Edit tour

Linux Analysis Report
systemd-udevd (deleted)

Overview

General Information

Sample name:	systemd-udevd (deleted)
Analysis ID:	1490729
MD5:	079a2a9ca1da0f3e023de3ae04e5d3e4
SHA1:	1d8a7ee1266731a84e7031d1bee446c8815acce6
SHA256:	22615e5bf518c4236c94af82b5689cd519eccd99eaf55e90aba45b5836b4fc36
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Drops files in suspicious directories

Machine Learning detection for sample

Sample deletes itself

Sample is packed with UPX

Sample tries to set files in /etc globally writable

Creates hidden files and/or directories

ELF contains segments with high entropy indicating compressed/encrypted content

Reads CPU information from /proc indicative of miner or evasive malware

Reads system information from the proc file system

Sample contains only a LOAD segment without any section mappings

Sample tries to kill a process (SIGKILL)

Sample tries to set the executable flag

Uses the "uname" system call to query kernel version information (possible evasion)

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1490729
Start date and time:	2024-08-09 18:35:19 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:	default
Sample name:	systemd-udevd (deleted)
Detection:	MAL
Classification:	mal76.troj.evad.lin@0/78@18/0

Warnings

VT rate limit hit for: systemd-udevd (deleted)

Runtime Messages

Command:	/tmp/systemd-udevd (deleted)
PID:	4713
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu1

systemd-udevd (deleted) (PID: 4713, Parent: 4619, MD5: unknown) Arguments: "/tmp/systemd-udevd (deleted)"

systemd-udevd (deleted) New Fork (PID: 4719, Parent: 4713)

systemd-udevd (deleted) New Fork (PID: 4720, Parent: 4719)

systemd-udevd (deleted) New Fork (PID: 4730, Parent: 4720)

systemd-udevd (deleted) New Fork (PID: 4732, Parent: 4720)

systemd-udevd (deleted) New Fork (PID: 4736, Parent: 4720)

systemd-udevd (deleted) New Fork (PID: 4738, Parent: 4720)

systemd-udevd (deleted) New Fork (PID: 4742, Parent: 4720)

systemd-udevd (deleted) New Fork (PID: 4752, Parent: 4720)

systemd-udevd (deleted) New Fork (PID: 4756, Parent: 4720)

systemd-udevd (deleted) New Fork (PID: 4758, Parent: 4720)

systemd-udevd (deleted) New Fork (PID: 4721, Parent: 4719)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: systemd-udevd (deleted)

Avira: detected

Multi AV Scanner detection for submitted file

Source: systemd-udevd (deleted)

ReversingLabs: Detection: 65%

Machine Learning detection for sample

Source: systemd-udevd (deleted)

Joe Sandbox ML: detected

Source: /tmp/systemd-udevd (deleted) (PID: 4720)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Source: global traffic

DNS traffic detected: DNS query: os.bd-static.com

Source: kerneloops.11.dr	String found in binary or memory: http://oops.kernel.org
Source: systemd-udevd (deleted)	String found in binary or memory: http://upx.sf.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47140
Source: unknown	Network traffic detected: HTTP traffic on port 47138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47134
Source: unknown	Network traffic detected: HTTP traffic on port 47142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47156
Source: unknown	Network traffic detected: HTTP traffic on port 47144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47150
Source: unknown	Network traffic detected: HTTP traffic on port 47148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47152 -> 443

Source: LOAD without section mappings

Program segment: 0xc01000

Source: /tmp/systemd-udevd (deleted) (PID: 4720)	SIGKILL sent: pid: 4730, result: successful	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4720)	SIGKILL sent: pid: 4732, result: successful	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4720)	SIGKILL sent: pid: 4736, result: successful	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4720)	SIGKILL sent: pid: 4738, result: successful	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4720)	SIGKILL sent: pid: 4742, result: successful	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4720)	SIGKILL sent: pid: 4752, result: successful	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4720)	SIGKILL sent: pid: 4756, result: successful	Jump to behavior

Source: classification engine

Classification label: mal76.troj.evad.lin@0/78@18/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior

Sample tries to set files in /etc globally writable

Source: /tmp/systemd-udevd (deleted) (PID: 4721)

File: /etc/selinux/configs.conf (bits: u usr: -x grp: x all: rwx)

Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Directory: /etc/init.d/.depend.boot	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Directory: /etc/init.d/.depend.stop	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Directory: /etc/init.d/.depend.start	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Directory: /etc/init.d/..	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Directory: /etc/init.d/.	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Directory: /etc/init.d/..	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Directory: /etc/init.d/.	Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 4720)	Reads from proc file: /proc/cpuinfo			Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4720)	Reads from proc file: /proc/meminfo			Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/selinux/configs.conf (bits: u usr: -x grp: x all: rwx)			Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /usr/local/share/man/man1/configs.conf (bits: u usr: -x grp: x all: rwx)			Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/udev	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lxd	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/speech-dispatcher	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmetad	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rc	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/urandom	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rc.local	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apport	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/killprocs	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ondemand	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/umountroot	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/halt	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/network-manager	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kerneloops	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/procps	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/umountfs	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/console-setup	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mdadm	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cron	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/skeleton	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/pppd-dns	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/single	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/keyboard-setup.dpkg-bak	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/resolvconf	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/sendsigs	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/reboot	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mdadm-waitidle	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rcS	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lxcfs	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/networking	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/grub-common	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/qemu-kvm	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/brltty	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/saned	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Writes shell script file to disk with an unusual file extension: /etc/init.d/atd	Jump to dropped file

Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/checkroot-bootclean.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/mountnfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/mountall.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/checkfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/hostname.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/checkroot.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/mountdevsubfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/mountall-bootclean.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/umountnfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/mountkernfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/mountnfs-bootclean.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	Shell script file created: /etc/init.d/bootmisc.sh	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/udev	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/checkroot-bootclean.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/lxd	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/speech-dispatcher	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/mountnfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/lvm2-lvmetad	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/rc	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/urandom	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/rc.local	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/mountall.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/apport	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/killprocs	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/ondemand	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/checkfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/hostname.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/umountroot	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/halt	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/network-manager	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/kerneloops	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/procps	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/umountfs	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/lvm2	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/console-setup	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/mdadm	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/checkroot.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/mountdevsubfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/cron	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/skeleton	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/pppd-dns	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/single	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/keyboard-setup.dpkg-bak	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/resolvconf	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/sendsigs	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/reboot	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/mdadm-waitidle	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/mountall-bootclean.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/umountnfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/rcS	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/lxcfs	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/networking	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/grub-common	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/mountkernfs.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/cups	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/qemu-kvm	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/mountnfs-bootclean.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/brltty	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/saned	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/atd	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 4721)	File: /etc/init.d/bootmisc.sh	Jump to dropped file

Sample deletes itself

Source: /tmp/systemd-udevd (deleted) (PID: 4713)

File: /tmp/systemd-udevd (deleted)

Jump to behavior

Source: systemd-udevd (deleted)

Submission file: segment LOAD with 7.8939 entropy (max. 8.0)

Source: /tmp/systemd-udevd (deleted) (PID: 4720)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 4720)

Queries kernel information via 'uname':

Jump to behavior

Source: open-vm-tools.11.dr	Binary or memory string: # Check if we're running inside VMWare
Source: open-vm-tools.11.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1
Source: open-vm-tools.11.dr	Binary or memory string: if ! ${checktool} \| grep -iq vmware; then
Source: qemu-kvm.11.dr	Binary or memory string: test -x /usr/share/qemu/init/qemu-kvm-init \|\| exit 5
Source: open-vm-tools.11.dr	Binary or memory string: rm -f /var/run/vmtoolsd.pid
Source: qemu-kvm.11.dr	Binary or memory string: log_daemon_msg "Configuring kvm" "qemu-kvm"
Source: open-vm-tools.11.dr	Binary or memory string: checktool='vmware-checkvm'
Source: open-vm-tools.11.dr	Binary or memory string: start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
Source: open-vm-tools.11.dr	Binary or memory string: log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
Source: open-vm-tools.11.dr	Binary or memory string: echo "open-vm-tools: not starting as this is not a VMware VM"
Source: qemu-kvm.11.dr	Binary or memory string: # Description: This script loads the kernel modules needed by QEMU KVM
Source: open-vm-tools.11.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid \|\| exit 2
Source: qemu-kvm.11.dr	Binary or memory string: # Short-Description: QEMU KVM module loading script
Source: open-vm-tools.11.dr	Binary or memory string: log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
Source: qemu-kvm.11.dr	Binary or memory string: # Provides: qemu-system-x86
Source: open-vm-tools.11.dr	Binary or memory string: status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 \|\| exit $?
Source: qemu-kvm.11.dr	Binary or memory string: /usr/share/qemu/init/qemu-kvm-init start

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File and Directory Permissions Modification	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Hidden Files and Directories	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
systemd-udevd (deleted)	66%	ReversingLabs	Linux.Packed.DDOSAgent
systemd-udevd (deleted)	100%	Avira	LINUX/AVI.DDOSAgent.oqcof
systemd-udevd (deleted)	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
/etc/init.d/avahi-daemon	0%	ReversingLabs
/etc/init.d/bluetooth	0%	ReversingLabs
/etc/init.d/cups-browsed	0%	ReversingLabs
/etc/init.d/iscsid	0%	ReversingLabs
/etc/init.d/lvm2	0%	ReversingLabs
/etc/init.d/lvm2-lvmpolld	0%	ReversingLabs
/etc/init.d/open-vm-tools	0%	ReversingLabs

