Malware Analysis Report

2025-01-23 15:15

Sample ID 240825-x3yvnszhkg
Target c169d068d84c1f032718a563e94efc11_JaffaCakes118
SHA256 9de75dc8915b7c93d9096ae9838f03b493205a9bc67614e2f8316b41afdb2095
Tags
antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9de75dc8915b7c93d9096ae9838f03b493205a9bc67614e2f8316b41afdb2095

Threat Level: Shows suspicious behavior

The file c169d068d84c1f032718a563e94efc11_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm

Executes dropped EXE

Checks CPU configuration

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 19:23

Signatures

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:25

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/lib/64/libnss_dns.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libnss_dns.so.2

[/tmp/.rsync/c/lib/64/libnss_dns.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

0s

Max time network

131s

Command Line

[/tmp/.rsync/c/slow]

Signatures

N/A

Processes

/tmp/.rsync/c/slow

[/tmp/.rsync/c/slow]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.129.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.39:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 84.17.50.8:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-mipsel-20240611-en

Max time kernel

19s

Command Line

[/tmp/.rsync/c/start]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/.rsync/c/aptitude /tmp/.rsync/c/aptitude N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/dir.dir /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/n /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/aptitude /tmp/.rsync/c/start N/A

Processes

/tmp/.rsync/c/start

[/tmp/.rsync/c/start]

/bin/cat

[cat dir.dir]

/bin/chmod

[chmod 777 dir.dir go lib run slow start tsm tsm32 tsm64 watchdog]

/bin/rm

[rm -rf n]

/bin/chmod

[chmod u+x aptitude]

/bin/chmod

[chmod 777 aptitude dir.dir go lib n run slow start tsm tsm32 tsm64 watchdog]

/tmp/.rsync/c/aptitude

[./aptitude]

/tmp/.rsync/c/run

[./run]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep model]

/bin/grep

[grep name]

/usr/bin/wc

[wc -l]

/bin/sleep

[sleep 15]

/tmp/.rsync/c/stop

[./stop]

/bin/sleep

[sleep 3]

/bin/sleep

[sleep 167]

Network

N/A

Files

/tmp/.rsync/c/dir.dir

MD5 d05965cfc0c0565553560b8b7b333278
SHA1 70244a712971c4f69dee8ca87e8d42e4c233c420
SHA256 3a8d06d954d378e5e7dccb826ba19b974c3c7a040e32fd7f2d7e3e92ae11e936
SHA512 314a511cc21bfc5db9081b85f3316658e0df761c03219e84d1e1430137018c54cf30a994254b03fd89076a98026958225c61ebf0522e61715184d83709e3fa6e

/tmp/.rsync/c/n

MD5 b026324c6904b2a9cb4b88d6d61c81d1
SHA1 e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA256 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA512 3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

/tmp/.rsync/c/aptitude

MD5 7fe1e0b056286ea25cf04692f1013053
SHA1 a99584a99ef59d1a707707c96ac5f64681acee29
SHA256 24ffdaa80dc543f1cf68e35f0977096e4cc20ca05245008366a3d24dc9bbe31e
SHA512 d5b1882907e26060a78d4181ccd1b4d980e8f7bd9b7ec5acc9865b620df76247f1822eb987c8e64fd9a58433915618a6245c2ee808bb29d37e3f5920d88d7608

Analysis: behavioral10

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu2204-amd64-20240729-en

Max time kernel

0s

Max time network

131s

Command Line

[/tmp/.rsync/c/lib/32/libresolv-2.23.so]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libresolv-2.23.so

[/tmp/.rsync/c/lib/32/libresolv-2.23.so]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

133s

Command Line

[/tmp/.rsync/c/lib/32/libresolv.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libresolv.so.2

