Edit tour

Linux Analysis Report
4HLKrlRHTE.elf

Overview

General Information

Sample name:4HLKrlRHTE.elf
renamed because original name is a hash value
Original sample name:cde57b85462fa409df1c6a1ad3174d234bb2b2d3215362c3e6a5f47a94db64d1.elf
Analysis ID:1657831
MD5:ee3890737d5abe96ee8f0bccbd232e9a
SHA1:f4329f0232c597f14d55af7fd937b5818641c9dd
SHA256:cde57b85462fa409df1c6a1ad3174d234bb2b2d3215362c3e6a5f47a94db64d1
Tags:elfuser-mentality
Infos:

Detection

Score:56
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Executes the "rm" command used to delete files or directories

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1657831
Start date and time:2025-04-06 18:14:15 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 42s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:4HLKrlRHTE.elf
renamed because original name is a hash value
Original Sample Name:cde57b85462fa409df1c6a1ad3174d234bb2b2d3215362c3e6a5f47a94db64d1.elf
Detection:MAL
Classification:mal56.linELF@0/0@0/0
Command:/tmp/4HLKrlRHTE.elf
PID:6249
Exit Code:139
Exit Code Info:SIGSEGV (11) Segmentation fault invalid memory reference
Killed:False
Standard Output:

Standard Error:
  • system is lnxubuntu20
  • dash New Fork (PID: 6304, Parent: 4331)
  • rm (PID: 6304, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.UYGOUcsp1K /tmp/tmp.QFexffsa2I /tmp/tmp.mXVDJbVSWj
  • dash New Fork (PID: 6305, Parent: 4331)
  • rm (PID: 6305, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.UYGOUcsp1K /tmp/tmp.QFexffsa2I /tmp/tmp.mXVDJbVSWj
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: 4HLKrlRHTE.elfAvira: detected
Source: 4HLKrlRHTE.elfReversingLabs: Detection: 29%
Source: 4HLKrlRHTE.elfVirustotal: Detection: 57%Perma Link
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: 4HLKrlRHTE.elfString found in binary or memory: http://inet-ip.info/iphttps://api.ipify.org/idna:
Source: 4HLKrlRHTE.elfString found in binary or memory: http://ipgrab.io/https://ident.me/if-modified-sinceillegal
Source: 4HLKrlRHTE.elfString found in binary or memory: http://ipinfo.io/ipif-unmodified-sinceillegal
Source: 4HLKrlRHTE.elfString found in binary or memory: https://checkip.amazonaws.com/illegal
Source: 4HLKrlRHTE.elfString found in binary or memory: https://discord.com/api/webhooks/960954050583613549/YAkGomn5eYtrPChuOPz87pIkS7WK2XpB5Y3ozZQXaAho2VCB
Source: 4HLKrlRHTE.elfString found in binary or memory: https://ip.seeip.org/in
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39252
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 39252 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: classification engineClassification label: mal56.linELF@0/0@0/0
Source: /usr/bin/dash (PID: 6304)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.UYGOUcsp1K /tmp/tmp.QFexffsa2I /tmp/tmp.mXVDJbVSWjJump to behavior
Source: /usr/bin/dash (PID: 6305)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.UYGOUcsp1K /tmp/tmp.QFexffsa2I /tmp/tmp.mXVDJbVSWjJump to behavior
Source: 4HLKrlRHTE.elfBinary or memory string: apacheavx512centoscgroupchan<-closedcookiedebiandockerdomainefenceempty errno exec: expectgopherhangupheaderid_rsainternip+netkilledlistenminutendots:netdnsnumberobjectonlineopenvzpasswdpopcntqwertyrdrandrdseedrdtscpremovereturnrune1 secondselectserversocketsocks socks5splicestatusstringstructsweep sysmonsystemtelnettimersubuntuuint16uint32uint64unuseduptimevmwarewaitid{hash} %v=%v, (conn) (scan (scan) (trap MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
Source: 4HLKrlRHTE.elfBinary or memory string: /dev/null/dev/ptmx/dev/pts/0.0.0.0/82001::/322002::/162441406253ffe::/16: status=AuthorityBassa_VahBhaiksukiBigEndianClassINETCuneiformDiacriticENCRYPTEDFIN_WAIT1FIN_WAIT2ForbiddenHOST_PROCHex_DigitInheritedInstMatchInstRune1InterfaceKhudawadiLINUX_2.6MalayalamMongolianNabataeanNot FoundPalmyreneParseUintProc-TypeSSH_FX_OKSamaritanSee OtherSeptemberSundaneseTIME_WAITToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyWednesday[%v = %d][:^word:][:alnum:][:alpha:][:ascii:][:blank:][:cntrl:][:digit:][:graph:][:lower:][:print:][:punct:][:space:][:upper:]atomicor8attempts:bad indirbad prunebus errorchan sendcomplex64continuedcontrol_dcopystackcpu-totalctxt != 0d.nx != 0debugLockdns,filesempty urlfec0::/10files,dnsfork/execfuncargs(hchanLeafhmac-sha1image/gifimage/pnginittraceinterfaceinterruptinvalid nipv6-icmplocalhostlocaltimemSpanDeadmSpanFreenewosprocnil erroromitemptypanicwaitpclmulqdqportfoliopreemptedprotocol publickeyquestionsraspberryrecover: reflect: rwxrwxrwxscavtracesignal 32signal 33signal 34signal 35signal 36signal 37signal 38signal 39signal 40signal 41signal 42signal 43signal 44signal 45signal 46signal 47signal 48signal 49signal 50signal 51signal 52signal 53signal 54signal 55signal 56signal 57signal 58signal 59signal 60signal 61signal 62signal 63signal 64stackpoolsubsystemsucceededtracebackunderflowunhandledvboxguestwbufSpanswebsocket} stack=[ (deleted) MB goal, flushGen for type gfreecnt= pages at ptrSize= returned runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(%s|%s%s|%s, bound = , limit = --nicehash.localhost/dev/stdin/etc/hosts/proc/stat/setgroups0.0.0.0:2210.0.0.0/812207031256103515625:authorityAdditionalBad varintCLOSE_WAITChorasmianClassCHAOSClassCSNETConnectionContent-IdDSA-SHA256DeprecatedDevanagariECDSA-SHA1END_STREAMGC forced
Source: 4HLKrlRHTE.elfBinary or memory string: }\ufffdacceptactiveallowapacheavx512centoscgroupchan<-closedcookiedebiandockerdomainefenceempty errno exec: expectgopherhangupheaderid_rsainternip+netkilledlistenminutendots:netdnsnumberobjectonlineopenvzpasswdpopcntqwertyrdrandrdseedrdtscpremovereturnrune1 secondselectserversocketsocks socks5splicestatusstringstructsweep sysmonsystemtelnettimersubuntuuint16uint32uint64unuseduptimevmwarewaitid{hash} %v=%v, (conn) (scan (scan) (trap MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
Source: 4HLKrlRHTE.elfBinary or memory string: , not a function. Reason was: %v.WithValue(type /etc/resolv.conf/proc/self/fd/%d0123456789ABCDEF0123456789abcdef2384185791015625: value of type Already ReportedContent-EncodingContent-LanguageContent-Length: Environment="ARGFRAME_SIZE_ERRORGC scavenge waitGC worker (idle)GODEBUG: value "Imperial_AramaicInstRuneAnyNotNLMeroitic_CursiveMultiple ChoicesOther_AlphabeticPayment RequiredProxy-ConnectionQEMU Virtual CPURCodeFormatErrorSETTINGS_TIMEOUTSIGNONE: no trapSSH_FXP_EXTENDEDSSH_FXP_FSETSTATSSH_FXP_READLINKSSH_FXP_REALPATHSignatureScheme(Upgrade RequiredUser-Agent: %s
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
File Deletion
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1657831 Sample: 4HLKrlRHTE.elf Startdate: 06/04/2025 Architecture: LINUX Score: 56 10 109.202.202.202, 80 INIT7CH Switzerland 2->10 12 91.189.91.42, 443 CANONICAL-ASGB United Kingdom 2->12 14 2 other IPs or domains 2->14 16 Antivirus / Scanner detection for submitted sample 2->16 18 Multi AV Scanner detection for submitted file 2->18 6 dash rm 2->6         started        8 dash rm 2->8         started        signatures3 process4
SourceDetectionScannerLabelLink
4HLKrlRHTE.elf30%ReversingLabsLinux.Trojan.Miner
4HLKrlRHTE.elf58%VirustotalBrowse
4HLKrlRHTE.elf100%AviraEXP/ELF.Coinminer.A
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://ipinfo.io/ipif-unmodified-sinceillegal4HLKrlRHTE.elffalse
    high
    https://checkip.amazonaws.com/illegal4HLKrlRHTE.elffalse
      high
      http://ipgrab.io/https://ident.me/if-modified-sinceillegal4HLKrlRHTE.elffalse
        high
        https://ip.seeip.org/in4HLKrlRHTE.elffalse
          high
          http://inet-ip.info/iphttps://api.ipify.org/idna:4HLKrlRHTE.elffalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            34.249.145.219
            unknownUnited States
            16509AMAZON-02USfalse
            109.202.202.202
            unknownSwitzerland
            13030INIT7CHfalse
            91.189.91.43
            unknownUnited Kingdom
            41231CANONICAL-ASGBfalse
            91.189.91.42
            unknownUnited Kingdom
            41231CANONICAL-ASGBfalse
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            34.249.145.219na.elfGet hashmaliciousPrometeiBrowse
              na.elfGet hashmaliciousPrometeiBrowse
                na.elfGet hashmaliciousPrometeiBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    na.elfGet hashmaliciousPrometeiBrowse
                      na.elfGet hashmaliciousPrometeiBrowse
                        aarch64.elfGet hashmaliciousMiraiBrowse
                          x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                            arc.elfGet hashmaliciousMiraiBrowse
                              na.elfGet hashmaliciousPrometeiBrowse
                                109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                                • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                                91.189.91.43na.elfGet hashmaliciousPrometeiBrowse
