Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
0rK5XxDyLK

Overview

General Information

Sample Name:0rK5XxDyLK
Analysis ID:626474
MD5:b440222d627a07ae7733f9e706b88902
SHA1:63be0315c844d0a25b61caa609255d9375306acf
SHA256:eae51f23834e02da2ca18bbf28d2327726fd50c18b4e2c2f4ff451fca58a69aa
Tags:32armelfmirai
Infos:

Detection

Mirai
Score:64
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626474
Start date and time: 14/05/202204:19:552022-05-14 04:19:55 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 48s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:0rK5XxDyLK
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal64.troj.evad.lin@0/0@0/0
  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
Command:/tmp/0rK5XxDyLK
PID:6225
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:
  • system is lnxubuntu20
  • cleanup
SourceRuleDescriptionAuthorStrings
0rK5XxDyLKSUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0x7c94:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0x7d03:$s2: $Id: UPX
  • 0x7cb4:$s3: $Info: This file is packed with the UPX executable packer
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: 0rK5XxDyLKVirustotal: Detection: 44%Perma Link

    Networking

    barindex
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42390
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42396
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42402
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42410
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42418
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42424
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42436
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42442
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42448
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42456
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37008
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37020
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37022
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37028
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37036
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37060
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37068
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37074
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37080
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37088
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:60988 -> 107.172.197.117:1312
    Source: /tmp/0rK5XxDyLK (PID: 6227)Socket: 0.0.0.0::0
    Source: /tmp/0rK5XxDyLK (PID: 6233)Socket: 0.0.0.0::0
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 107.172.197.117
    Source: unknownTCP traffic detected without corresponding DNS query: 81.99.115.167
    Source: unknownTCP traffic detected without corresponding DNS query: 111.124.232.167
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.193.167
    Source: unknownTCP traffic detected without corresponding DNS query: 251.173.250.165
    Source: unknownTCP traffic detected without corresponding DNS query: 254.39.248.169
    Source: unknownTCP traffic detected without corresponding DNS query: 109.160.177.53
    Source: unknownTCP traffic detected without corresponding DNS query: 112.152.227.246
    Source: unknownTCP traffic detected without corresponding DNS query: 76.130.198.29
    Source: unknownTCP traffic detected without corresponding DNS query: 183.53.132.169
    Source: unknownTCP traffic detected without corresponding DNS query: 255.40.246.136
    Source: unknownTCP traffic detected without corresponding DNS query: 65.26.163.51
    Source: unknownTCP traffic detected without corresponding DNS query: 160.182.138.243
    Source: unknownTCP traffic detected without corresponding DNS query: 67.4.135.36
    Source: unknownTCP traffic detected without corresponding DNS query: 58.181.70.78
    Source: unknownTCP traffic detected without corresponding DNS query: 251.243.178.220
    Source: unknownTCP traffic detected without corresponding DNS query: 112.72.198.244
    Source: unknownTCP traffic detected without corresponding DNS query: 1.163.131.166
    Source: unknownTCP traffic detected without corresponding DNS query: 181.187.232.143
    Source: unknownTCP traffic detected without corresponding DNS query: 32.6.162.94
    Source: unknownTCP traffic detected without corresponding DNS query: 70.34.79.129
    Source: unknownTCP traffic detected without corresponding DNS query: 202.248.37.93
    Source: unknownTCP traffic detected without corresponding DNS query: 97.177.195.190
    Source: unknownTCP traffic detected without corresponding DNS query: 174.238.240.206
    Source: unknownTCP traffic detected without corresponding DNS query: 209.155.34.189
    Source: unknownTCP traffic detected without corresponding DNS query: 99.130.137.175
    Source: unknownTCP traffic detected without corresponding DNS query: 34.9.14.83
    Source: unknownTCP traffic detected without corresponding DNS query: 73.36.212.122
    Source: unknownTCP traffic detected without corresponding DNS query: 206.73.3.124
    Source: unknownTCP traffic detected without corresponding DNS query: 109.195.207.87
    Source: unknownTCP traffic detected without corresponding DNS query: 171.232.4.86
    Source: unknownTCP traffic detected without corresponding DNS query: 150.200.195.225
    Source: unknownTCP traffic detected without corresponding DNS query: 16.159.66.220
    Source: unknownTCP traffic detected without corresponding DNS query: 17.61.75.30
    Source: unknownTCP traffic detected without corresponding DNS query: 166.169.246.208
    Source: unknownTCP traffic detected without corresponding DNS query: 116.204.209.141
    Source: unknownTCP traffic detected without corresponding DNS query: 58.99.168.232
    Source: unknownTCP traffic detected without corresponding DNS query: 73.62.112.234
    Source: unknownTCP traffic detected without corresponding DNS query: 205.163.247.5
    Source: unknownTCP traffic detected without corresponding DNS query: 253.55.45.116
    Source: unknownTCP traffic detected without corresponding DNS query: 86.167.29.112
    Source: unknownTCP traffic detected without corresponding DNS query: 4.92.5.202
    Source: unknownTCP traffic detected without corresponding DNS query: 34.52.200.159
    Source: unknownTCP traffic detected without corresponding DNS query: 113.137.31.26
    Source: unknownTCP traffic detected without corresponding DNS query: 188.108.158.175
    Source: unknownTCP traffic detected without corresponding DNS query: 192.52.0.173
    Source: unknownTCP traffic detected without corresponding DNS query: 195.113.216.20
    Source: unknownTCP traffic detected without corresponding DNS query: 71.124.102.220
    Source: unknownTCP traffic detected without corresponding DNS query: 37.199.215.135
    Source: 0rK5XxDyLKString found in binary or memory: http://upx.sf.net
    Source: LOAD without section mappingsProgram segment: 0x8000
    Source: 0rK5XxDyLK, type: SAMPLEMatched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
    Source: /tmp/0rK5XxDyLK (PID: 6227)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/0rK5XxDyLK (PID: 6233)SIGKILL sent: pid: 936, result: successful
    Source: classification engineClassification label: mal64.troj.evad.lin@0/0@0/0