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://upx.sf.net	0%	URL Reputation	safe
http://oops.kernel.org	0%	Avira URL Cloud	safe
https://www.baidu.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
os.bd-static.com	45.148.120.142	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.baidu.com/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	systemd-udevd (deleted)	true	URL Reputation: safe	unknown
http://oops.kernel.org	kerneloops.11.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.148.120.142	os.bd-static.com	Netherlands		64425	SKB-ENTERPRISENL	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.148.120.142	configs.conf	Get hash	malicious	Unknown	Browse	www.baidu.com/
45.148.120.142	configs.conf	Get hash	malicious	Unknown	Browse	www.baidu.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
os.bd-static.com	configs.conf	Get hash	malicious	Unknown	Browse	45.148.120.142
	configs.conf	Get hash	malicious	Unknown	Browse	45.148.120.142
	carved.elf	Get hash	malicious	Unknown	Browse	180.188.198.244
	zf	Get hash	malicious	Unknown	Browse	180.188.198.244
	test	Get hash	malicious	Unknown	Browse	180.188.198.244

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SKB-ENTERPRISENL	configs.conf	Get hash	malicious	Unknown	Browse	45.148.120.142
	configs.conf	Get hash	malicious	Unknown	Browse	45.148.120.142
	Inquiry HA-22-28199 22-Q22024.doc	Get hash	malicious	FormBook	Browse	45.148.122.66
	Inquiry HA-22-28199 22-Q22024.doc	Get hash	malicious	FormBook	Browse	45.148.122.66
	Silverlining	Get hash	malicious	Sliver	Browse	45.148.120.192
	Demand Q2-2024.xlsx	Get hash	malicious	Unknown	Browse	5.182.211.151
	DomandaXB2-2024.xlsx	Get hash	malicious	Unknown	Browse	5.182.211.151
	POX17265XSCB.xlsx	Get hash	malicious	Unknown	Browse	5.182.211.151
	POX17265XSCB.xlsx	Get hash	malicious	Unknown	Browse	5.182.211.151
	Demand G2-2024.xlsx	Get hash	malicious	FormBook	Browse	5.182.211.151

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/init.d/alsa-utils	configs.conf	Get hash	malicious	Unknown	Browse
/etc/init.d/anacron	configs.conf	Get hash	malicious	Unknown	Browse
/etc/init.d/acpid	configs.conf	Get hash	malicious	Unknown	Browse
/etc/init.d/apparmor	configs.conf	Get hash	malicious	Unknown	Browse

Created / dropped Files

/etc/init.d/acpid

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2282
Entropy (8bit):	5.11358182426293
Encrypted:	false
SSDEEP:	48:UQtdVEA2+3MPMiOqdxAvGbsbcqjV2mmeHuKHmvgjWb:ZtdVEA2+3MPieZQbcqk6Htmvd
MD5:	929CB64F13157BEACB63C7148FB4023A
SHA1:	96D5F81576816C7FCEED8723D33C9D53EE2D87BD
SHA-256:	475B1C8439B1824CC34943567F62ACFEBB72CA1AACCFD284E5E18139EE7BA52D
SHA-512:	A1D1D50FDC0E2EA456F7C13A55B1DADF91023BBC14F43CE5B405FEEE99528B03763AA96B36F6EDA0B7E79C4B91242E015F2F3A5A70AB30A3BF4364714AA6BCF4
Malicious:	true
Joe Sandbox View:	Filename: configs.conf, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: acpid.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# X-Start-Before: kdm gdm3 xdm lightdm.# X-Stop-After: kdm gdm3 xdm lightdm.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: Start the Advanced Configuration and Power Interface daemon.# Description: Provide a socket for X11, hald and others to multiplex.# kernel ACPI events..### END INIT INFO..set -e..ACPID="/usr/sbin/acpid".DEFAULTS="/etc/default/acpid"..# Check for daemon presence.[ -x "$ACPID" ] \|\| exit 0..OPTIONS="".MODULES="".# Include acpid defaults if available.[ -r "$DEFAULTS" ] && . "$DEFAULTS"..# Get lsb functions.. /lib/lsb/init-functions..# As the name says. If the kernel supports modules, it'll try to load.# the ones listed in "MODULES"..load_modules() {. [ -f /proc/modules ] \|\| return 0. if [ "$MODULES" = "all" ]; then. MODULES="$

