Edit tour
Linux
Analysis Report
fz5Tmv3Ptj
Overview
General Information
| Sample name: | fz5Tmv3Ptjrenamed because original name is a hash value |
| Original sample name: | eaac61873d59bd83717155104ba559f3814ed87788788301449432efcb01738a |
| Analysis ID: | 1670375 |
| MD5: | 425cb4110c5744797296f53454fa4286 |
| SHA1: | a7a18c6c63cc0f848826baff87c23b6f9c482021 |
| SHA256: | eaac61873d59bd83717155104ba559f3814ed87788788301449432efcb01738a |
| Infos: | |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Creates hidden files and/or directories
Executes the "rm" command used to delete files or directories
Sample file is different than original file name gathered from version info
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1670375 |
| Start date and time: | 2025-04-21 17:07:17 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 59s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | fz5Tmv3Ptjrenamed because original name is a hash value |
| Original Sample Name: | eaac61873d59bd83717155104ba559f3814ed87788788301449432efcb01738a |
| Detection: | MAL |
| Classification: | mal56.lin@0/1@0/0 |
| Command: | xdg-open "/tmp/fz5Tmv3Ptj" |
| PID: | 6231 |
| Exit Code: | 0 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | |
| Standard Error: |
- system is lnxubuntu20
- exo-open New Fork (PID: 6245, Parent: 6243)
- dash New Fork (PID: 6290, Parent: 4333)
- dash New Fork (PID: 6291, Parent: 4333)
- dash New Fork (PID: 6292, Parent: 4333)
- dash New Fork (PID: 6293, Parent: 4333)
- dash New Fork (PID: 6294, Parent: 4333)
- dash New Fork (PID: 6295, Parent: 4333)
- dash New Fork (PID: 6296, Parent: 4333)
- dash New Fork (PID: 6297, Parent: 4333)
- dash New Fork (PID: 6298, Parent: 4333)
- dash New Fork (PID: 6299, Parent: 4333)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | HTTPS traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary or memory string: | ||
| Source: | Classification label: | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Rm executable: | Jump to behavior | ||
| Source: | Rm executable: | Jump to behavior | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Hidden Files and Directories | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 File Deletion | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 82% | Virustotal | Browse | ||
| 63% | ReversingLabs | Win32.Infostealer.Pony | ||
| 100% | Avira | HEUR/AGEN.1335043 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 54.171.230.55 | unknown | United States | 16509 | AMAZON-02US | false | |
| 109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
| 91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
| 91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54.171.230.55 | Get hash | malicious | Prometei | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| 109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
| 91.189.91.43 | Get hash | malicious | Prometei | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 91.189.91.42 | Get hash | malicious | Prometei | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| AMAZON-02US | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| INIT7CH | Get hash | malicious | Prometei | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| fb4726d465c5f28b84cd6d14cedd13a7 | Get hash | malicious | Prometei | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
⊘No context
| Process: | /usr/bin/engrampa |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | C4103F122D27677C9DB144CAE1394A66 |
| SHA1: | 1489F923C4DCA729178B3E3233458550D8DDDF29 |
| SHA-256: | 96A296D224F285C67BEE93C30F8A309157F0DAA35DC5B87E410B78630A09CFC7 |
| SHA-512: | 5EA71DC6D0B4F57BF39AADD07C208C35F06CD2BAC5FDE210397F70DE11D439C62EC1CDF3183758865FD387FCEA0BADA2F6C37A4A17851DD1D78FEFE6F204EE54 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.758281702285964 |
| TrID: |
|
| File name: | fz5Tmv3Ptj |
| File size: | 569'344 bytes |
| MD5: | 425cb4110c5744797296f53454fa4286 |
| SHA1: | a7a18c6c63cc0f848826baff87c23b6f9c482021 |
| SHA256: | eaac61873d59bd83717155104ba559f3814ed87788788301449432efcb01738a |
| SHA512: | 464d0d10effd2dff46a458a2cc6ec5e324c5e67c5ac821f555ca2a147d74333ea2c084ca5480776b6e137db4eef75093e892890eb1e427f86e015388b203fd91 |
| SSDEEP: | 12288:4/dEOVfH6MzGjqxCIqre59iyp8dqvKgnzjWi:4mOVfaMzGjDvAiyp8Rg |
| TLSH: | 1BC401C56222D2F6F5F5A2B0C728C8E598C5633B6D12359331B8572FE05AA0A5D38F1F |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i...d...i.Rich..i.................PE..L.....&?.....................@....................@........................ |
Download Network PCAP: filtered – full
- Total Packets: 21
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 21, 2025 17:07:58.269366980 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:01.660895109 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:01.660902023 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Apr 21, 2025 17:08:07.292207956 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Apr 21, 2025 17:08:08.316126108 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:08.828018904 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Apr 21, 2025 17:08:21.626446009 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:21.904217958 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:22.138397932 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Apr 21, 2025 17:08:26.303143978 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:26.303164959 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:26.303175926 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:26.303522110 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:26.303522110 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:26.303522110 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:26.306871891 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:26.614006042 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:26.777890921 