    Data Obfuscation

    barindex
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/491/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/793/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/772/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/796/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/774/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/797/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/777/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/799/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/658/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/912/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/759/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/936/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/918/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/1/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/761/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/785/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/884/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/720/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/721/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/788/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/789/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/800/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/801/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/847/fd
    Source: /tmp/0rK5XxDyLK (PID: 6233)File opened: /proc/904/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/491/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/793/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/772/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/796/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/774/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/797/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/777/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/799/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/658/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/912/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/759/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/936/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/918/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/1/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/761/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/785/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/884/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/720/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/721/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/788/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/789/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/800/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/801/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/847/fd
    Source: /tmp/0rK5XxDyLK (PID: 6227)File opened: /proc/904/fd

    Hooking and other Techniques for Hiding and Protection

    barindex
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42390
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42396
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42402
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42410
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42418
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42424
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42436
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42442
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42448
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 42456
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37008
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37020
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37022
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37028
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37036
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37060
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37068
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37074
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37080
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37088
    Source: /tmp/0rK5XxDyLK (PID: 6225)Queries kernel information via 'uname':
    Source: 0rK5XxDyLK, 6225.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6227.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6333.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6346.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6339.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6228.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6329.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6235.1.00000000d41d82df.00000000bfa2218c.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/0rK5XxDyLKSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/0rK5XxDyLK
    Source: 0rK5XxDyLK, 6225.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6227.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6333.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6346.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6339.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6228.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6329.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6235.1.00000000950b7910.0000000057860fa8.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
    Source: 0rK5XxDyLK, 6225.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6227.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6333.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6346.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6339.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6228.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6329.1.00000000d41d82df.00000000bfa2218c.rw-.sdmp, 0rK5XxDyLK, 6235.1.00000000d41d82df.00000000bfa2218c.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
    Source: 0rK5XxDyLK, 6225.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6227.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6333.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6346.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6339.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6228.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6329.1.00000000950b7910.0000000057860fa8.rw-.sdmp, 0rK5XxDyLK, 6235.1.00000000950b7910.0000000057860fa8.rw-.sdmpBinary or memory string: +V!/etc/qemu-binfmt/arm