                                  na.elfGet hashmaliciousPrometeiBrowse
                                    na.elfGet hashmaliciousPrometeiBrowse
                                      na.elfGet hashmaliciousPrometeiBrowse
                                        na.elfGet hashmaliciousPrometeiBrowse
                                          na.elfGet hashmaliciousPrometeiBrowse
                                            na.elfGet hashmaliciousPrometeiBrowse
                                              na.elfGet hashmaliciousPrometeiBrowse
                                                na.elfGet hashmaliciousPrometeiBrowse
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                    91.189.91.42na.elfGet hashmaliciousPrometeiBrowse
                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                              na.elfGet hashmaliciousPrometeiBrowse
                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                        No context
                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        CANONICAL-ASGBna.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        CANONICAL-ASGBna.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 91.189.91.42
                                                                        INIT7CHna.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 109.202.202.202
                                                                        AMAZON-02USna.elfGet hashmaliciousPrometeiBrowse
                                                                        • 34.249.145.219
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 34.249.145.219
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 34.249.145.219
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 13.213.51.196
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 54.171.230.55
                                                                        http://www.vipbox.lcGet hashmaliciousUnknownBrowse
                                                                        • 3.168.102.92
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 13.213.51.196
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 13.213.51.196
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 34.249.145.219
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                        • 13.213.51.196
                                                                        No context
                                                                        No context
                                                                        No created / dropped files found
                                                                        File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, missing section headers at 30304408
                                                                        Entropy (8bit):6.261008183653759
                                                                        TrID:
                                                                        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                        File name:4HLKrlRHTE.elf
                                                                        File size:18'874'368 bytes
                                                                        MD5:ee3890737d5abe96ee8f0bccbd232e9a
                                                                        SHA1:f4329f0232c597f14d55af7fd937b5818641c9dd
                                                                        SHA256:cde57b85462fa409df1c6a1ad3174d234bb2b2d3215362c3e6a5f47a94db64d1
                                                                        SHA512:1cf2a067c98c8ef475ff85e60011082c8bc923393de9a63cf02a09577d2306eeb2aeebb573c8722d79cd31d0b5e5a787a9cdbaee9f5729c0be516b55b2283d6f
                                                                        SSDEEP:49152:c8nxDgC7g9rb/TBvO90dL3BmAFd4A64nsfJ7QQzjFHWkMNRCdQqzB0dSyG2VjMQg:cqYUQuVDt0TZED
                                                                        TLSH:F417BE77814338E9E5A98CB4D51025426DAC388B5738A3C7BAC471F667EA7E48E3D730
                                                                        File Content Preview:.ELF..............>.....p4@.....@........`..........@.8...@.#.".........@.......@.@.....@.@...............................................@.......@...............................................@.......@......%.......%.......................0.......0@....