[/tmp/.rsync/c/lib/32/libresolv.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 91.189.91.82:80 security.ubuntu.com tcp
SE 194.71.11.163:80 se.archive.ubuntu.com tcp
US 8.8.8.8:53 _http._tcp.chuangtzu.ftp.acc.umu.se udp
US 8.8.8.8:53 chuangtzu.ftp.acc.umu.se udp
US 8.8.8.8:53 chuangtzu.ftp.acc.umu.se udp
US 8.8.8.8:53 _http._tcp.gemmei.ftp.acc.umu.se udp
US 8.8.8.8:53 gemmei.ftp.acc.umu.se udp
US 8.8.8.8:53 gemmei.ftp.acc.umu.se udp
SE 194.71.11.137:80 gemmei.ftp.acc.umu.se tcp
US 8.8.8.8:53 _http._tcp.saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
SE 194.71.11.138:80 saimei.ftp.acc.umu.se tcp
US 1.1.1.1:53 chuangtzu.ftp.acc.umu.se udp
US 1.1.1.1:53 chuangtzu.ftp.acc.umu.se udp
US 8.8.8.8:53 chuangtzu.ftp.acc.umu.se udp
US 8.8.8.8:53 chuangtzu.ftp.acc.umu.se udp
SE 194.71.11.167:80 chuangtzu.ftp.acc.umu.se tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-mipsbe-20240611-en

Max time kernel

147s

Command Line

[/tmp/.rsync/c/go]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/go

[/tmp/.rsync/c/go]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-mipsel-20240729-en

Max time kernel

148s

Command Line

[/tmp/.rsync/c/go]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/go

[/tmp/.rsync/c/go]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu2204-amd64-20240522.1-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/.rsync/c/lib/64/libresolv.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libresolv.so.2

[/tmp/.rsync/c/lib/64/libresolv.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
GB 185.125.190.83:80 security.ubuntu.com tcp
SE 194.71.11.163:80 se.archive.ubuntu.com tcp
US 8.8.8.8:53 _http._tcp.saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 _http._tcp.chuangtzu.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
SE 194.71.11.138:80 saimei.ftp.acc.umu.se tcp
US 8.8.8.8:53 chuangtzu.ftp.acc.umu.se udp
US 8.8.8.8:53 chuangtzu.ftp.acc.umu.se udp
SE 194.71.11.167:80 chuangtzu.ftp.acc.umu.se tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/.rsync/c/lib/64/libnss_files.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libnss_files.so.2

[/tmp/.rsync/c/lib/64/libnss_files.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-armhf-20240729-en

Max time kernel

89s

Command Line

[/tmp/.rsync/c/start]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/.rsync/c/aptitude /tmp/.rsync/c/aptitude N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/n /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/dir.dir /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/aptitude /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/start

[/tmp/.rsync/c/start]

/bin/cat

[cat dir.dir]

/bin/chmod

[chmod 777 dir.dir go lib run slow start tsm tsm32 tsm64 watchdog]

/bin/rm

[rm -rf n]

/bin/chmod

[chmod u+x aptitude]

/bin/chmod

[chmod 777 aptitude dir.dir go lib n run slow start tsm tsm32 tsm64 watchdog]

/tmp/.rsync/c/aptitude

[./aptitude]

/tmp/.rsync/c/run

[./run]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep name]

/bin/grep

[grep model]

/usr/bin/wc

[wc -l]

/bin/sleep

[sleep 15]

/tmp/.rsync/c/stop

[./stop]

/bin/sleep

[sleep 3]

/bin/sleep

[sleep 24]

/usr/bin/nohup

[nohup ./go]

/tmp/.rsync/c/go

[./go]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

Network

N/A

Files

/tmp/.rsync/c/dir.dir

MD5 d05965cfc0c0565553560b8b7b333278
SHA1 70244a712971c4f69dee8ca87e8d42e4c233c420
SHA256 3a8d06d954d378e5e7dccb826ba19b974c3c7a040e32fd7f2d7e3e92ae11e936
SHA512 314a511cc21bfc5db9081b85f3316658e0df761c03219e84d1e1430137018c54cf30a994254b03fd89076a98026958225c61ebf0522e61715184d83709e3fa6e