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: dump.pcap, type: PCAP
    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Obfuscated Files or Information
    1
    OS Credential Dumping
    11
    Security Software Discovery
    Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel
    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
    Non-Standard Port
    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Application Layer Protocol
    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    No configs have been found
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 626474 Sample: 0rK5XxDyLK Startdate: 14/05/2022 Architecture: LINUX Score: 64 42 197.191.38.212 zain-asGH Ghana 2->42 44 58.100.227.112 WASUHZHuashumediaNetworkLimitedCN China 2->44 46 98 other IPs or domains 2->46 48 Multi AV Scanner detection for submitted file 2->48 50 Yara detected Mirai 2->50 52 Uses known network protocols on non-standard ports 2->52 54 Sample is packed with UPX 2->54 10 0rK5XxDyLK 2->10         started        signatures3 process4 process5 12 0rK5XxDyLK 10->12         started        14 0rK5XxDyLK 10->14         started        16 0rK5XxDyLK 10->16         started        process6 18 0rK5XxDyLK 12->18         started        20 0rK5XxDyLK 12->20         started        22 0rK5XxDyLK 14->22         started        24 0rK5XxDyLK 14->24         started        26 0rK5XxDyLK 14->26         started        process7 28 0rK5XxDyLK 18->28         started        30 0rK5XxDyLK 18->30         started        32 0rK5XxDyLK 18->32         started        34 0rK5XxDyLK 22->34         started        36 0rK5XxDyLK 22->36         started        process8 38 0rK5XxDyLK 28->38         started        40 0rK5XxDyLK 28->40         started       
    SourceDetectionScannerLabelLink
    0rK5XxDyLK44%VirustotalBrowse
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No contacted domains info
    NameSourceMaliciousAntivirus DetectionReputation
    http://upx.sf.net0rK5XxDyLKfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      40.65.28.97
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      32.162.72.166
      unknownUnited States
      2686ATGS-MMD-ASUSfalse
      69.24.167.28
      unknownUnited States
      12112HICKORYTECHUSfalse
      163.4.93.231
      unknownUnited States
      17816CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovifalse
      59.108.139.67
      unknownChina
      4847CNIX-APChinaNetworksInter-ExchangeCNfalse
      179.116.97.20
      unknownBrazil
      26599TELEFONICABRASILSABRfalse
      198.195.18.138
      unknownUnited States
      292ESNET-WESTUSfalse
      133.210.98.97
      unknownJapan2518BIGLOBEBIGLOBEIncJPfalse
      58.0.56.30
      unknownJapan2510INFOWEBFUJITSULIMITEDJPfalse
      217.77.161.109
      unknownCzech Republic
      16019VODAFONE-CZ-ASCZfalse
      188.88.104.40
      unknownNetherlands
      31615TMO-NL-ASNLfalse
      157.25.81.84
      unknownPoland
      5588GTSCEGTSCentralEuropeAntelGermanyCZfalse
      208.115.194.18
      unknownUnited States
      46475LIMESTONENETWORKSUSfalse
      165.12.32.162
      unknownAustralia
      9509DESE-AS-APDepartmentofEducationSkillsandEmploymentAUfalse
      2.224.26.192
      unknownItaly
      12874FASTWEBITfalse
      191.196.72.66
      unknownBrazil
      26599TELEFONICABRASILSABRfalse
      73.147.11.134
      unknownUnited States
      7922COMCAST-7922USfalse
      12.41.212.231
      unknownUnited States
      7018ATT-INTERNET4USfalse
      210.212.102.255
      unknownIndia
      9829BSNL-NIBNationalInternetBackboneINfalse
      149.80.195.122
      unknownUnited States
      188SAIC-ASUSfalse
      240.86.253.25
      unknownReserved
      unknownunknownfalse
      202.163.232.221