                                                                        Download Network PCAP: filteredfull

                                                                        • Total Packets: 11
                                                                        • 443 (HTTPS)
                                                                        • 80 (HTTP)
                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Apr 6, 2025 18:15:03.583487988 CEST43928443192.168.2.2391.189.91.42
                                                                        Apr 6, 2025 18:15:09.214931011 CEST42836443192.168.2.2391.189.91.43
                                                                        Apr 6, 2025 18:15:09.982752085 CEST4251680192.168.2.23109.202.202.202
                                                                        Apr 6, 2025 18:15:21.443005085 CEST39252443192.168.2.2334.249.145.219
                                                                        Apr 6, 2025 18:15:21.443047047 CEST4433925234.249.145.219192.168.2.23
                                                                        Apr 6, 2025 18:15:21.443233967 CEST39252443192.168.2.2334.249.145.219
                                                                        Apr 6, 2025 18:15:21.443805933 CEST39252443192.168.2.2334.249.145.219
                                                                        Apr 6, 2025 18:15:21.443816900 CEST4433925234.249.145.219192.168.2.23
                                                                        Apr 6, 2025 18:15:24.316663980 CEST43928443192.168.2.2391.189.91.42
                                                                        Apr 6, 2025 18:15:36.602993011 CEST42836443192.168.2.2391.189.91.43
                                                                        Apr 6, 2025 18:15:40.698719978 CEST4251680192.168.2.23109.202.202.202
                                                                        Apr 6, 2025 18:16:05.271099091 CEST43928443192.168.2.2391.189.91.42
                                                                        Apr 6, 2025 18:16:21.435705900 CEST39252443192.168.2.2334.249.145.219
                                                                        Apr 6, 2025 18:16:21.476278067 CEST4433925234.249.145.219192.168.2.23
                                                                        Apr 6, 2025 18:17:06.838687897 CEST4433925234.249.145.219192.168.2.23

                                                                        System Behavior

                                                                        Start time (UTC):16:16:20
                                                                        Start date (UTC):06/04/2025
                                                                        Path:/usr/bin/dash
                                                                        Arguments:-
                                                                        File size:129816 bytes
                                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                        Start time (UTC):16:16:20
                                                                        Start date (UTC):06/04/2025
                                                                        Path:/usr/bin/rm
                                                                        Arguments:rm -f /tmp/tmp.UYGOUcsp1K /tmp/tmp.QFexffsa2I /tmp/tmp.mXVDJbVSWj
                                                                        File size:72056 bytes
                                                                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                        Start time (UTC):16:16:20
                                                                        Start date (UTC):06/04/2025
                                                                        Path:/usr/bin/dash
                                                                        Arguments:-
                                                                        File size:129816 bytes
                                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                        Start time (UTC):16:16:20
                                                                        Start date (UTC):06/04/2025
                                                                        Path:/usr/bin/rm
                                                                        Arguments:rm -f /tmp/tmp.UYGOUcsp1K /tmp/tmp.QFexffsa2I /tmp/tmp.mXVDJbVSWj
                                                                        File size:72056 bytes
                                                                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b