/tmp/.rsync/c/n

MD5 b026324c6904b2a9cb4b88d6d61c81d1
SHA1 e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA256 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA512 3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

/tmp/.rsync/c/aptitude

MD5 7fe1e0b056286ea25cf04692f1013053
SHA1 a99584a99ef59d1a707707c96ac5f64681acee29
SHA256 24ffdaa80dc543f1cf68e35f0977096e4cc20ca05245008366a3d24dc9bbe31e
SHA512 d5b1882907e26060a78d4181ccd1b4d980e8f7bd9b7ec5acc9865b620df76247f1822eb987c8e64fd9a58433915618a6245c2ee808bb29d37e3f5920d88d7608

memory/1031-1-0xb6be7000-0xb6bf8044-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-armhf-20240611-en

Max time kernel

148s

Command Line

[/tmp/.rsync/c/go]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/go

[/tmp/.rsync/c/go]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:23

Platform

ubuntu2204-amd64-20240522.1-en

Max time kernel

0s

Command Line

[/tmp/.rsync/c/lib/32/libc.so.6]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libc.so.6

[/tmp/.rsync/c/lib/32/libc.so.6]

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/.rsync/c/lib/32/libnss_files.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libnss_files.so.2

[/tmp/.rsync/c/lib/32/libnss_files.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

111s

Max time network

132s

Command Line

[/tmp/.rsync/c/run]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Processes

/tmp/.rsync/c/run

[/tmp/.rsync/c/run]

/bin/grep

[grep name]

/usr/bin/wc

[wc -l]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/sleep

[sleep 15]

/tmp/.rsync/c/stop

[./stop]

/bin/sleep

[sleep 3]

/bin/sleep

[sleep 93]

/usr/bin/nohup

[nohup ./go]

/tmp/.rsync/c/go

[./go]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.15:443 tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-armhf-20240611-en

Max time kernel

120s

Command Line

[/tmp/.rsync/c/run]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Processes

/tmp/.rsync/c/run

[/tmp/.rsync/c/run]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep name]

/bin/grep

[grep model]

/usr/bin/wc

[wc -l]

/bin/sleep

[sleep 15]

/tmp/.rsync/c/stop

[./stop]

/bin/sleep

[sleep 3]

/bin/sleep

[sleep 102]

/usr/bin/nohup

[nohup ./go]

/tmp/.rsync/c/go

[./go]

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/.rsync/c/lib/32/libdl.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libdl.so.2

[/tmp/.rsync/c/lib/32/libdl.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu2204-amd64-20240729-en

Max time kernel

0s

Max time network

131s

Command Line

[/tmp/.rsync/c/lib/64/libc.so.6]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libc.so.6

[/tmp/.rsync/c/lib/64/libc.so.6]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu2404-amd64-20240729-en

Max time kernel

0s

Max time network

130s

Command Line

[/tmp/.rsync/c/lib/64/libresolv-2.23.so]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libresolv-2.23.so

[/tmp/.rsync/c/lib/64/libresolv-2.23.so]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

147s

Max time network

132s

Command Line

[/tmp/.rsync/c/start]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/.rsync/c/aptitude /tmp/.rsync/c/aptitude N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/aptitude /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/n /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/dir.dir /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/start

[/tmp/.rsync/c/start]

/bin/cat

[cat dir.dir]

/bin/chmod

[chmod 777 dir.dir go lib run slow start tsm tsm32 tsm64 watchdog]

/bin/rm

[rm -rf n]

/bin/chmod

[chmod u+x aptitude]

/bin/chmod

[chmod 777 aptitude dir.dir go lib n run slow start tsm tsm32 tsm64 watchdog]

/tmp/.rsync/c/aptitude

[./aptitude]

/tmp/.rsync/c/run

[./run]

/bin/grep

[grep model]

