Linux
Analysis Report
arm.elf
Overview
General Information
Sample name: | arm.elf |
Analysis ID: | 1654181 |
MD5: | f56d6a876b9bfafd2a8f38341445d895 |
SHA1: | ad6fd8c2bb1ac5d5bbbb8fbb3629c0cc8d121d67 |
SHA256: | 3d630b1a40a96b505a9ab440d07319bf9f71b5ea81aa43915e2455d0824cc72b |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 52 |
Range: | 0 - 100 |
Signatures
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654181 |
Start date and time: | 2025-04-02 03:04:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | arm.elf |
Detection: | MAL |
Classification: | mal52.troj.evad.linELF@0/2@8/0 |
- VT rate limit hit for: kamru.ru
Command: | /tmp/arm.elf |
PID: | 5510 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | For God so loved the world |
Standard Error: |
- system is lnxubuntu20
- arm.elf New Fork (PID: 5518, Parent: 5510)
- dash New Fork (PID: 5568, Parent: 3633)
- dash New Fork (PID: 5569, Parent: 3633)
- dash New Fork (PID: 5570, Parent: 3633)
- dash New Fork (PID: 5571, Parent: 3633)
- dash New Fork (PID: 5572, Parent: 3633)
- dash New Fork (PID: 5573, Parent: 3633)
- dash New Fork (PID: 5574, Parent: 3633)
- dash New Fork (PID: 5575, Parent: 3633)
- dash New Fork (PID: 5576, Parent: 3633)
- dash New Fork (PID: 5577, Parent: 3633)
- cleanup
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
Click to jump to signature section
Networking |
---|
Source: | TCP traffic: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | UDP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | 1 Ingress Tool Transfer | Scheduled Transfer | Data Encrypted for Impact |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs | Linux.Trojan.Mirai |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
stun.l.google.com | 74.125.250.129 | true | false | high | |
kamru.ru | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
34.254.182.186 | unknown | United States | 16509 | AMAZON-02US | false | |
104.245.241.61 | unknown | United States | 8100 | ASN-QUADRANET-GLOBALUS | false | |
154.205.155.97 | unknown | Seychelles | 26484 | IKGUL-26484US | true | |
74.125.250.129 | stun.l.google.com | United States | 15169 | GOOGLEUS | false | |
54.247.62.1 | unknown | United States | 16509 | AMAZON-02US | false | |
156.244.44.239 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
34.254.182.186 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
104.245.241.61 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
154.205.155.97 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
54.247.62.1 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
AMAZON-02US | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
IKGUL-26484US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
ASN-QUADRANET-GLOBALUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | /tmp/arm.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 13 |
Entropy (8bit): | 3.3927474104487847 |
Encrypted: | false |
SSDEEP: | 3:Tg7G:Tgy |
MD5: | 060C950602AE5DFAF583473721C0D328 |
SHA1: | 91D13B439729088DC17F1E0519970D82C56F2B07 |
SHA-256: | F8D4586FDF6230A2D5F431EF44BABDF37F6D7CEDBB3560702B0DC8493DD44EE3 |
SHA-512: | 000D50E0A5736B0AB3B1BF61F55911914808FA197365B10F61F24096E2959ADAC2C3FF0D9ED226AD99934093F9FDD1C7035A22EEB5091DF75402A0A26E7A84AC |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | /tmp/arm.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 13 |
Entropy (8bit): | 3.3927474104487847 |
Encrypted: | false |
SSDEEP: | 3:Tg7G:Tgy |
MD5: | 060C950602AE5DFAF583473721C0D328 |
SHA1: | 91D13B439729088DC17F1E0519970D82C56F2B07 |
SHA-256: | F8D4586FDF6230A2D5F431EF44BABDF37F6D7CEDBB3560702B0DC8493DD44EE3 |
SHA-512: | 000D50E0A5736B0AB3B1BF61F55911914808FA197365B10F61F24096E2959ADAC2C3FF0D9ED226AD99934093F9FDD1C7035A22EEB5091DF75402A0A26E7A84AC |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.103208997259613 |
TrID: |
|
File name: | arm.elf |
File size: | 75'796 bytes |
MD5: | f56d6a876b9bfafd2a8f38341445d895 |
SHA1: | ad6fd8c2bb1ac5d5bbbb8fbb3629c0cc8d121d67 |
SHA256: | 3d630b1a40a96b505a9ab440d07319bf9f71b5ea81aa43915e2455d0824cc72b |
SHA512: | c2cac4e52316bac8cb9f2ae03abb1b2500d99ef24cc152849e739fd4ca927f29a38ac981e935e00d82e6f7925838b9d006d74b783d4371a7ccad96b3071992ff |
SSDEEP: | 1536:QaeAeIbGBrmZPsqdn8tpv3p8dJczfKreCyDHvZ2jZerVWFGw2B8H5lVvti:Qave6GBrmZPsqdn833ffKrePDHvcF2Uy |
TLSH: | 51730845BD429B16C6D1067BFB1F828D3326239CE2EE7613DA259F21378F56A0E7B041 |