      unknownPhilippines
      7629EPLDT-AS-AP5FLVLocsinBldgPHfalse
      139.230.83.249
      unknownAustralia
      7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
      202.27.232.212
      unknownNew Zealand
      9303KCCS-AS-APKCComputerServiceLtdNZfalse
      119.242.183.16
      unknownJapan2518BIGLOBEBIGLOBEIncJPfalse
      135.61.219.174
      unknownUnited States
      18676AVAYAUSfalse
      208.130.249.102
      unknownUnited States
      3561CENTURYLINK-LEGACY-SAVVISUSfalse
      4.69.47.217
      unknownUnited States
      3356LEVEL3USfalse
      88.101.33.114
      unknownCzech Republic
      5610O2-CZECH-REPUBLICCZfalse
      197.191.38.212
      unknownGhana
      37140zain-asGHfalse
      8.81.11.32
      unknownUnited States
      3356LEVEL3USfalse
      113.154.228.171
      unknownJapan2516KDDIKDDICORPORATIONJPfalse
      114.80.214.95
      unknownChina
      4812CHINANET-SH-APChinaTelecomGroupCNfalse
      207.157.237.94
      unknownUnited States
      54179VCOEUSfalse
      158.110.4.166
      unknownItaly
      137ASGARRConsortiumGARREUfalse
      242.164.162.77
      unknownReserved
      unknownunknownfalse
      81.244.107.99
      unknownBelgium
      5432PROXIMUS-ISP-ASBEfalse
      58.129.119.241
      unknownChina
      4847CNIX-APChinaNetworksInter-ExchangeCNfalse
      42.115.58.166
      unknownViet Nam
      131178KINGCORP-KHOpenNetISPCambodiaKHfalse
      221.107.68.221
      unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      115.71.204.176
      unknownKorea Republic of
      45996GNJ-AS-KRDAOUTECHNOLOGYKRfalse
      58.100.227.112
      unknownChina
      24139WASUHZHuashumediaNetworkLimitedCNfalse
      197.141.89.118
      unknownAlgeria
      36891ICOSNET-ASDZfalse
      40.2.62.48
      unknownUnited States
      4249LILLY-ASUSfalse
      108.117.148.95
      unknownUnited States
      10507SPCSUSfalse
      41.145.34.47
      unknownSouth Africa
      5713SAIX-NETZAfalse
      189.246.1.186
      unknownMexico
      8151UninetSAdeCVMXfalse
      67.254.165.68
      unknownUnited States
      12271TWC-12271-NYCUSfalse
      180.248.103.16
      unknownIndonesia
      7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDfalse
      93.41.34.144
      unknownItaly
      12874FASTWEBITfalse
      34.234.241.12
      unknownUnited States
      14618AMAZON-AESUSfalse
      32.226.239.62
      unknownUnited States
      2686ATGS-MMD-ASUSfalse
      95.76.74.181
      unknownRomania
      6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
      243.235.191.223
      unknownReserved
      unknownunknownfalse
      79.112.6.242
      unknownRomania
      8708RCS-RDS73-75DrStaicoviciROfalse
      147.57.192.50
      unknownUnited States
      4193WA-STATE-GOVUSfalse
      58.94.183.140
      unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
      62.90.145.99
      unknownIsrael
      1680NV-ASNCELLCOMltdILfalse
      142.23.219.7
      unknownCanada
      3633PROVINCE-OF-BRITISH-COLUMBIACAfalse
      107.145.98.212
      unknownUnited States
      33363BHN-33363USfalse
      156.55.64.11
      unknownUnited States
      20746ASN-IDCTNOOMINCITfalse
      54.131.116.212
      unknownUnited States
      14618AMAZON-AESUSfalse
      91.232.101.156
      unknownLebanon
      57513MIC1-ALFA-ASLBfalse
      164.40.33.156
      unknownKazakhstan
      29355KCELL-ASKZfalse
      81.228.227.218
      unknownSweden
      3301TELIANET-SWEDENTeliaCompanySEfalse
      111.141.71.201
      unknownChina
      9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
      106.60.197.208
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      133.101.130.45
      unknownJapan24254KYOTO-SUKyotoSangyoUniversityJPfalse
      59.155.189.143
      unknownChina
      7474OPTUSCOM-AS01-AUSingTelOptusPtyLtdAUfalse
      95.221.2.207
      unknownRussian Federation
      12714TI-ASMoscowRussiaRUfalse
      109.163.11.54
      unknownNorway
      25400TELIA-NORWAY-ASTeliaNorwayCoreNetworksNOfalse
      101.19.76.73
      unknownChina
      4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      34.142.42.104
      unknownUnited States
      2686ATGS-MMD-ASUSfalse
      220.44.89.251
      unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      44.76.143.93
      unknownUnited States
      7377UCSDUSfalse
      249.208.147.139
      unknownReserved
      unknownunknownfalse
      87.242.158.223
      unknownUnited Kingdom
      12708ONETEL-ASTalkTalkCommunicationsLimitedGBfalse
      20.80.57.39
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      248.133.183.13
      unknownReserved
      unknownunknownfalse
      96.9.165.164
      unknownSingapore
      134809VIEWQWEST-AS-APViewQwestSdnBhdMYfalse
      202.165.68.144
      unknownAustralia
      18206VPIS-APVADSManagedBusinessInternetServiceProviderMYfalse
      97.181.172.133
      unknownUnited States
      6167CELLCO-PARTUSfalse
      245.30.195.121
      unknownReserved
      unknownunknownfalse
      101.192.59.230
      unknownChina
      58519CHINATELECOM-CTCLOUDCloudComputingCorporationCNfalse
      200.2.159.234
      unknownHaiti
      27759ACCESSHAITISAHTfalse
      221.191.185.62
      unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
      135.205.221.37
      unknownUnited States
      6431ATT-RESEARCHUSfalse
      92.239.100.223
      unknownUnited Kingdom
      5089NTLGBfalse
      251.32.142.47
      unknownReserved
      unknownunknownfalse
      165.20.0.68
      unknownUnited States
      37284Aljeel-netLYfalse
      251.49.161.2
      unknownReserved
      unknownunknownfalse
      53.115.60.76
      unknownGermany
      31399DAIMLER-ASITIGNGlobalNetworkDEfalse
      68.210.193.185
      unknownUnited States
      6389BELLSOUTH-NET-BLKUSfalse
      37.8.121.95
      unknownPalestinian Territory Occupied
      15975HADARA-ASPSfalse
      208.217.74.34
      unknownUnited States
      701UUNETUSfalse
      126.122.128.205
      unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      85.43.244.34
      unknownItaly
      3269ASN-IBSNAZITfalse
      65.26.228.220
      unknownUnited States
      10796TWC-10796-MIDWESTUSfalse
      9.146.150.56
      unknownUnited States
      3356LEVEL3USfalse
      143.248.120.130
      unknownKorea Republic of
      1781KAIST-DAEJEON-AS-KRKoreaAdvancedInstituteofScienceandfalse
      No context
      No context
      No context
      No context
      No context
      No created / dropped files found
      File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, stripped
      Entropy (8bit):7.977316541944295
      TrID:
      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
      File name:0rK5XxDyLK
      File size:48696
      MD5:b440222d627a07ae7733f9e706b88902
      SHA1:63be0315c844d0a25b61caa609255d9375306acf
      SHA256:eae51f23834e02da2ca18bbf28d2327726fd50c18b4e2c2f4ff451fca58a69aa
      SHA512:6004d2d776de254ea3e75a9107656bf61d7692885329f9826a6eaaa9a4a3c0a6237bb1d915721aff3b66aed4dbd7d6dfcc687d0eeae7147d98c3c398f396d180
      SSDEEP:768:nK7y1XGO1LCNgukEkvwtqPnH7u83nc0iFo9q3UELWt/iw+kvBGg6+fYtrBHs:P12O1LCNguovDPH7TcrPLWhiw+kvBGgl
      TLSH:702302532093BA03E03058FE45628CCDB51AA6BDB1BE7BA725494E194C35D93ECB18ED
      File Content Preview:.ELF..............(.........4...........4. ...(......................................... b.. b.. b..................Q.td...............................OUPX!........p...p.......h..........?.E.h;....#..$...o......=..B.*...5N&"a..mk.c.........}<.....M.Q....[

