Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
edit.menu.elf

Overview

General Information

Sample name:edit.menu.elf
Analysis ID:1664802
MD5:b4fc4f986e5e1aea61be33679a9ddc56
SHA1:88cce20c4caa762c249752461402c98ca3631c18
SHA256:9ac75b655f9abd7d80ec45dde8237ecc7539b5f51529a46821aa82938a6ecc0d
Tags:elfuser-smica83
Infos:

Detection

Score:56
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1664802
Start date and time:2025-04-14 19:47:10 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 39s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:edit.menu.elf
Detection:MAL
Classification:mal56.linELF@0/0@2/0

Runtime Messages

Command:/tmp/edit.menu.elf
PID:5424
Exit Code:
Exit Code Info:
Killed:True
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • edit.menu.elf (PID: 5424, Parent: 5347, MD5: b4fc4f986e5e1aea61be33679a9ddc56) Arguments: /tmp/edit.menu.elf
  • dash New Fork (PID: 5452, Parent: 3582)
  • rm (PID: 5452, Parent: 3582, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.DcCTBauMWv /tmp/tmp.6UOeepPnBr /tmp/tmp.l7gKHwNZ1Y
  • dash New Fork (PID: 5453, Parent: 3582)
  • rm (PID: 5453, Parent: 3582, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.DcCTBauMWv /tmp/tmp.6UOeepPnBr /tmp/tmp.l7gKHwNZ1Y
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: edit.menu.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: edit.menu.elfReversingLabs: Detection: 38%
Source: edit.menu.elfVirustotal: Detection: 47%Perma Link
Source: unknownHTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.13:58864 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 45.142.193.172
Source: unknownTCP traffic detected without corresponding DNS query: 45.142.193.172
Source: unknownTCP traffic detected without corresponding DNS query: 45.142.193.172
Source: unknownTCP traffic detected without corresponding DNS query: 45.142.193.172
Source: unknownTCP traffic detected without corresponding DNS query: 45.142.193.172
Source: unknownTCP traffic detected without corresponding DNS query: 45.142.193.172
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
Source: unknownNetwork traffic detected: HTTP traffic on port 33730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33730
Source: unknownNetwork traffic detected: HTTP traffic on port 58864 -> 443
Source: unknownHTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.13:58864 version: TLS 1.2
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal56.linELF@0/0@2/0
Source: /usr/bin/dash (PID: 5452)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.DcCTBauMWv /tmp/tmp.6UOeepPnBr /tmp/tmp.l7gKHwNZ1YJump to behavior
Source: /usr/bin/dash (PID: 5453)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.DcCTBauMWv /tmp/tmp.6UOeepPnBr /tmp/tmp.l7gKHwNZ1YJump to behavior
Source: /tmp/edit.menu.elf (PID: 5424)Sleeps longer then 60s: 180.0sJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
File Deletion		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
edit.menu.elf39%ReversingLabsLinux.Trojan.Generic
edit.menu.elf48%VirustotalBrowse
edit.menu.elf100%AviraLINUX/AVI.Agent.rqtcz

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.24
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    54.171.230.55
    		unknownUnited States
    		16509AMAZON-02USfalse
    45.142.193.172
    		unknownGermany
    		35478DATACENTERROfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    54.171.230.55na.elfGet hashmaliciousPrometeiBrowse
      mpsl.elfGet hashmaliciousAquabotBrowse
        ppc.elfGet hashmaliciousAquabotBrowse
          hidakibest.arm4.elfGet hashmaliciousGafgyt, MiraiBrowse
            na.elfGet hashmaliciousPrometeiBrowse
              mpsl.elfGet hashmaliciousUnknownBrowse
                arc.elfGet hashmaliciousMiraiBrowse
                  arm6.elfGet hashmaliciousUnknownBrowse
                    na.elfGet hashmaliciousPrometeiBrowse
                      na.elfGet hashmaliciousPrometeiBrowse

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        daisy.ubuntu.comx86_64.elfGet hashmaliciousAquabotBrowse
                        • 162.213.35.24
                        arm6.elfGet hashmaliciousAquabotBrowse
                        • 162.213.35.25
                        i686.elfGet hashmaliciousAquabotBrowse
                        • 162.213.35.24
                        linpeas.shGet hashmaliciousUnknownBrowse
                        • 162.213.35.24
                        linpeas.shGet hashmaliciousUnknownBrowse
                        • 162.213.35.25
                        hidakibest.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                        • 162.213.35.24
                        hidakibest.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                        • 162.213.35.25
                        hidakibest.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                        • 162.213.35.24
                        hidakibest.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
                        • 162.213.35.24
                        hidakibest.arm5.elfGet hashmaliciousGafgyt, MiraiBrowse
                        • 162.213.35.25