File Content Preview: | .ELF...a..........(.........4....&......4. ...(.....................P#..P#..............T#..T#..T#.......g..........Q.td..................................-...L."....B..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 75396 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0x10b60 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x18c10 | 0x10c10 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x18c24 | 0x10c24 | 0x172c | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x22354 | 0x12354 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x2235c | 0x1235c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x22368 | 0x12368 | 0x2dc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x22644 | 0x12644 | 0x64a0 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x12644 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0x12350 | 0x12350 | 6.1239 | 0x5 | R E | 0x8000 | .init .text .fini .rodata | |
LOAD | 0x12354 | 0x22354 | 0x22354 | 0x2f0 | 0x6790 | 3.7434 | 0x6 | RW | 0x8000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 61
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 03:05:11.350842953 CEST | 59330 | 443 | 192.168.2.14 | 34.254.182.186 |
Apr 2, 2025 03:05:15.128103971 CEST | 48906 | 46164 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:15.284056902 CEST | 46164 | 48906 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:15.284415960 CEST | 48906 | 46164 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:15.440352917 CEST | 46164 | 48906 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:15.440540075 CEST | 48906 | 46164 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:15.595556974 CEST | 46164 | 48906 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:15.595726013 CEST | 48906 | 46164 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:16.488457918 CEST | 48906 | 46164 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:16.643482924 CEST | 46164 | 48906 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:16.643513918 CEST | 46164 | 48906 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:16.644002914 CEST | 48906 | 46164 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:16.800509930 CEST | 46164 | 48906 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:17.746192932 CEST | 56052 | 56190 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:17.901118994 CEST | 56190 | 56052 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:17.901213884 CEST | 56052 | 56190 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:18.059030056 CEST | 56190 | 56052 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:18.059192896 CEST | 56052 | 56190 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:18.217941046 CEST | 56190 | 56052 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:18.218066931 CEST | 56052 | 56190 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:19.099934101 CEST | 56052 | 56190 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:19.256319046 CEST | 56190 | 56052 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:19.256330013 CEST | 56190 | 56052 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:19.260443926 CEST | 56052 | 56190 | 192.168.2.14 | 156.244.44.239 |
Apr 2, 2025 03:05:19.415329933 CEST | 56190 | 56052 | 156.244.44.239 | 192.168.2.14 |
Apr 2, 2025 03:05:20.358320951 CEST | 45536 | 7679 | 192.168.2.14 | 104.245.241.61 |
Apr 2, 2025 03:05:20.746876001 CEST | 7679 | 45536 | 104.245.241.61 | 192.168.2.14 |
Apr 2, 2025 03:05:20.747670889 CEST | 45536 | 7679 | 192.168.2.14 | 104.245.241.61 |
Apr 2, 2025 03:05:21.139000893 CEST | 7679 | 45536 | 104.245.241.61 | 192.168.2.14 |
Apr 2, 2025 03:05:21.139185905 CEST | 45536 | 7679 | 192.168.2.14 | 104.245.241.61 |
Apr 2, 2025 03:05:21.527673960 CEST | 7679 | 45536 | 104.245.241.61 | 192.168.2.14 |
Apr 2, 2025 03:05:21.527812004 CEST | 45536 | 7679 | 192.168.2.14 | 104.245.241.61 |
Apr 2, 2025 03:05:21.947647095 CEST | 45536 | 7679 | 192.168.2.14 | 104.245.241.61 |
Apr 2, 2025 03:05:22.339909077 CEST | 7679 | 45536 | 104.245.241.61 | 192.168.2.14 |
Apr 2, 2025 03:05:22.340159893 CEST | 7679 | 45536 | 104.245.241.61 | 192.168.2.14 |
Apr 2, 2025 03:05:22.340630054 CEST | 45536 | 7679 | 192.168.2.14 | 104.245.241.61 |
Apr 2, 2025 03:05:22.731199980 CEST | 7679 | 45536 | 104.245.241.61 | 192.168.2.14 |