/bin/grep

[grep name]

/usr/bin/wc

[wc -l]

/bin/cat

[cat /proc/cpuinfo]

/bin/sleep

[sleep 15]

/tmp/.rsync/c/stop

[./stop]

/bin/sleep

[sleep 3]

/bin/sleep

[sleep 42]

/usr/bin/nohup

[nohup ./go]

/tmp/.rsync/c/go

[./go]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64 -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.193.91:443 tcp
GB 195.181.164.20:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 84.17.50.9:443 1527653184.rsc.cdn77.org tcp

Files

/tmp/.rsync/c/dir.dir

MD5 d05965cfc0c0565553560b8b7b333278
SHA1 70244a712971c4f69dee8ca87e8d42e4c233c420
SHA256 3a8d06d954d378e5e7dccb826ba19b974c3c7a040e32fd7f2d7e3e92ae11e936
SHA512 314a511cc21bfc5db9081b85f3316658e0df761c03219e84d1e1430137018c54cf30a994254b03fd89076a98026958225c61ebf0522e61715184d83709e3fa6e

/tmp/.rsync/c/n

MD5 b026324c6904b2a9cb4b88d6d61c81d1
SHA1 e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA256 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA512 3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

/tmp/.rsync/c/aptitude

MD5 7fe1e0b056286ea25cf04692f1013053
SHA1 a99584a99ef59d1a707707c96ac5f64681acee29
SHA256 24ffdaa80dc543f1cf68e35f0977096e4cc20ca05245008366a3d24dc9bbe31e
SHA512 d5b1882907e26060a78d4181ccd1b4d980e8f7bd9b7ec5acc9865b620df76247f1822eb987c8e64fd9a58433915618a6245c2ee808bb29d37e3f5920d88d7608

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:23

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Command Line

[/tmp/.rsync/c/lib/32/libpthread.so.0]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libpthread.so.0

[/tmp/.rsync/c/lib/32/libpthread.so.0]

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/.rsync/c/slow]

Signatures

N/A

Processes

/tmp/.rsync/c/slow

[/tmp/.rsync/c/slow]

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-mipsel-20240611-en

Max time kernel

0s

Command Line

[/tmp/.rsync/c/slow]

Signatures

N/A

Processes

/tmp/.rsync/c/slow

[/tmp/.rsync/c/slow]

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-mipsbe-20240611-en

Max time kernel

19s

Command Line

[/tmp/.rsync/c/run]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Processes

/tmp/.rsync/c/run

[/tmp/.rsync/c/run]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep name]

/usr/bin/wc

[wc -l]

/bin/sleep

[sleep 15]

/tmp/.rsync/c/stop

[./stop]

/bin/sleep

[sleep 3]

/bin/sleep

[sleep 174]

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:25

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/lib/32/tsm]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/tsm

[/tmp/.rsync/c/lib/32/tsm]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu2204-amd64-20240522.1-en

Max time kernel

0s

Max time network

133s

Command Line

[/tmp/.rsync/c/lib/64/libdl.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libdl.so.2

[/tmp/.rsync/c/lib/64/libdl.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
GB 185.125.190.82:80 security.ubuntu.com tcp
SE 194.71.11.165:80 se.archive.ubuntu.com tcp
US 8.8.8.8:53 _http._tcp.saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 _http._tcp.chuangtzu.ftp.acc.umu.se udp
US 1.1.1.1:53 _http._tcp.chuangtzu.ftp.acc.umu.se udp
US 1.1.1.1:53 _http._tcp.saimei.ftp.acc.umu.se udp
US 1.1.1.1:53 saimei.ftp.acc.umu.se udp
US 1.1.1.1:53 saimei.ftp.acc.umu.se udp
US 1.1.1.1:53 chuangtzu.ftp.acc.umu.se udp
US 1.1.1.1:53 chuangtzu.ftp.acc.umu.se udp
SE 194.71.11.167:80 chuangtzu.ftp.acc.umu.se tcp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
SE 194.71.11.138:80 saimei.ftp.acc.umu.se tcp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:25