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        AMAZON-02USpagamento8449.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                        • 3.165.184.23
                        na.elfGet hashmaliciousPrometeiBrowse
                        • 13.214.182.154
                        https://www.canva.com/design/DAGknd0Dt7w/-xEsnFq3kOQMoytgiC7isg/view?utm_content=DAGknd0Dt7w&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=he5d4aa7ca8Get hashmaliciousInvisible JS, Tycoon2FABrowse
                        • 3.165.184.110
                        securedoc_20250414T103717.htmlGet hashmaliciousUnknownBrowse
                        • 3.163.115.63
                        na.elfGet hashmaliciousPrometeiBrowse
                        • 13.214.182.154
                        https://quotadocs-cloud.webflow.io/Get hashmaliciousInvisible JS, Tycoon2FABrowse
                        • 3.165.184.23
                        mpsl.elfGet hashmaliciousAquabotBrowse
                        • 34.249.145.219
                        x86.elfGet hashmaliciousAquabotBrowse
                        • 34.249.145.219
                        i686.elfGet hashmaliciousAquabotBrowse
                        • 54.247.62.1
                        ppc.elfGet hashmaliciousAquabotBrowse
                        • 54.171.230.55
                        DATACENTERROslovenian_mimes.elfGet hashmaliciousUnknownBrowse
                        • 45.142.193.214
                        pm68k.elfGet hashmaliciousMiraiBrowse
                        • 193.32.162.27
                        parm.elfGet hashmaliciousMiraiBrowse
                        • 193.32.162.27
                        px86-20250406-2232.elfGet hashmaliciousMiraiBrowse
                        • 193.32.162.27
                        pmips-20250406-2232.elfGet hashmaliciousMiraiBrowse
                        • 193.32.162.27
                        pmpsl-20250406-2232.elfGet hashmaliciousMiraiBrowse
                        • 193.32.162.27
                        pspc.elfGet hashmaliciousMiraiBrowse
                        • 193.32.162.27
                        pmpsl.elfGet hashmaliciousMiraiBrowse
                        • 193.32.162.27
                        px86.elfGet hashmaliciousMiraiBrowse
                        • 193.32.162.27
                        pmips.elfGet hashmaliciousMiraiBrowse
                        • 193.32.162.27

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        fb4726d465c5f28b84cd6d14cedd13a7na.elfGet hashmaliciousPrometeiBrowse
                        • 54.171.230.55
                        na.elfGet hashmaliciousPrometeiBrowse
                        • 54.171.230.55
                        resgod.arm.elfGet hashmaliciousMiraiBrowse
                        • 54.171.230.55
                        na.elfGet hashmaliciousPrometeiBrowse
                        • 54.171.230.55
                        arm.elfGet hashmaliciousMiraiBrowse
                        • 54.171.230.55
                        na.elfGet hashmaliciousPrometeiBrowse
                        • 54.171.230.55
                        na.elfGet hashmaliciousPrometeiBrowse
                        • 54.171.230.55
                        na.elfGet hashmaliciousPrometeiBrowse
                        • 54.171.230.55
                        2xvhK6n0L5YrHJ4.arm6.elfGet hashmaliciousMiraiBrowse
                        • 54.171.230.55
                        2xvhK6n0L5YrHJ4.x86_64.elfGet hashmaliciousMiraiBrowse
                        • 54.171.230.55

