Edit tour
Linux
Analysis Report
ppc.elf
Overview
General Information
| Sample name: | ppc.elf |
| Analysis ID: | 1544028 |
| MD5: | fca3a13f964c784e1dd3535c18ba79fd |
| SHA1: | d57cc0ad213106cf015bbd8211715cb6b859dc81 |
| SHA256: | 501bf20705d8ca8c8fb9c1bfb648cbfb96a67bd775c8b97619752ddaef62f2f1 |
| Tags: | elfuser-abuse_ch |
| Infos: | |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Deletes system log files
Sample tries to access files in /etc/config/ (typical for OpenWRT routers)
Creates hidden files and/or directories
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Found strings indicative of a multi-platform dropper
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sleeps for long times indicative of sandbox evasion
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1544028 |
| Start date and time: | 2024-10-28 18:18:09 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 3s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | ppc.elf |
| Detection: | MAL |
| Classification: | mal56.evad.linELF@0/0@0/0 |
- Skipping network analysis since amount of network traffic is too extensive
- VT rate limit hit for: ppc.elf
| Command: | /tmp/ppc.elf |
| PID: | 5549 |
| Exit Code: | 0 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | thIs wEek on xLaB lEarNs nOthinG xd |
| Standard Error: |
- system is lnxubuntu20
- dash New Fork (PID: 5507, Parent: 3671)
- dash New Fork (PID: 5508, Parent: 3671)
- dash New Fork (PID: 5509, Parent: 3671)
- dash New Fork (PID: 5510, Parent: 3671)
- dash New Fork (PID: 5511, Parent: 3671)
- dash New Fork (PID: 5512, Parent: 3671)
- dash New Fork (PID: 5513, Parent: 3671)
- dash New Fork (PID: 5514, Parent: 3671)
- dash New Fork (PID: 5515, Parent: 3671)
- dash New Fork (PID: 5516, Parent: 3671)
- ppc.elf New Fork (PID: 5551, Parent: 5549)
- ppc.elf New Fork (PID: 5553, Parent: 5549)
- ppc.elf New Fork (PID: 5578, Parent: 5549)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Spreading
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | ||
| Source: | String: | ||
| Source: | String: | ||
| Source: | Socket: | Jump to behavior | ||
| Source: | .symtab present: | ||
| Source: | SIGKILL sent: | Jump to behavior | ||
| Source: | SIGKILL sent: | Jump to behavior | ||
| Source: | SIGKILL sent: | Jump to behavior | ||
| Source: | SIGKILL sent: | Jump to behavior | ||
| Source: | SIGKILL sent: | Jump to behavior | ||
| Source: | Classification label: | ||
Data Obfuscation | |
|---|
| Source: | File: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Rm executable: | Jump to behavior | ||
| Source: | Rm executable: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | Log files deleted: | Jump to behavior | ||
| Source: | Sleeps longer then 60s: | Jump to behavior | ||
| Source: | Sleeps longer then 60s: | Jump to behavior | ||
| Source: | Sleeps longer then 60s: | Jump to behavior | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Hidden Files and Directories | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Indicator Removal | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 File Deletion | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 18% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
⊘No contacted IP infos
⊘No context
⊘No context
⊘No context
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.067815872102156 |
| TrID: |
|
| File name: | ppc.elf |
| File size: | 59'788 bytes |
| MD5: | fca3a13f964c784e1dd3535c18ba79fd |
| SHA1: | d57cc0ad213106cf015bbd8211715cb6b859dc81 |
| SHA256: | 501bf20705d8ca8c8fb9c1bfb648cbfb96a67bd775c8b97619752ddaef62f2f1 |
| SHA512: | 737e539c223504876ecd93cc5bd9486ab2e28b7092a7d2d73c0f51fc7bc78760f89e3e4955d2c80b42aa043d8a68609b7a6ad87129e0fb8ffba115bb03607957 |
| SSDEEP: | 1536:7xAQIVDLZOROw9U9mJQKa44N4qBBRGsg5L:GQiDLZ9Uir44vR/g5L |
| TLSH: | C3431942721C0943C1661EF0363B17E0D3ABAAD222E4F388765F6B4AD1B1E376545EDE |
| File Content Preview: | .ELF...........................4.........4. ...(.......................................................h..E.........dt.Q.............................!..|......$H...H..)...$8!. |...N.. .!..|.......?.............../...@..\?........+../...A..$8...})......N.. |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 52 |
| Program Header Offset: | 52 |
| Program Header Size: | 32 |
| Number of Program Headers: | 3 |
| Section Header Offset: | 59308 |
| Section Header Size: | 40 |
| Number of Section Headers: | 12 |
| Header String Table Index: | 11 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .init | PROGBITS | 0x10000094 | 0x94 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .text | PROGBITS | 0x100000b8 | 0xb8 | 0xd180 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .fini | PROGBITS | 0x1000d238 | 0xd238 | 0x20 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .rodata | PROGBITS | 0x1000d258 | 0xd258 | 0x119c | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .ctors | PROGBITS | 0x1001e3f8 | 0xe3f8 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .dtors | PROGBITS | 0x1001e400 | 0xe400 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .data | PROGBITS | 0x1001e410 | 0xe410 | 0x334 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .sdata | PROGBITS | 0x1001e744 | 0xe744 | 0x1c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .sbss | NOBITS | 0x1001e760 | 0xe760 | 0x80 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .bss | NOBITS | 0x1001e7e0 | 0xe760 | 0x41dc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .shstrtab | STRTAB | 0x0 | 0xe760 | 0x4b | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| LOAD | 0x0 | 0x10000000 | 0x10000000 | 0xe3f4 | 0xe3f4 | 6.1042 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
| LOAD | 0xe3f8 | 0x1001e3f8 | 0x1001e3f8 | 0x368 | 0x45c4 | 3.8454 | 0x6 | RW | 0x10000 | .ctors .dtors .data .sdata .sbss .bss | |
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
⊘Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.
System Behavior
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.DM9Q5Mohm1 /tmp/tmp.VC2F28MSxW /tmp/tmp.mkdFGKy59o |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/cat |
| Arguments: | cat /tmp/tmp.DM9Q5Mohm1 |
| File size: | 43416 bytes |
| MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/head |
| Arguments: | head -n 10 |
| File size: | 47480 bytes |
| MD5 hash: | fd96a67145172477dd57131396fc9608 |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/tr |
| Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
| File size: | 51544 bytes |
| MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/cut |
| Arguments: | cut -c -80 |
| File size: | 47480 bytes |
| MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/cat |
| Arguments: | cat /tmp/tmp.DM9Q5Mohm1 |
| File size: | 43416 bytes |
| MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/head |
| Arguments: | head -n 10 |
| File size: | 47480 bytes |
| MD5 hash: | fd96a67145172477dd57131396fc9608 |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/tr |
| Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
| File size: | 51544 bytes |
| MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/cut |
| Arguments: | cut -c -80 |
| File size: | 47480 bytes |
| MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 17:18:52 |
| Start date (UTC): | 28/10/2024 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.DM9Q5Mohm1 /tmp/tmp.VC2F28MSxW /tmp/tmp.mkdFGKy59o |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
| Start time (UTC): | 17:18:56 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | /tmp/ppc.elf |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:18:56 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:18:56 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:18:56 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:19:22 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:19:22 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:19:25 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:19:25 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:20:22 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:20:22 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:21:22 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
| Start time (UTC): | 17:21:22 |
| Start date (UTC): | 28/10/2024 |
| Path: | /tmp/ppc.elf |
| Arguments: | - |
| File size: | 5388968 bytes |
| MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