Apr 2, 2025 03:05:23.445600033 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:05:23.602647066 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:05:23.602829933 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:05:23.759509087 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:05:23.759635925 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:05:23.917474031 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:05:23.917604923 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:05:24.809668064 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:05:24.965492010 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:05:39.823708057 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:05:39.903577089 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:39.903630972 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:39.903704882 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:39.904968977 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:39.904988050 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:39.979255915 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:05:39.979376078 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:05:40.143250942 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:05:40.434799910 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:40.434909105 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:40.435096979 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:40.435106993 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:40.436475039 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:40.436537027 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:40.437119961 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:40.437180996 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:40.437222958 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:40.437228918 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:40.437273026 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:40.607435942 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:40.607587099 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:40.607601881 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:40.607650042 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:40.607716084 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:40.607848883 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:40.607870102 CEST | 443 | 43408 | 54.247.62.1 | 192.168.2.14 |
Apr 2, 2025 03:05:40.607918024 CEST | 43408 | 443 | 192.168.2.14 | 54.247.62.1 |
Apr 2, 2025 03:05:59.313822031 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:05:59.489451885 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:05:59.489581108 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:05:59.645828962 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:06:13.127201080 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:06:13.128285885 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:06:28.142592907 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:06:28.300200939 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:06:28.300535917 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:06:28.462246895 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:06:45.678071976 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:06:45.834297895 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:06:45.834383011 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:06:45.991353035 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:07:03.016516924 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:07:03.171837091 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:07:03.171952009 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Apr 2, 2025 03:07:03.327208996 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:07:19.902039051 CEST | 41763 | 39672 | 154.205.155.97 | 192.168.2.14 |
Apr 2, 2025 03:07:19.902319908 CEST | 39672 | 41763 | 192.168.2.14 | 154.205.155.97 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 03:05:15.020481110 CEST | 46473 | 53 | 192.168.2.14 | 208.67.220.220 |
Apr 2, 2025 03:05:15.115526915 CEST | 53 | 46473 | 208.67.220.220 | 192.168.2.14 |
Apr 2, 2025 03:05:16.286307096 CEST | 34818 | 53 | 192.168.2.14 | 208.67.222.222 |
Apr 2, 2025 03:05:16.390053988 CEST | 53 | 34818 | 208.67.222.222 | 192.168.2.14 |
Apr 2, 2025 03:05:16.390562057 CEST | 53589 | 19302 | 192.168.2.14 | 74.125.250.129 |
Apr 2, 2025 03:05:16.487072945 CEST | 19302 | 53589 | 74.125.250.129 | 192.168.2.14 |
Apr 2, 2025 03:05:17.645836115 CEST | 54901 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 2, 2025 03:05:17.745352030 CEST | 53 | 54901 | 8.8.8.8 | 192.168.2.14 |
Apr 2, 2025 03:05:18.902517080 CEST | 57344 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 2, 2025 03:05:19.000029087 CEST | 53 | 57344 | 8.8.8.8 | 192.168.2.14 |
Apr 2, 2025 03:05:19.000224113 CEST | 58606 | 19302 | 192.168.2.14 | 74.125.250.129 |
Apr 2, 2025 03:05:19.096352100 CEST | 19302 | 58606 | 74.125.250.129 | 192.168.2.14 |
Apr 2, 2025 03:05:20.262041092 CEST | 37553 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 2, 2025 03:05:20.357343912 CEST | 53 | 37553 | 8.8.8.8 | 192.168.2.14 |