/etc/init.d/alsa-utils

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	5375
Entropy (8bit):	5.367779885311721
Encrypted:	false
SSDEEP:	96:OKtDd9/iVDaLEdE9Aw96RzF+r817TypDyhHk5eEkn:OCdlM6EdUAI6RB+r81XyByZkg
MD5:	7397A2518C180B28CF37803EA21BF956
SHA1:	6A22A4FD9B8C27CA5CDA2FADB1BC42D6A0EFF2E3
SHA-256:	3085F7D64F596A301B485EFB8BFF8A50B1A1086052B1035655D3AC321E32FE87
SHA-512:	2F255206FF6E1CDE16BD6A22A2E21A2310B235B307107648BA38F65580B799C221CEB8915746473ED3B483B4D4C81F4190845C32DB60CBC3983C056C995B26AF
Malicious:	true
Joe Sandbox View:	Filename: configs.conf, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.#.# alsa-utils initscript.#.### BEGIN INIT INFO.# Provides: alsa-utils.# Required-Start: $local_fs $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Restore and store ALSA driver settings.# Description: This script stores and restores mixer levels on.# shutdown and bootup.On sysv-rc systems: to.# disable storing of mixer levels on shutdown,.# remove /etc/rc[06].d/K50alsa-utils. To disable.# restoring of mixer levels on bootup, rename the.# "S50alsa-utils" symbolic link in /etc/rcS.d/ to.# "K50alsa-utils"..### END INIT INFO..# Don't use set -e; check exit status instead..# Exit silently if package is no longer installed.[ -x /usr/sbin/alsactl ] \|\| exit 0..PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.MYNAME=/etc/init.d/alsa-u

/etc/init.d/anacron

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2053
Entropy (8bit):	4.6820380209330565
Encrypted:	false
SSDEEP:	24:ajpGF8WzzU+LuN5K6YqfON5i1CPehecMZR11s+M8k9srlf6W691mkF4T0Ox:WQRzgTNNOHi1eqrMZR1v1fXKR008
MD5:	97A572CAAFE400CEDF3DF4183D3500BA
SHA1:	53D22AB6C27F9743346E435B76E277381614E941
SHA-256:	F4ED96DEC9B2FC25CEDE36E95A2277BABC2356D6287C7466453C2834D192CA57
SHA-512:	C4E86492BE4B8E737784E846D9D790E76976B53D747AF70DBBDCD2081EF3B71FB3391BB378627FE330F3C845900E1D6E12D6D44FF88523838F49F104DC96F3DD
Malicious:	true
Joe Sandbox View:	Filename: configs.conf, Detection: malicious, Browse
Reputation:	low
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: anacron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run anacron jobs.# Description: The first purpose of this script is to run anacron at.# boot so that it can catch up with missed jobs. Note.# that anacron is not a daemon. It is run here just once.# and is later started by the real cron. The second.# purpose of this script is that said cron job invokes.# this script to start anacron at those subsequent times,.# to keep the logic in one place..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin..test -x /usr/sbin/anacron \|\| exit 0.test -r /etc/default/anacron && . /etc/default/anacron... /lib/lsb/init-functions..case "$1" in. start). if init_is_upstart 2>/dev/null; then. exit 1. fi. log

/etc/init.d/apparmor

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	6262
Entropy (8bit):	5.04668602432401
Encrypted:	false
SSDEEP:	96:tFCjnn8chP9UB/eKU+jgyzyp5ujrMpCtTNJn1R0LFR5nRbOW:yjnXhWzRI564pCBNl0LT5RbOW
MD5:	D1FF4E1621B06EB7445326D38B01F03F
SHA1:	7A87595B7D3A01EB09C4B63537F6D827FF3F0A5E
SHA-256:	F01D5EF397A43D37E3256FD6D094DEC7E995B487F267559DADD21E388A77E5FF
SHA-512:	2989781C8BDBF81692CD9AC0B5508EEA40532DC4E7F84185E91270A101C06C6558329F74CAEFF0B4FF6BE2EE921A6FB9987376266CDC39B2F9B10AF70AFD6625
Malicious:	true
Joe Sandbox View:	Filename: configs.conf, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# ----------------------------------------------------------------------.# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007.# NOVELL (All rights reserved).# Copyright (c) 2008, 2009 Canonical, Ltd..#.# This program is free software; you can redistribute it and/or.# modify it under the terms of version 2 of the GNU General Public.# License published by the Free Software Foundation..#.# This program is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License.# along with this program; if not, contact Novell, Inc..# ----------------------------------------------------------------------.# Authors:.# Steve Beattie <steve.beattie@canonical.com>.# Kees Coo