                        Dropped Files

                        No context

                        Created / dropped Files

                        No created / dropped files found

                        Static File Info

                        General

                        File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=52ce76e776ff7c67e51bcb57bc730f61b188600a, stripped
                        Entropy (8bit):3.0145560362151413
                        TrID:
                        • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
                        • ELF Executable and Linkable format (generic) (4004/1) 49.46%
                        • Lumena CEL bitmap (63/63) 0.78%
                        File name:edit.menu.elf
                        File size:12'848 bytes
                        MD5:b4fc4f986e5e1aea61be33679a9ddc56
                        SHA1:88cce20c4caa762c249752461402c98ca3631c18
                        SHA256:9ac75b655f9abd7d80ec45dde8237ecc7539b5f51529a46821aa82938a6ecc0d
                        SHA512:af2811da652f2c4d7c86faf238152b9bae3eabb4ae7ce37989cc8a9ba7280fcc9a4e1d0ea2bdb964c2fe76750c4056a401cf61b1f2c8e32a5a8379c7a741e4dd
                        SSDEEP:96:GneQZe3PrM4IvjnkSZPf5CauE2H0YK8TivbRqIrClAcrOXWFi9hT:GeQx4IvjkKf5Dgw8TW4nF
                        TLSH:F542E96273E4D1ACD494C0B5F3B2C2F2DA4A70711AF1A052F3E186570F58409DAB6E93
                        File Content Preview:.ELF..............>.......@.....@........0..........@.8...@.......................@.......@.....D.......D.................................@.......@.....b.......b........................0.......0@......0@..................................... ....... .@....

                        Static ELF Info

                        ELF header

                        Class:ELF64
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:Advanced Micro Devices X86-64
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:UNIX - System V
                        ABI Version:0
                        Entry Point Address:0x401000
                        Flags:0x0
                        ELF Header Size:64
                        Program Header Offset:64
                        Program Header Size:56
                        Number of Program Headers:4
                        Section Header Offset:12528
                        Section Header Size:64
                        Number of Section Headers:5
                        Header String Table Index:4

                        Sections

                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                        NULL0x00x00x00x00x0000
                        .note.gnu.build-idNOTE0x4001200x1200x240x00x2A004
                        .textPROGBITS0x4010000x10000x13620x00x6AX0016
                        .dataPROGBITS0x4030000x30000xc60x00x3WA0016
                        .shstrtabSTRTAB0x00x30c60x2a0x00x0001

                        Program Segments

                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x4000000x4000000x1440x1442.22420x4R 0x1000.note.gnu.build-id
                        LOAD0x10000x4010000x4010000x13620x13625.57860x5R E0x1000.text
                        LOAD0x30000x4030000x4030000xc60xc65.87450x6RW 0x1000.data
                        NOTE0x1200x4001200x4001200x240x244.19160x4R 0x4.note.gnu.build-id

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Apr 14, 2025 19:47:54.193547964 CEST33730443192.168.2.1345.142.193.172
                        Apr 14, 2025 19:47:54.193670988 CEST4433373045.142.193.172192.168.2.13
                        Apr 14, 2025 19:47:54.193783045 CEST33730443192.168.2.1345.142.193.172
                        Apr 14, 2025 19:47:54.194155931 CEST33730443192.168.2.1345.142.193.172
                        Apr 14, 2025 19:47:54.194194078 CEST4433373045.142.193.172192.168.2.13
                        Apr 14, 2025 19:47:54.194330931 CEST4433373045.142.193.172192.168.2.13
                        Apr 14, 2025 19:47:54.194713116 CEST33732443192.168.2.1345.142.193.172
                        Apr 14, 2025 19:47:54.194783926 CEST4433373245.142.193.172192.168.2.13
                        Apr 14, 2025 19:47:54.194850922 CEST33732443192.168.2.1345.142.193.172
                        Apr 14, 2025 19:47:54.195184946 CEST33732443192.168.2.1345.142.193.172
                        Apr 14, 2025 19:47:54.195207119 CEST4433373245.142.193.172192.168.2.13
                        Apr 14, 2025 19:47:54.195260048 CEST4433373245.142.193.172192.168.2.13
                        Apr 14, 2025 19:48:17.241194963 CEST58864443192.168.2.1354.171.230.55
                        Apr 14, 2025 19:48:17.533560038 CEST4435886454.171.230.55192.168.2.13
                        Apr 14, 2025 19:48:19.303985119 CEST4435886454.171.230.55192.168.2.13
                        Apr 14, 2025 19:48:19.304045916 CEST4435886454.171.230.55192.168.2.13
                        Apr 14, 2025 19:48:19.304086924 CEST4435886454.171.230.55192.168.2.13
                        Apr 14, 2025 19:48:19.304352999 CEST58864443192.168.2.1354.171.230.55
                        Apr 14, 2025 19:48:19.304438114 CEST58864443192.168.2.1354.171.230.55
                        Apr 14, 2025 19:48:19.304438114 CEST58864443192.168.2.1354.171.230.55
                        Apr 14, 2025 19:48:19.307367086 CEST58864443192.168.2.1354.171.230.55
                        Apr 14, 2025 19:48:19.537327051 CEST4435886454.171.230.55192.168.2.13
                        Apr 14, 2025 19:48:19.933528900 CEST58864443192.168.2.1354.171.230.55
                        Apr 14, 2025 19:48:20.252403975 CEST4435886454.171.230.55192.168.2.13
                        Apr 14, 2025 19:48:20.258791924 CEST4435886454.171.230.55192.168.2.13
                        Apr 14, 2025 19:48:20.258904934 CEST58864443192.168.2.1354.171.230.55
                        Apr 14, 2025 19:48:20.259071112 CEST4435886454.171.230.55192.168.2.13
                        Apr 14, 2025 19:48:20.259125948 CEST58864443192.168.2.1354.171.230.55

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Apr 14, 2025 19:50:37.802819967 CEST4272153192.168.2.131.1.1.1
                        Apr 14, 2025 19:50:37.802953959 CEST4522353192.168.2.131.1.1.1
                        Apr 14, 2025 19:50:37.909328938 CEST53427211.1.1.1192.168.2.13
                        Apr 14, 2025 19:50:37.910583019 CEST53452231.1.1.1192.168.2.13

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Apr 14, 2025 19:50:37.802819967 CEST192.168.2.131.1.1.10x5622Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                        Apr 14, 2025 19:50:37.802953959 CEST192.168.2.131.1.1.10x371dStandard query (0)daisy.ubuntu.com28IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Apr 14, 2025 19:50:37.909328938 CEST1.1.1.1192.168.2.130x5622No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                        Apr 14, 2025 19:50:37.909328938 CEST1.1.1.1192.168.2.130x5622No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                        HTTPS Connections

                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                        Apr 14, 2025 19:48:19.304086924 CEST54.171.230.55443192.168.2.1358864CN=motd.ubuntu.com CN=R10, O=Let's Encrypt, C=USCN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USSat Mar 22 09:18:05 CET 2025 Wed Mar 13 01:00:00 CET 2024Fri Jun 20 10:18:04 CEST 2025 Sat Mar 13 00:59:59 CET 2027771,4866-4867-4865-49196-49200-163-159-52393-52392-52394-49327-49325-49315-49311-49245-49249-49239-49235-49195-49199-162-158-49326-49324-49314-49310-49244-49248-49238-49234-49188-49192-107-106-49267-49271-196-195-49187-49191-103-64-49266-49270-190-189-49162-49172-57-56-136-135-49161-49171-51-50-69-68-157-49313-49309-49233-156-49312-49308-49232-61-192-60-186-53-132-47-65-255,0-11-10-35-22-23-13-43-45-51,29-23-30-25-24,0-1-2fb4726d465c5f28b84cd6d14cedd13a7
                        CN=R10, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USWed Mar 13 01:00:00 CET 2024Sat Mar 13 00:59:59 CET 2027

                        System Behavior

                        General

                        Start time (UTC):17:47:53
                        Start date (UTC):14/04/2025
                        Path:/tmp/edit.menu.elf
                        Arguments:/tmp/edit.menu.elf
                        File size:12848 bytes
                        MD5 hash:b4fc4f986e5e1aea61be33679a9ddc56

                        Chronological Activities


                        General

                        Start time (UTC):17:48:18
                        Start date (UTC):14/04/2025
                        Path:/usr/bin/dash
                        Arguments:-
                        File size:129816 bytes
                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                        Chronological Activities


                        General

                        Start time (UTC):17:48:18
                        Start date (UTC):14/04/2025
                        Path:/usr/bin/rm
                        Arguments:rm -f /tmp/tmp.DcCTBauMWv /tmp/tmp.6UOeepPnBr /tmp/tmp.l7gKHwNZ1Y
                        File size:72056 bytes
                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                        Chronological Activities


                        General

                        Start time (UTC):17:48:18
                        Start date (UTC):14/04/2025
                        Path:/usr/bin/dash
                        Arguments:-
                        File size:129816 bytes
                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                        Chronological Activities


                        General

                        Start time (UTC):17:48:18
                        Start date (UTC):14/04/2025
                        Path:/usr/bin/rm
                        Arguments:rm -f /tmp/tmp.DcCTBauMWv /tmp/tmp.6UOeepPnBr /tmp/tmp.l7gKHwNZ1Y
                        File size:72056 bytes
                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                        Chronological Activities