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:ARM
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - Linux
      ABI Version:0
      Entry Point Address:0xf1a0
      Flags:0x4000002
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:0
      Section Header Size:40
      Number of Section Headers:0
      Header String Table Index:0
      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x80000x80000x838d0x838d4.04150x5R E0x8000
      LOAD0x62200x262200x262200x00x00.00000x6RW 0x8000
      GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
      TimestampSource PortDest PortSource IPDest IP
      May 14, 2022 04:20:42.177761078 CEST42836443192.168.2.2391.189.91.43
      May 14, 2022 04:20:42.634776115 CEST609881312192.168.2.23107.172.197.117
      May 14, 2022 04:20:42.658505917 CEST6346523192.168.2.2381.99.115.167
      May 14, 2022 04:20:42.658581972 CEST6346523192.168.2.23111.124.232.167
      May 14, 2022 04:20:42.658611059 CEST6346523192.168.2.2313.107.193.167
      May 14, 2022 04:20:42.658622026 CEST6346523192.168.2.23251.173.250.165
      May 14, 2022 04:20:42.658655882 CEST6346523192.168.2.23254.39.248.169
      May 14, 2022 04:20:42.658654928 CEST6346523192.168.2.23109.160.177.53
      May 14, 2022 04:20:42.658672094 CEST6346523192.168.2.23112.152.227.246
      May 14, 2022 04:20:42.658682108 CEST6346523192.168.2.2376.130.198.29
      May 14, 2022 04:20:42.658688068 CEST6346523192.168.2.23183.53.132.169
      May 14, 2022 04:20:42.658746004 CEST6346523192.168.2.23255.40.246.136
      May 14, 2022 04:20:42.658777952 CEST6346523192.168.2.2365.26.163.51
      May 14, 2022 04:20:42.658797979 CEST6346523192.168.2.23160.182.138.243
      May 14, 2022 04:20:42.658807039 CEST6346523192.168.2.2367.4.135.36
      May 14, 2022 04:20:42.658819914 CEST6346523192.168.2.2358.181.70.78
      May 14, 2022 04:20:42.658821106 CEST6346523192.168.2.23251.243.178.220
      May 14, 2022 04:20:42.658824921 CEST6346523192.168.2.23112.72.198.244
      May 14, 2022 04:20:42.658833027 CEST6346523192.168.2.231.163.131.166
      May 14, 2022 04:20:42.658844948 CEST6346523192.168.2.23181.187.232.143
      May 14, 2022 04:20:42.658849955 CEST6346523192.168.2.2332.6.162.94
      May 14, 2022 04:20:42.658862114 CEST6346523192.168.2.2370.34.79.129
      May 14, 2022 04:20:42.658888102 CEST6346523192.168.2.23202.248.37.93
      May 14, 2022 04:20:42.658910036 CEST6346523192.168.2.2397.177.195.190
      May 14, 2022 04:20:42.658921957 CEST6346523192.168.2.23174.238.240.206
      May 14, 2022 04:20:42.658936024 CEST6346523192.168.2.23209.155.34.189
      May 14, 2022 04:20:42.658953905 CEST6346523192.168.2.2399.130.137.175
      May 14, 2022 04:20:42.658966064 CEST6346523192.168.2.2334.9.14.83
      May 14, 2022 04:20:42.658977985 CEST6346523192.168.2.2373.36.212.122
      May 14, 2022 04:20:42.658999920 CEST6346523192.168.2.23206.73.3.124
      May 14, 2022 04:20:42.659013033 CEST6346523192.168.2.23109.195.207.87
      May 14, 2022 04:20:42.659022093 CEST6346523192.168.2.23171.232.4.86
      May 14, 2022 04:20:42.659066916 CEST6346523192.168.2.23150.200.195.225