/etc/init.d/apport

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2841
Entropy (8bit):	5.2104275032814416
Encrypted:	false
SSDEEP:	48:WSV/OxxHuoBusZABLm/tiUmZaFuSZWg/e/fupjZDGdxboGxzh:rV/OxNDBusZABLm1BmGuSZWg2/OFOxMU
MD5:	44995B328E6BC0E422A481AB82780A97
SHA1:	75A9041DAF762EFBE994464992F0ED3C5A443F0F
SHA-256:	D51445F95C804A42D39E7BCBF94E1A8A404F1D901ACED1B27DFE19860B022B97
SHA-512:	87CDF09739675D75727B1B82436DC5FC6DC6470E74C9456F29591E473C1EE95AE4BF8491976BEE5A0775D4261FB62EE0FF17DE8C85DFE11B28CEB8FDE75F6EEE
Malicious:	true
Reputation:	low
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides: apport.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: automatic crash report generation.### END INIT INFO..DESC="automatic crash report generation".NAME=apport.AGENT=/usr/share/apport/apport.SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$AGENT" ] \|\| exit 0..# read default file.enabled=1.[ -e /etc/default/$NAME ] && . /etc/default/$NAME \|\| true..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..#.# Function that starts the daemon/service.#.do_start().{..# Return..# 0 if daemon has been started..# 1 if daemon was already running..# 2 if daemon could not be started...[ -e /var/crash ] \|\| mkdir -p /var/crash..chmod 1777 /var/crash...# check for kernel crash dump, convert it to apport report..if [

/etc/init.d/atd

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1110
Entropy (8bit):	5.052909980456182
Encrypted:	false
SSDEEP:	24:ajpGw2hO8Bx8fwKFZru5qZD5pYmPI5r0S69OY:WQ/h7AxpuYxImgW91
MD5:	B4F9DBD46368F9B556C71F4DDB49501A
SHA1:	300E2EEA8DCB32905CB890567B89B8E40FDE00D3
SHA-256:	F776379B49FF87833B0325D33C8F481D6DF57891A3E428606ED743DE5F2E92D0
SHA-512:	B2D361EFB1A00C4105CC838E148F1B18EEC1C07B994EB4960FAD51DBEF34B439C69FA2DAB4379E9A58BEEA3D3C0F278DF5E53BA48911C1F5F1732D71A52AF7B5
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: atd.# Required-Start: $syslog $time $remote_fs.# Required-Stop: $syslog $time $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Deferred execution scheduler.# Description: Debian init script for the atd deferred executions.# scheduler.### END INIT INFO.#.# Author:.Ryan Murray <rmurray@debian.org>.#..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/atd.PIDFILE=/var/run/atd.pid..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting deferred execution scheduler" "atd"..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping deferred execution scheduler" "atd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. force-reload\|restart). $0 stop. $0 start. ;;. status). status_of_proc -p $PIDFILE $DAEMON atd && exit 0 \|\| exit $?. ;;.

/etc/init.d/avahi-daemon

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2440
Entropy (8bit):	4.845073694120317
Encrypted:	false
SSDEEP:	48:UQs2V+ig+Ui83MZoJQukTSxVC2/ulSA0uv3uKv2ZsGyjyRfF/zsDE7Et:Z3oijU4ukTSVuP0uv3uKvdJORNADHt
MD5:	E514BF28341EE5F4FD4D08EAA3C8B22E
SHA1:	4F8CE7B3818D3434241727E96CAC57A97841F273
SHA-256:	F0F5C3FBB256E829C906D388FB0184F7E9BA1F035D6E6CEB955D4326B0163A09
SHA-512:	CCA1D84894E899EDD9100C35FADAF4C33F7573AEBA0800A3CE98AAFC68A35E314CC9D691F371CBCF5F7C9A1F43F109ACE0953E2F2F2F980D3BE6217C948B5E16
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: avahi avahi-daemon.# Required-Start: $remote_fs dbus.# Required-Stop: $remote_fs dbus.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Avahi mDNS/DNS-SD Daemon.# Description: Zeroconf daemon for configuring your network .# automatically.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC="Avahi mDNS/DNS-SD Daemon".NAME="avahi-daemon".DAEMON="/usr/sbin/$NAME".SCRIPTNAME=/etc/init.d/$NAME..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Include avahi-daemon defaults if available..test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon..DISABLE_TAG="/var/run/avahi-daemon/disabled-for-unicast-local"..#.# Function that starts the daemon/service..#.d_start() {. $DAEMON -c && return 0.. if [ -e $DISABLE

/etc/init.d/binfmt-support

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1361
Entropy (8bit):	4.954878562264294
Encrypted:	false
SSDEEP:	24:ajpG3V6yXngSBVSBNyj6edNHcBcNCekvxOx5hw5PxWmw+Zx5R6opY:WQ3ZngWVWNMNH0YCbJOLhwVAmwQLkR
MD5:	23B824404678DFF18A7EE72568A1665F
SHA1:	5C7449D7B6C1D697CE69DF5FBB2076B99E8EEB50
SHA-256:	A5F005E3C442C6B926330B7F4E3E39CFCAF02090440C7CA0E9343D270F2638A1
SHA-512:	D1AFCF525DF1F4807704472A10D8798BEE95B818830C3259BFA910670E456384A14A077FA52007083EB6318F7174988E0BC2ACAAF4D15E52F7F89D66F4C4EFAE
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: binfmt-support.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Support for extra binary formats.# Description: Enable support for extra binary formats using the Linux.# kernel's binfmt_misc facility..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=binfmt-support.DESC="additional executable binary formats"..if [ "$(uname)" != Linux ]; then. exit 0.fi..which update-binfmts >/dev/null 2>&1 \|\| exit 0... /lib/lsb/init-functions.[ -r /etc/default/rcS ] && . /etc/default/rcS..set -e.CODE=0..case "$1" in. start). if init_is_upstart; then. exit 1. fi. log_daemon_msg "Enabling $DESC" "$NAME". update-binfmts --enable \|\| CODE=$?. log_end_msg $CODE. exit $CODE. ;;.. stop). if init_is_upstart; then. exit 0.

/etc/init.d/bluetooth

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3007
Entropy (8bit):	5.400575707693715
Encrypted:	false
SSDEEP:	48:WQ1OoPrcMbC/BUUzGrm92+kbM9b5LmilQoOZoKkkFDM+Zh9Y1FDMrVOtc:j9TcWC/BUeem92R4t5LR+t5X9eYIO
MD5:	6001C051B53CE3C3F16E734A541D0080
SHA1:	4E56C265AC7F2621629980AF669CBC4A0FCAA089
SHA-256:	6048BF9F65908D8DF63F9EEA004019FADCF0E612E1253A2555540BEF32AE8431
SHA-512:	858A340935A73A3377013E43B2E4F5877337FDBA26E16C1F4AD709B51867FC067E4C1F1A2857F553805093FAF4680C67DC1EA59C9B15AD58FDDD8C93C93D2C38
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: bluetooth.# Required-Start: $local_fs $syslog $remote_fs dbus.# Required-Stop: $local_fs $syslog $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start bluetooth daemons.### END INIT INFO.#.# bluez Bluetooth subsystem starting and stopping.#.# originally from bluez's scripts/bluetooth.init.#.# Edd Dumbill <ejad@debian.org>.# LSB 3.0 compilance and enhancements by Filippo Giunchedi <filippo@debian.org>.#.# Updated for bluez 4.7 by Mario Limonciello <mario_limonciello@dell.com>.# Updated for bluez 5.5 by Nobuhiro Iwamatsu <iwamatsu@debian.org>.#.# Note: older daemons like dund pand hidd are now shipped inside the.# bluez-compat package..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC=bluetooth..DAEMON=/usr/sbin/bluetoothd.HCIATTACH=/usr/bin/hciattach..BLUETOOTH_ENABLED=0.HID2HCI_ENABLED=1.HID2HCI_UNDO=1..SDPTOOL=/usr/bin/sdptool..# If you want to be ignore error of "

/etc/init.d/bootmisc.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1314
Entropy (8bit):	5.129958707036916
Encrypted:	false
SSDEEP:	24:UpGHBAm/wU4dFczAtbYKDLKbl0sF8+K/HerS9CttsMXw9A8O3kVqGi1Zd0tBUSr:UQMUMCsGKDLKysK/erFta2R0Vji1ctBJ
MD5:	CE2DF028DCFDD38AB76BE52E9A56C8D4
SHA1:	499441F706D781A08CC8CAAD5B3298E23B279F55
SHA-256:	AF749C71B8A4D187FE47E0DEA1D26495E4250F800AB53D8F338209EECFBC30F8
SHA-512:	12DB2CA0C1F7A72C9B4702B862AB4EB8D274AE9B0BA80847FA63F74721EFBE7CADAB7601FB3EFAF26E4E9C631AF177FCEA2D00D5F6C788F872E89AB9C88FB73C
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: bootmisc.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: udev.# Default-Start: S.# Default-Stop:.# Short-Description: Miscellaneous things to be done during bootup..# Description: Some cleanup. Note, it need to run after mountnfs-bootclean.sh..### END INIT INFO... /lib/lsb/init-functions..PATH=/sbin:/usr/sbin:/bin:/usr/bin.[ "$DELAYLOGIN" ] \|\| DELAYLOGIN=yes.. /lib/init/vars.sh..do_start () {..#..# If login delaying is enabled then create the flag file..# which prevents logins before startup is complete..#..case "$DELAYLOGIN" in.. Y\|y)...echo "System bootup in progress - please wait" > /var/lib/initscripts/nologin...;;..esac...# Create /var/run/utmp so we can login...: > /var/run/utmp..if grep -q ^utmp: /etc/group..then...chmod 664 /var/run/utmp...chgrp utmp /var/run/utmp..fi...# Remove bootclean's flag files...# Don't run bootclean again after this!..rm -f /tmp