Apr 2, 2025 03:05:21.749047041 CEST | 58343 | 53 | 192.168.2.14 | 208.67.222.222 |
Apr 2, 2025 03:05:21.851353884 CEST | 53 | 58343 | 208.67.222.222 | 192.168.2.14 |
Apr 2, 2025 03:05:21.851560116 CEST | 44025 | 19302 | 192.168.2.14 | 74.125.250.129 |
Apr 2, 2025 03:05:21.947232008 CEST | 19302 | 44025 | 74.125.250.129 | 192.168.2.14 |
Apr 2, 2025 03:05:23.341907024 CEST | 58487 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 2, 2025 03:05:23.444284916 CEST | 53 | 58487 | 8.8.8.8 | 192.168.2.14 |
Apr 2, 2025 03:05:24.604413986 CEST | 47073 | 53 | 192.168.2.14 | 208.67.220.220 |
Apr 2, 2025 03:05:24.712358952 CEST | 53 | 47073 | 208.67.220.220 | 192.168.2.14 |
Apr 2, 2025 03:05:24.712552071 CEST | 39131 | 19302 | 192.168.2.14 | 74.125.250.129 |
Apr 2, 2025 03:05:24.809338093 CEST | 19302 | 39131 | 74.125.250.129 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 2, 2025 03:05:15.020481110 CEST | 192.168.2.14 | 208.67.220.220 | 0xe3b5 | Standard query (0) | 16 | IN (0x0001) | false | |
Apr 2, 2025 03:05:16.286307096 CEST | 192.168.2.14 | 208.67.222.222 | 0xd684 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 2, 2025 03:05:17.645836115 CEST | 192.168.2.14 | 8.8.8.8 | 0xcfc6 | Standard query (0) | 16 | IN (0x0001) | false | |
Apr 2, 2025 03:05:18.902517080 CEST | 192.168.2.14 | 8.8.8.8 | 0x2972 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 2, 2025 03:05:20.262041092 CEST | 192.168.2.14 | 8.8.8.8 | 0x79c9 | Standard query (0) | 16 | IN (0x0001) | false | |
Apr 2, 2025 03:05:21.749047041 CEST | 192.168.2.14 | 208.67.222.222 | 0xe163 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 2, 2025 03:05:23.341907024 CEST | 192.168.2.14 | 8.8.8.8 | 0x3e83 | Standard query (0) | 16 | IN (0x0001) | false | |
Apr 2, 2025 03:05:24.604413986 CEST | 192.168.2.14 | 208.67.220.220 | 0x30aa | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 2, 2025 03:05:15.115526915 CEST | 208.67.220.220 | 192.168.2.14 | 0xe3b5 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
Apr 2, 2025 03:05:16.390053988 CEST | 208.67.222.222 | 192.168.2.14 | 0xd684 | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 03:05:17.745352030 CEST | 8.8.8.8 | 192.168.2.14 | 0xcfc6 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
Apr 2, 2025 03:05:19.000029087 CEST | 8.8.8.8 | 192.168.2.14 | 0x2972 | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 03:05:20.357343912 CEST | 8.8.8.8 | 192.168.2.14 | 0x79c9 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
Apr 2, 2025 03:05:21.851353884 CEST | 208.67.222.222 | 192.168.2.14 | 0xe163 | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 03:05:23.444284916 CEST | 8.8.8.8 | 192.168.2.14 | 0x3e83 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
Apr 2, 2025 03:05:24.712358952 CEST | 208.67.220.220 | 192.168.2.14 | 0x30aa | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.14 | 43408 | 54.247.62.1 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 01:05:40 UTC | 249 | OUT | |
2025-04-02 01:05:40 UTC | 271 | IN | |
2025-04-02 01:05:40 UTC | 216 | IN |
System Behavior
Start time (UTC): | 01:05:12 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/arm.elf |
Arguments: | /tmp/arm.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 01:05:14 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.KeSvVAywbE /tmp/tmp.p7k30mcTOH /tmp/tmp.WK44Lxrseq |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/cat |
Arguments: | cat /tmp/tmp.KeSvVAywbE |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/head |
Arguments: | head -n 10 |
File size: | 47480 bytes |
MD5 hash: | fd96a67145172477dd57131396fc9608 |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/tr |
Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
File size: | 51544 bytes |
MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/cut |
Arguments: | cut -c -80 |
File size: | 47480 bytes |
MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/cat |
Arguments: | cat /tmp/tmp.KeSvVAywbE |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/head |
Arguments: | head -n 10 |
File size: | 47480 bytes |
MD5 hash: | fd96a67145172477dd57131396fc9608 |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/tr |
Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
File size: | 51544 bytes |
MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/cut |
Arguments: | cut -c -80 |
File size: | 47480 bytes |
MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 01:05:40 |
Start date (UTC): | 02/04/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.KeSvVAywbE /tmp/tmp.p7k30mcTOH /tmp/tmp.WK44Lxrseq |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |