE82203424AD7DAD0D8F
                                                                                                                            SHA1:CAC50B64B1352723FF8F58BB1B103B93C396539B
                                                                                                                            SHA-256:CEC6859D12C6A981ACA4D7C88F6E62E9616FB4D765C4A52147A7DA7BAD4F2420
                                                                                                                            SHA-512:4226FDE9F558FFEF2107C330DB942E7E665C51C520A840221541AD255D0995AF64101C69D42C4BD43037364CC4D152851625A53DC56CC188DC28A3DC8C5602F6
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: .W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/cs/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):1.6070136442091312
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:bhVGQeUzGLIsWUMZJ5CggJHtheYdiKNHTlJ8NK:bhVGaGLIWMZXZgxeYtzll
                                                                                                                            MD5:D0CA2EBA9E7A17D4680AA9DDC5F88946
                                                                                                                            SHA1:270F443EFF85209052AE8FFA86660AFB0FAAD39B
                                                                                                                            SHA-256:9504DC65F8B4E057D0939FA3B2C640FC703D0290EE19381836BAA5EB3EFBADBD
                                                                                                                            SHA-512:9F999B0467E396E78A91F0BFE56E191DB9D9AFA6DC47858F3427CB44A39D5A13A206542A471CE15C8851674A234B9A7A49AAB7E6D5AF8D080BBC99C2BA3C56D8
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/cs/index.db.ZlfNLj
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.45676214072558463
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:EE429C7E8B222AFF73C611A8C358B661
                                                                                                                            SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
                                                                                                                            SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
                                                                                                                            SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/da/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):2.24195239843379
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:bhHY2DzMnpU0QMiloesQdUTn3WVE0UnknJfsWdv0SBpEVvsb6eZeGfRL+:dYKM+oagn3WW5nkniWdv0SAVE6eZee6
                                                                                                                            MD5:4DF08004EE4C5384C02376841F2B50BC
                                                                                                                            SHA1:C02E58212CA012913390B4C1CCD64DD3353009EE
                                                                                                                            SHA-256:F4D6A62A734E2844B99F3AD0EB480373AFBE56B29C0CFC9C70D9DFDF19D95C02
                                                                                                                            SHA-512:6146001CA7028F58595235F244AE8FC4ECAEA3E95C83276514FC704E91B7596678E74CDE9963D680F2493F9C04AFDEBC4DB5094E2AB7C1A949E9378307AE0116
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/da/index.db.sZ1J7g
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.45676214072558463
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:EE429C7E8B222AFF73C611A8C358B661
                                                                                                                            SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
                                                                                                                            SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
                                                                                                                            SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/de/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):45056
                                                                                                                            Entropy (8bit):4.163011947149654
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:gMGrknsA3KVtOOcmGMrTJDEEf5RaOHCiVDdtq5:/GrkncXD+qRHCGLq
                                                                                                                            MD5:D1B338D742E0868CE053742EEEF91B5B
                                                                                                                            SHA1:0B7F9534A30B7C831A9DE7D278E602162560D62B
                                                                                                                            SHA-256:2D89B827D3C6B585BA1420620D32A4BDCD94124F18B935D84195AACDD8E6CA3D
                                                                                                                            SHA-512:6A8EB1313C23AEE34B183605205C0C47858F05A74469E0EDD8226CFAB47B2A954B08B09C253F1FAF8059531AA82BFA73DC0C3C91327A742C24186AEE1958DA64
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview: .W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/de/index.db.EXpqJj
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):45056
                                                                                                                            Entropy (8bit):0.20558603354177746
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:55880A8B73FD160B73198E09A21C83DB
                                                                                                                            SHA1:5EB780702D2501747AF46F7525EF5C635EC5E64C
                                                                                                                            SHA-256:66BD4C98AF40E2E208AC102ACD0F555A6C118E7258D91B833BE1D53EBFFB7BBB
                                                                                                                            SHA-512:388924B8CAE80CCA6CA8E5109D0239A963A66CC0454450223EC7FB2A188F6F05E49632E535DC06E49DF6D007B221AA6B3D5F23C80203BCC861FF95EFA10AC1F9
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/es/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):2.469907427008948
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:bhj9SeW/8iDdO/tktuGWTaZxzn3zbHGc2WjAXGBCgfd6Dgzs30z8ztvpWF4DXst:99PGo9Tmn3zbNBSw/fd6Oz8ztQSDXo
                                                                                                                            MD5:3DBF4FF017D406F407BFBC2011BCAE9E
                                                                                                                            SHA1:FF64864ACA18DFA7869715CE8AA5ECC3DABA54B6
                                                                                                                            SHA-256:640C040F364061A5825E913682798C9BC8E1081088894D3FEB2C3EC39D02A379
                                                                                                                            SHA-512:3DCC8F432487C532A1F69D321EB57EFE5CFE65AA3C99B81EA1A56613F8F460EA9ED7D2031615F2E60A3F2EE279D411848E5387CC8B8D5F28D8F8D0055D72489B
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/es/index.db.TpFo5g
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):0.3847690842836057
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:F0B902DEA5EF122A0B1F0F496DDC781B