/etc/init.d/brltty

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2164
Entropy (8bit):	5.262088918804409
Encrypted:	false
SSDEEP:	48:WQ0Mv+bqSgrut02siC3UfP3DnZbgDBWjMXfFHZ+G28P:ju7/siC3Un3DnscMXfFHZ+G2C
MD5:	A7580C11D6E5B4387623E0554E584989
SHA1:	C59E333552B02300454CE769688D1AF44AE78695
SHA-256:	942C2CC1DB2FB7F6C196CAEC0163D7899C7088AEB80270AF025C5EF49FE8AFD2
SHA-512:	2281D4441CF514B4B6C6D5DDA861CB6752489B81BF56870BD163B6C2643E58ED6C11DF4F7BB0C970CD121CBD33910188FF3D315A82E2E1B81B0C676DFE243B15
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: brltty.# Required-Start: mountkernfs.# Required-Stop: .# Should-Start: udev.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Braille terminal driver .# Description: Used to provide access to refreshable braille terminals..### END INIT INFO..set -e..DAEMON=/sbin/brltty.NAME=brltty.DESC='Braille terminal driver'..test -f $DAEMON \|\| exit 0..# /etc/brltty.conf may need to be propagated from the initramfs. (This is a.# pretty awful hack.).if [ -e /dev/.initramfs/brltty.conf ] && [ -e /etc/default/brltty ]; then..mv /dev/.initramfs/brltty.conf /etc/brltty.conf..sed -i -e 's/^RUN_BRLTTY=.*/RUN_BRLTTY=yes/' /etc/default/brltty.fi..[ -r /etc/default/brltty ] && . /etc/default/brltty..# Edit /etc/default/brltty and set RUN_BRLTTY=yes to allow brltty to be.# started..if [ "$RUN_BRLTTY" != yes ]; then..exit 0.fi..set -e..[ -r /etc/default/locale ] && . /etc/default/local

/etc/init.d/checkfs.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3846
Entropy (8bit):	5.263213758399648
Encrypted:	false
SSDEEP:	96:j3lPsvLH71t8cYCsqEpo7rpL1ylyZfUwrYBK:j1svz71icYl3pSylyZfU8Ys
MD5:	F6BEA1AFC5FF484A0095EB13D57A78B2
SHA1:	E0CD5848C45B3BF4A660A9D039D0AD40428A4341
SHA-256:	1DC959F0BE6837FAAA097673EFBF0417D5D81AB98BCF222E95137F573DB4A1C8
SHA-512:	12A5B447301AA4D2E6DD8182749A8CD8FD9208434060E8472DCE7DBFE046108C4C78BB0F14802921B11B921C95EE46574238234554E5F20104969C5E2AFED8B1
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: checkfs.# Required-Start: checkroot.# Required-Stop:.# Should-Start:.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Check all filesystems..### END INIT INFO..# Include /usr/bin in path to find on_ac_power if /usr/ is on the root.# partition..PATH=/sbin:/bin:/usr/bin.FSCK_LOGFILE=/var/log/fsck/checkfs.[ "$FSCKFIX" ] \|\| FSCKFIX=no.. /lib/init/vars.sh... /lib/lsb/init-functions.. /lib/init/mount-functions.sh.. /lib/init/swap-functions.sh..do_start () {..# Trap SIGINT so that we can handle user interupt of fsck...trap "" INT...# See if we're on AC Power. If not, we're not gonna run our..# check. If on_ac_power (in /usr/) is unavailable, behave as..# before and check all file systems needing it...# Disabled AC power check until fsck can be told to only check the.# file system if it is corrupt when running on battery. (bug #526398).#.if which on_ac_power >/de