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

128s

Command Line

[/tmp/.rsync/c/lib/64/tsm]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:25

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

128s

Command Line

[/tmp/.rsync/c/lib/32/libnss_dns.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libnss_dns.so.2

[/tmp/.rsync/c/lib/32/libnss_dns.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-mipsel-20240418-en

Max time kernel

18s

Command Line

[/tmp/.rsync/c/run]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Processes

/tmp/.rsync/c/run

[/tmp/.rsync/c/run]

/bin/grep

[grep name]

/usr/bin/wc

[wc -l]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/sleep

[sleep 15]

/tmp/.rsync/c/stop

[./stop]

/bin/sleep

[sleep 3]

/bin/sleep

[sleep 147]

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-mipsbe-20240611-en

Max time kernel

148s

Command Line

[/tmp/.rsync/c/start]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/.rsync/c/aptitude /tmp/.rsync/c/aptitude N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/dir.dir /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/aptitude /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/n /tmp/.rsync/c/start N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/start

[/tmp/.rsync/c/start]

/bin/cat

[cat dir.dir]

/bin/chmod

[chmod 777 dir.dir go lib run slow start tsm tsm32 tsm64 watchdog]

/bin/rm

[rm -rf n]

/bin/chmod

[chmod u+x aptitude]

/bin/chmod

[chmod 777 aptitude dir.dir go lib n run slow start tsm tsm32 tsm64 watchdog]

/tmp/.rsync/c/aptitude

[./aptitude]

/tmp/.rsync/c/run

[./run]

/bin/grep

[grep name]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/usr/bin/wc

[wc -l]

/bin/sleep

[sleep 15]

/tmp/.rsync/c/stop

[./stop]

/bin/sleep

[sleep 3]

/bin/sleep

[sleep 31]

/usr/bin/nohup

[nohup ./go]

/tmp/.rsync/c/go

[./go]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/readlink

[readlink -f ./tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/bin/sleep

[sleep 3]

Network

N/A

Files

/tmp/.rsync/c/dir.dir

MD5 d05965cfc0c0565553560b8b7b333278
SHA1 70244a712971c4f69dee8ca87e8d42e4c233c420
SHA256 3a8d06d954d378e5e7dccb826ba19b974c3c7a040e32fd7f2d7e3e92ae11e936
SHA512 314a511cc21bfc5db9081b85f3316658e0df761c03219e84d1e1430137018c54cf30a994254b03fd89076a98026958225c61ebf0522e61715184d83709e3fa6e

/tmp/.rsync/c/n

MD5 b026324c6904b2a9cb4b88d6d61c81d1
SHA1 e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA256 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA512 3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

/tmp/.rsync/c/aptitude

MD5 7fe1e0b056286ea25cf04692f1013053
SHA1 a99584a99ef59d1a707707c96ac5f64681acee29
SHA256 24ffdaa80dc543f1cf68e35f0977096e4cc20ca05245008366a3d24dc9bbe31e
SHA512 d5b1882907e26060a78d4181ccd1b4d980e8f7bd9b7ec5acc9865b620df76247f1822eb987c8e64fd9a58433915618a6245c2ee808bb29d37e3f5920d88d7608

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

132s

Command Line

[/tmp/.rsync/c/go]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/go

[/tmp/.rsync/c/go]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/usr/bin/timeout

[timeout 12h ./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 302 -f 1 -s 8 -S 8 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:25

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/.rsync/c/lib/64/libpthread.so.0]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libpthread.so.0

[/tmp/.rsync/c/lib/64/libpthread.so.0]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-08-25 19:23

Reported

2024-08-25 19:26

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/.rsync/c/slow]

Signatures

N/A

Processes

/tmp/.rsync/c/slow

[/tmp/.rsync/c/slow]

Network

N/A

Files

N/A