                                                                                                                            SHA1:90176D320A9C3601787D53CC346DC743367D53F1
                                                                                                                            SHA-256:CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
                                                                                                                            SHA-512:3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/fi/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.5882948808594274
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20yaajjjjjjjjjjjjjjjjjjjjjjjjjjGjjjjjjjjjjjjjjjjjjjjjjjjjjjjjp:bhjz+9Ab
                                                                                                                            MD5:09F6ED1A60B8A4203EA97CF5926C6AFF
                                                                                                                            SHA1:C28F4E393D55AD057E3C7608741904B796F67076
                                                                                                                            SHA-256:56664D61D0BB8BF34CCA28C73CB314CB73EA1C4FAC64D2208B43F63C009FC855
                                                                                                                            SHA-512:476EAE37D827C8BB322213799AB52DBE8FA43274DB3447BC5FEDFED64ECCEAF2C11DA375FDA09B37977D03CA1910E22443B22A3EEA875CE6F3BC698F8ADCC0E2
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/fi/index.db.7peRtj
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.45676214072558463
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:EE429C7E8B222AFF73C611A8C358B661
                                                                                                                            SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
                                                                                                                            SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
                                                                                                                            SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/fr.ISO8859-1/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.9312184489410064
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20yIpyjjjjjjjjjjjjjjjjjjjjjjjjXjjjjjjjjjjjjjjjjjjjjjjjjjjjjGz7:bhbpFi043WmkN2GmGufUeDDx+yxrq3
                                                                                                                            MD5:43ADE2E40B8B5A0DFA0A155FC9A02F7F
                                                                                                                            SHA1:3D04BDFFD0E2A8433150C87D334014099336A5C5
                                                                                                                            SHA-256:81E48EE4653A5E6F25C33133F24F045EB1EB2CC6724ECE0C5336612AB711273E
                                                                                                                            SHA-512:C9C5C436A0E986A39CE3FA1CAF15A92D509F4450744BAE0283204B58CDD6FE9B8EEB8D3E2CAFB4B1ACB46729317FFAEFE86B0DD2D60472CAB30B204CC2003B03
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/fr.ISO8859-1/index.db.D3DIYh
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.45676214072558463
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:EE429C7E8B222AFF73C611A8C358B661
                                                                                                                            SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
                                                                                                                            SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
                                                                                                                            SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/fr.UTF-8/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.9312184489410064
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20yIpyjjjjjjjjjjjjjjjjjjjjjjjjXjjjjjjjjjjjjjjjjjjjjjjjjjjjjGz7:bhbpFi043WmkN2GmGufUeDDx+yxrq3
                                                                                                                            MD5:43ADE2E40B8B5A0DFA0A155FC9A02F7F
                                                                                                                            SHA1:3D04BDFFD0E2A8433150C87D334014099336A5C5
                                                                                                                            SHA-256:81E48EE4653A5E6F25C33133F24F045EB1EB2CC6724ECE0C5336612AB711273E
                                                                                                                            SHA-512:C9C5C436A0E986A39CE3FA1CAF15A92D509F4450744BAE0283204B58CDD6FE9B8EEB8D3E2CAFB4B1ACB46729317FFAEFE86B0DD2D60472CAB30B204CC2003B03
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/fr.UTF-8/index.db.Yx7RGg
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.45676214072558463
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:EE429C7E8B222AFF73C611A8C358B661
                                                                                                                            SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
                                                                                                                            SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
                                                                                                                            SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/fr/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):40960
                                                                                                                            Entropy (8bit):3.830244718458618
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:A4VX6Bd+dla5HmdT8qHl87BaIPay4uz8HkshHnwNO:A4ROd+dStM83PavhHC
                                                                                                                            MD5:4CB1A50FAE931A6DDCB8D43717F68CFD
                                                                                                                            SHA1:48D5D1AA4F57E9F4E74DB5F58E07B1072258B6F4
                                                                                                                            SHA-256:A55E9C861C53956161966CDEB20B99AD41B77BBCA151FEA5105278655B3741B3
                                                                                                                            SHA-512:6509C4764C02543CA75B0ECA69875CD62EDAA56D8C96E04FA3A90FC7755B87DA3A48AFD82140B68EC30C9B08F1530610E20840A58337E1EC0CDC706F3B3AC18E
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/fr/index.db.BJ7edg
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):40960
                                                                                                                            Entropy (8bit):0.22208993462959856
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:425CB57CD9B42556C8089FE7A7A3E495
                                                                                                                            SHA1:4F33F9A9897218FDED958FD8F8D7AF7CD8BC48F3
                                                                                                                            SHA-256:85E01EFF2AC0C83C827E118D5CE2CD1E1A19E059688B6E0D09CB3CC131F065D3
                                                                                                                            SHA-512:8C7D4DACF5C5C5C4B78775048427AF99ED8057590AA3A69FD5B3F875B6DDD249A6DB0AF3A51BB96A7F629D1017B272317583A8DFF89FB3968FFE2F246F040F33
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/hu/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.9419610786280751
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:bh04IR9rYz9kvNQFl46MdnqfPE9eTuF0Ce:bhXIHakVQmnqXqeT/Ce
                                                                                                                            MD5:18F02B57872A97DE1E82FF5348A5AF1B
                                                                                                                            SHA1:52F332343B120B1C950AC02B3C923556C70DC62A
                                                                                                                            SHA-256:5C605DE68B3E05754698485F73413F4052AEA8C3AAE6012AC6416B3B6B056DF7
                                                                                                                            SHA-512:E33A8412F52D26BDE55E4D72E0D9D09EB777F4B882F5BB1C4625AB392EE321D6ACD8795001BF50CCDACFAC131A1263B1398F208799F753554C43349136EB8BEC
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/hu/index.db.sHXoSi
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.45676214072558463
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:EE429C7E8B222AFF73C611A8C358B661
                                                                                                                            SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
                                                                                                                            SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
                                                                                                                            SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/id/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):1.309811236154278
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:bhESUeDVrWTVd5ekRv/KSmGWqR0VouC4btU8IzTC74ExJKGtII:bhEVeBqTVdAcn3Iowl4UBtx
                                                                                                                            MD5:3AFDA1B0F729816929FF7A6628D776D5
                                                                                                                            SHA1:5982940A5782F11AEB5BF859C055DE3FEFBDF5DB
                                                                                                                            SHA-256:77809D5F38F6D96A2E8BA9BE0DFBB16C10B6B1FF7D2BA1DD5FB9437F73C47E7F
                                                                                                                            SHA-512:6D4CE03475C68EDC0AE928E7F65BB8C06198721146A1266F55455AF3D5E24F44A569E007C0DC44BC7745C1573DBC7F02B8C4094F9BD97FAF6A0B5894BE0E07E5
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/id/index.db.vdaV8j
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.45676214072558463
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:EE429C7E8B222AFF73C611A8C358B661
                                                                                                                            SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
                                                                                                                            SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
                                                                                                                            SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/index.db.UKja7g
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):622592
                                                                                                                            Entropy (8bit):0.022159377425242585
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:2E442DBA85DEDFDCB07090FDF9DE90D0
                                                                                                                            SHA1:02658086E93854D13D82B1F0D80F4B78D26DCA51
                                                                                                                            SHA-256:62406BFE7657964E490DE65A0007F7C1D59B62B2B9AD35BA55BA219673378848
                                                                                                                            SHA-512:FDBBA0DEF310CF7DBF448CFB6E5C9CDCEFBF6A0CAEB26CA3AFA91A388FBA10A9E77BCC27CA9B0AEA2A7B67F964849E147FB44862C7394C2C7CDCB572C06FCB05
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/it/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):3.3621193886235408
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:Jtp0q5d98n3SaMfhtxfmbMy+HseeNwoMbHf:JDd9QSBf
                                                                                                                            MD5:B228DE097081AF360D337CF8C8FF2C6F
                                                                                                                            SHA1:7DD2C4640925B225F98014566F73C35F4E960940
                                                                                                                            SHA-256:1056CECADA78542B173EE469C9BEAF61F81298EBBD21B54EA6EE449028E18B3F
                                                                                                                            SHA-512:F61D7F9040E452C4B1B77F3657BE4252475C3BF23D78EED903A5E55FA97BA0571BA3AD90DBA7F77C334DF5B721F909B12720515034421A4AAB0450D1D43B32E4
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/it/index.db.GcsYBg
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):0.3847690842836057
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:F0B902DEA5EF122A0B1F0F496DDC781B
                                                                                                                            SHA1:90176D320A9C3601787D53CC346DC743367D53F1
                                                                                                                            SHA-256:CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
                                                                                                                            SHA-512:3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/ja/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):3.667488020062395
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:CF4pPRfAgFn35FF1veUMjGiEGBuPhiB0PUKwA+U:5PRfAgFn35MSeAPUjN
                                                                                                                            MD5:D3CD7D67F8155491493BB7235FB9AA57
                                                                                                                            SHA1:5A7AE62A7AFE50EFCCED06CBD56AE2A0A284EFF3
                                                                                                                            SHA-256:6958349ECA637F99AABC419B5E402CFB50BC5B8867F31BCB67F064F47A209929
                                                                                                                            SHA-512:1168BF697CDE563F7D82A71EAE1CD496EA81D178B26F87EAAF2EDEED13274B1E3500CE1C981647717598495EBE1FF8F8AC54AD33547506E566C925D7002F5CFF
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/ja/index.db.vELFYg
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):0.3847690842836057
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:F0B902DEA5EF122A0B1F0F496DDC781B