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:26.778208017 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:26.778431892 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:27.094388008 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:27.097636938 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:27.097843885 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:27.100064039 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:27.415862083 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:27.415879011 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Apr 21, 2025 17:08:27.415982962 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:27.415982962 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Apr 21, 2025 17:08:34.424689054 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Apr 21, 2025 17:08:38.520102024 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Apr 21, 2025 17:09:03.092904091 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 21, 2025 17:08:26.303175926 CEST | 54.171.230.55 | 443 | 192.168.2.23 | 33606 | CN=motd.ubuntu.com CN=R10, O=Let's Encrypt, C=US | CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | Sat Mar 22 09:18:05 CET 2025 Wed Mar 13 01:00:00 CET 2024 | Fri Jun 20 10:18:04 CEST 2025 Sat Mar 13 00:59:59 CET 2027 | 771,4866-4867-4865-49196-49200-163-159-52393-52392-52394-49327-49325-49315-49311-49245-49249-49239-49235-49195-49199-162-158-49326-49324-49314-49310-49244-49248-49238-49234-49188-49192-107-106-49267-49271-196-195-49187-49191-103-64-49266-49270-190-189-49162-49172-57-56-136-135-49161-49171-51-50-69-68-157-49313-49309-49233-156-49312-49308-49232-61-192-60-186-53-132-47-65-255,0-11-10-35-22-23-13-43-45-51,29-23-30-25-24,0-1-2 | fb4726d465c5f28b84cd6d14cedd13a7 |
| CN=R10, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Wed Mar 13 01:00:00 CET 2024 | Sat Mar 13 00:59:59 CET 2027 |
System Behavior
| Start time (UTC): | 15:07:59 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/exo-open |
| Arguments: | exo-open /tmp/fz5Tmv3Ptj |
| File size: | 27264 bytes |
| MD5 hash: | 60a307a6a6325e2034eb5cc56bff1abd |
| Start time (UTC): | 15:07:59 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/exo-open |
| Arguments: | - |
| File size: | 27264 bytes |
| MD5 hash: | 60a307a6a6325e2034eb5cc56bff1abd |
| Start time (UTC): | 15:07:59 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dbus-launch |
| Arguments: | dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr |
| File size: | 34960 bytes |
| MD5 hash: | 0b22a45154a51c6121bb1d208d8ab203 |
| Start time (UTC): | 15:07:59 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/exo-open |
| Arguments: | - |
| File size: | 27264 bytes |
| MD5 hash: | 60a307a6a6325e2034eb5cc56bff1abd |
| Start time (UTC): | 15:07:59 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/exo-open |
| Arguments: | - |
| File size: | 27264 bytes |
| MD5 hash: | 60a307a6a6325e2034eb5cc56bff1abd |
| Start time (UTC): | 15:07:59 |
| Start date (UTC): | 21/04/2025 |
| Path: | /bin/sh |
| Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh engrampa /tmp/fz5Tmv3Ptj |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:07:59 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/engrampa |
| Arguments: | engrampa /tmp/fz5Tmv3Ptj |
| File size: | 492616 bytes |
| MD5 hash: | 39fede466e21a42b973e73b62cc7fc09 |
| Start time (UTC): | 15:08:00 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/engrampa |
| Arguments: | - |
| File size: | 492616 bytes |
| MD5 hash: | 39fede466e21a42b973e73b62cc7fc09 |
| Start time (UTC): | 15:08:00 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dbus-launch |
| Arguments: | dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr |
| File size: | 34960 bytes |
| MD5 hash: | 0b22a45154a51c6121bb1d208d8ab203 |
| Start time (UTC): | 15:08:02 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/engrampa |
| Arguments: | - |
| File size: | 492616 bytes |
| MD5 hash: | 39fede466e21a42b973e73b62cc7fc09 |
| Start time (UTC): | 15:08:02 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/7z |
| Arguments: | 7z l -slt -bd -y -- /tmp/fz5Tmv3Ptj |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:02 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/lib/p7zip/7z |
| Arguments: | /usr/lib/p7zip/7z l -slt -bd -y -- /tmp/fz5Tmv3Ptj |
| File size: | 601776 bytes |
| MD5 hash: | cfe89433a3a8ace0cb1ef30f9d766693 |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.AOeGpLHUI5 /tmp/tmp.vGZ2d9AO7Q /tmp/tmp.iWxJLJWJ9l |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/cat |
| Arguments: | cat /tmp/tmp.AOeGpLHUI5 |
| File size: | 43416 bytes |
| MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/head |
| Arguments: | head -n 10 |
| File size: | 47480 bytes |
| MD5 hash: | fd96a67145172477dd57131396fc9608 |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/tr |
| Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
| File size: | 51544 bytes |
| MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:25 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/cut |
| Arguments: | cut -c -80 |
| File size: | 47480 bytes |
| MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/cat |
| Arguments: | cat /tmp/tmp.AOeGpLHUI5 |
| File size: | 43416 bytes |
| MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/head |
| Arguments: | head -n 10 |
| File size: | 47480 bytes |
| MD5 hash: | fd96a67145172477dd57131396fc9608 |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/tr |
| Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
| File size: | 51544 bytes |
| MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/cut |
| Arguments: | cut -c -80 |
| File size: | 47480 bytes |
| MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 15:08:26 |
| Start date (UTC): | 21/04/2025 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.AOeGpLHUI5 /tmp/tmp.vGZ2d9AO7Q /tmp/tmp.iWxJLJWJ9l |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