      May 14, 2022 04:20:42.659528971 CEST6346523192.168.2.2316.159.66.220
      May 14, 2022 04:20:42.659573078 CEST6346523192.168.2.2317.61.75.30
      May 14, 2022 04:20:42.659574986 CEST6346523192.168.2.23166.169.246.208
      May 14, 2022 04:20:42.659591913 CEST6346523192.168.2.23116.204.209.141
      May 14, 2022 04:20:42.659595013 CEST6346523192.168.2.2358.99.168.232
      May 14, 2022 04:20:42.659605980 CEST6346523192.168.2.2373.62.112.234
      May 14, 2022 04:20:42.659640074 CEST6346523192.168.2.23205.163.247.5
      May 14, 2022 04:20:42.659663916 CEST6346523192.168.2.23253.55.45.116
      May 14, 2022 04:20:42.659770012 CEST6346523192.168.2.2386.167.29.112
      May 14, 2022 04:20:42.659787893 CEST6346523192.168.2.234.92.5.202
      May 14, 2022 04:20:42.659787893 CEST6346523192.168.2.2334.52.200.159
      May 14, 2022 04:20:42.659787893 CEST6346523192.168.2.23113.137.31.26
      May 14, 2022 04:20:42.659791946 CEST6346523192.168.2.2373.210.29.244
      May 14, 2022 04:20:42.659820080 CEST6346523192.168.2.23188.108.158.175
      May 14, 2022 04:20:42.659821987 CEST6346523192.168.2.23192.52.0.173
      May 14, 2022 04:20:42.659825087 CEST6346523192.168.2.23195.113.216.20
      May 14, 2022 04:20:42.659830093 CEST6346523192.168.2.2371.124.102.220
      May 14, 2022 04:20:42.659832001 CEST6346523192.168.2.2337.199.215.135
      May 14, 2022 04:20:42.659842968 CEST6346523192.168.2.23197.153.137.27
      May 14, 2022 04:20:42.659846067 CEST6346523192.168.2.23196.37.202.244
      May 14, 2022 04:20:42.659851074 CEST6346523192.168.2.2377.210.89.31
      May 14, 2022 04:20:42.659861088 CEST6346523192.168.2.2338.151.157.84
      May 14, 2022 04:20:42.659861088 CEST6346523192.168.2.2388.246.255.149
      May 14, 2022 04:20:42.659862995 CEST6346523192.168.2.23247.110.227.167
      May 14, 2022 04:20:42.659869909 CEST6346523192.168.2.23126.96.90.102
      May 14, 2022 04:20:42.659873009 CEST6346523192.168.2.2362.83.237.61
      May 14, 2022 04:20:42.659876108 CEST6346523192.168.2.23163.124.249.227
      May 14, 2022 04:20:42.659877062 CEST6346523192.168.2.23142.99.152.123
      May 14, 2022 04:20:42.659878016 CEST6346523192.168.2.2373.174.205.135
      May 14, 2022 04:20:42.659887075 CEST6346523192.168.2.23148.118.221.183
      May 14, 2022 04:20:42.659920931 CEST6346523192.168.2.23218.194.224.1
      May 14, 2022 04:20:42.659954071 CEST6346523192.168.2.2358.4.173.183
      May 14, 2022 04:20:42.659955978 CEST6346523192.168.2.23204.142.154.120
      May 14, 2022 04:20:42.660059929 CEST6346523192.168.2.2380.107.141.63
      May 14, 2022 04:20:42.660073996 CEST6346523192.168.2.23103.151.130.201
      May 14, 2022 04:20:42.660082102 CEST6346523192.168.2.23213.92.132.127
      May 14, 2022 04:20:42.660087109 CEST6346523192.168.2.2360.86.37.91
      May 14, 2022 04:20:42.660101891 CEST6346523192.168.2.23157.234.27.169
      May 14, 2022 04:20:42.660109043 CEST6346523192.168.2.2370.155.144.160
      May 14, 2022 04:20:42.660110950 CEST6346523192.168.2.2335.233.43.32
      May 14, 2022 04:20:42.660113096 CEST6346523192.168.2.23107.132.61.243