                                                                                                                            SHA1:90176D320A9C3601787D53CC346DC743367D53F1
                                                                                                                            SHA-256:CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
                                                                                                                            SHA-512:3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/ko/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.7847786157292606
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20yYn0jjjjjjjjjjjjjjjjjjjjjjjjjjGjjjjjjjjjjjjjjjjjjjjjjjjjmjj7:bhXYznMk31RFe6f
                                                                                                                            MD5:FBA25855E1C99D8F87E8AC13E2E2ECB1
                                                                                                                            SHA1:D99351AC40D6CC4C9BE54E0E018C44A9A88983D7
                                                                                                                            SHA-256:C0E18ED1CEFF427FD4D57D1B79CE1AF7320AC8453BAF8A0349C08267464C4D71
                                                                                                                            SHA-512:0969DF6506E083A4995A18518BC3C4472157E7790EEC26C08221B0FC6DE9C7DA0ADB11CF92C56BC35B89BC60447F3D991F935E352552B58FB9BD1D4B2579FBB0
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/ko/index.db.9vbCii
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.45676214072558463
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:EE429C7E8B222AFF73C611A8C358B661
                                                                                                                            SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
                                                                                                                            SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
                                                                                                                            SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/nl/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):2.554204221242331
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:H8Y5a2oquB2aCYn3lvu3whjXVobdbs7dq1KJGbtf0Hoa:hoquYaCYn3Q8jXqbdbs7dGbKHoa
                                                                                                                            MD5:27FED1CA8EB0101C459D9A617C833293
                                                                                                                            SHA1:503B2A3E33FE79FF2CD58F831ED33DB358849BEA
                                                                                                                            SHA-256:C3033C4F7CF0D6108611EF5A62CA893F98EE6463DDCFF7100D3BAFDEB0036D9E
                                                                                                                            SHA-512:7BD630F5E0C5A91C34D2E48D0053923C9F2F5BAA07D21FDA79E60F3AFDF759E594E6639562C1F3EE68DD080D417009DC3AFB7DA534E3B8C29FF7B10438C3FD4E
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/nl/index.db.1Otz8j
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16384
                                                                                                                            Entropy (8bit):0.45676214072558463
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:EE429C7E8B222AFF73C611A8C358B661
                                                                                                                            SHA1:DA353E80DCF1195F259CCBC32D39F5923710453F
                                                                                                                            SHA-256:BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
                                                                                                                            SHA-512:DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/pl/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):2.880948418505059
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:7Sf8026LXqn3ZTV6pXAmA44BRqvc3X3GVAjvAk/AvdWjWftxA:E802uXqn3/6pxARqr8kdWjW1
                                                                                                                            MD5:37CEBCD3F5BF6322785FFF568EE33131
                                                                                                                            SHA1:201298C827C77C60CD314BF721DC4C27EF95BD64
                                                                                                                            SHA-256:012C5597C5DD8654EB14432AFCEFD9B131F2CE75AD21488991A5A688929AAEA6
                                                                                                                            SHA-512:CCC8A8CCF4ACA332CAF610155DE9E7C4A12D1C45C98D20766B86098A3D2EF332189F159E3956944CD302DF652FE7A6F0D07CA39CBE7DF4A655D3211452487582
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/pl/index.db.sAiATj
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):0.3847690842836057
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
                                                                                                                            MD5:F0B902DEA5EF122A0B1F0F496DDC781B
                                                                                                                            SHA1:90176D320A9C3601787D53CC346DC743367D53F1
                                                                                                                            SHA-256:CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
                                                                                                                            SHA-512:3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
                                                                                                                            Malicious:false
                                                                                                                            Preview: .W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            /var/cache/man/pt/5225
                                                                                                                            Process:/usr/bin/mandb
                                                                                                                            File Type:GNU dbm 1.x or ndbm database, little endian, 64-bit
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):2.4110695640960995
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:mva8yGn35+0+eo8TAnBW4VppKP8qtRJI:Sa8Rn35+peo8T8V/fqlI
                                                                                                                            MD5:782FF89B6FA5932F7019AF9CF3F82E43
                                                                                                                            SHA1:2ECE8DC134E3A292E2545AA2DCD24114A5FC5749
                                                                                                                            SHA-256:01E77D9235C524F2A61EA03953607C13831C391A5B9AB0D9094F9C38F0EEB02E
                                                                                                                            SHA-512:2305BEC024CA5D8B43267F5487B02081A0A746B73608E11217D19C91AD857B6A5D8E935194AC