      May 14, 2022 04:20:42.660119057 CEST6346523192.168.2.2394.58.197.74
      May 14, 2022 04:20:42.660124063 CEST6346523192.168.2.23163.61.49.109
      May 14, 2022 04:20:42.660126925 CEST6346523192.168.2.23124.239.137.207
      May 14, 2022 04:20:42.660135031 CEST6346523192.168.2.23110.243.1.246
      May 14, 2022 04:20:42.660140991 CEST6346523192.168.2.23182.111.132.67
      May 14, 2022 04:20:42.660146952 CEST6346523192.168.2.23197.150.254.250
      May 14, 2022 04:20:42.660151005 CEST6346523192.168.2.23161.15.167.151
      May 14, 2022 04:20:42.660157919 CEST6346523192.168.2.2334.133.53.197
      May 14, 2022 04:20:42.660165071 CEST6346523192.168.2.23167.239.98.184
      May 14, 2022 04:20:42.660290003 CEST6346523192.168.2.2347.144.6.73
      May 14, 2022 04:20:42.660294056 CEST6346523192.168.2.2318.115.165.254
      May 14, 2022 04:20:42.660295010 CEST6346523192.168.2.23206.43.133.189
      May 14, 2022 04:20:42.660295010 CEST6346523192.168.2.23205.209.93.197
      May 14, 2022 04:20:42.660295963 CEST6346523192.168.2.23141.170.179.128
      May 14, 2022 04:20:42.660312891 CEST6346523192.168.2.23153.111.21.41
      May 14, 2022 04:20:42.660315990 CEST6346523192.168.2.23188.187.101.54
      May 14, 2022 04:20:42.660320997 CEST6346523192.168.2.23212.166.193.44
      May 14, 2022 04:20:42.660322905 CEST6346523192.168.2.2339.136.156.77
      May 14, 2022 04:20:42.660324097 CEST6346523192.168.2.2313.30.8.185
      May 14, 2022 04:20:42.660325050 CEST6346523192.168.2.23197.248.224.0
      May 14, 2022 04:20:42.660326958 CEST6346523192.168.2.239.125.212.46
      May 14, 2022 04:20:42.660337925 CEST6346523192.168.2.23138.238.224.135
      May 14, 2022 04:20:42.660340071 CEST6346523192.168.2.23172.149.214.3
      May 14, 2022 04:20:42.660342932 CEST6346523192.168.2.2374.44.111.245
      May 14, 2022 04:20:42.660347939 CEST6346523192.168.2.23130.221.43.212
      May 14, 2022 04:20:42.660351038 CEST6346523192.168.2.23217.51.240.162

      System Behavior

      Start time:04:20:40
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:/tmp/0rK5XxDyLK
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:20:41
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:23:35
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:23:35
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:23:35
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:23:40
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:23:40
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:23:35
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:23:35
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:20:41
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:20:41
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:20:41
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:23:35
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:23:35
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:20:41
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
      Start time:04:20:41
      Start date:14/05/2022
      Path:/tmp/0rK5XxDyLK
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1