/etc/init.d/checkroot-bootclean.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1137
Entropy (8bit):	4.8441647039463485
Encrypted:	false
SSDEEP:	24:ajpG+utTK2e/h6xoZu/xJiKaU5ipZLJA8OMZd0tBQer:WQBU2jRJii4+RMctBQa
MD5:	D1DF46FC8A5533490C9C119F2CF3D1EC
SHA1:	AFABC1A3177CD7F30DDE4CE194E3A718A8B3034A
SHA-256:	B654EEFD951E3911AAF3C25BF7E184EE0B35FCE0A6DF6102AA96AFDA5CA8ADA4
SHA-512:	FB7C1959387C94CAB9ABB64428C83B8D60DBD08EC09EA8BF5222C8D6B8D21E0EB62A85A6CEC973C26C039C9A1A752EE20787C05FEFF2D7A82B05C3E0D41D93E3
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: checkroot-bootclean.# Required-Start: checkroot.# Required-Stop:.# Default-Start: S.# Default-Stop:.# X-Start-Before: bootmisc.# Short-Description: bootclean after checkroot..# Description: Clean temporary filesystems after.# the root filesystem has been mounted..# At this point, directories which may be.# masked by future mounts may be cleaned..### END INIT INFO... /lib/lsb/init-functions.. /lib/init/bootclean.sh..case "$1" in. start\|"")..# Clean /tmp, /run and /run/lock. Remove the .clean files to..# force initial cleaning. This is intended to allow cleaning..# of directories masked by mounts while the system was..# previously running, which would otherwise prevent them being..# cleaned...rm -f /tmp/.clean /run/.clean /run/lock/.clean...clean_all..exit $?..;;. restart\|reload\|force-reload)..echo "Error: argument '$1' no

/etc/init.d/checkroot.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	9392
Entropy (8bit):	5.095766465852405
Encrypted:	false
SSDEEP:	192:j7YfbXNDOD1p7+VI71gwUmcw/p/ZSZOxzToSsxx2cJBVxZH01cc8w:/YfbXtYT7971gwUmX/JRMkYVxZH2
MD5:	4592B5B0138B4805FEE3CE851D89CF6F
SHA1:	D0C902C12C15919F7CAB37551F69877E11F8DA1A
SHA-256:	F2EBD0B94C9662C42FEDDC1C3F730EF923D6CB7FB304019D245EEF3747311F8C
SHA-512:	12E6BDF2A9FF3305D8EC09CFB1F1F43456BC15104960B4E69DF7A68DCD82E6ECFB9AAED4E144FF53206F2FF430ECF89DF313BA5526F8A7A102E0C4C4F8852FAB
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: checkroot mtab.# Required-Start: mountdevsubfs hostname.# Required-Stop: .# Should-Start: keymap hwclockfirst hdparm bootlogd.# Should-stop:.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Check to root file system..### END INIT INFO..# Include /usr/bin in path to find on_ac_power if /usr/ is on the root.# partition..PATH=/sbin:/bin:/usr/bin.FSCK_LOGFILE=/var/log/fsck/checkroot.[ "$FSCKFIX" ] \|\| FSCKFIX=no.[ "$SULOGIN" ] \|\| SULOGIN=no.. /lib/init/vars.sh... /lib/lsb/init-functions.. /lib/init/mount-functions.sh..do_start () {..# Trap SIGINT so that we can handle user interrupt of fsck...trap "" INT...#..# Set SULOGIN in /etc/default/rcS to yes if you want a sulogin to..# be spawned from this script before anything else with a timeout,..# like sysv does...#..[ "$SULOGIN" = yes ] && sulogin -t 30 $CONSOLE...KERNEL="$(uname -s)"..MACHINE="$(uname -

/etc/init.d/console-setup

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1382
Entropy (8bit):	4.812276387903667
Encrypted:	false
SSDEEP:	24:UpG+BPe91J0MiP7uJx6osjULNPazszB8R8j3Gzcu4:UQ7mkomPazsF86yAF
MD5:	C81C1A78DAACE4DD5E144C10E692FBBD
SHA1:	A5BABD28F78A81C73592755303D2BE2279C0A4D1
SHA-256:	924CC3B4957386337C04FEBCA8F4B0621CD97ADE6D1D35057ECC9DE7C5808C81
SHA-512:	F897CDF4BD65A836092DA441D93683EF9E79A8A8BAA7EAE44E986F57D3D3BF74486CED63D1B86A0E3465428ECBAFC2FE81AC8D1324952689A06026DC01D59668
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: console-setup.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: console-screen kbd.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set console keymap.### END INIT INFO..set -e..# This script is used jointly by console-setup and console-setup-mini..# It belongs to keyboard-configuration because it is forbidden two.# different packages to share common configuration file...test -f /usr/bin/loadkeys \|\| exit 0..if [ -f /etc/default/locale ]; then. # In order to permit auto-detection of the charmap when. # console-setup-mini operates without configuration file.. . /etc/default/locale. export LANG.fi..if [ -f /lib/lsb/init-functions ]; then. . /lib/lsb/init-functions.else. log_action_begin_msg () {..echo -n "$@... ". }.. log_action_end_msg () {..if [ "$1" -eq 0 ]; then .. echo done...else.. echo failed...fi. }.fi..

/etc/init.d/cron

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3088
Entropy (8bit):	4.908430337956787
Encrypted:	false
SSDEEP:	48:UQPMicLMicP4dJIrcz8WD23fK2LAb38CkFATwuMoZisTdDKoA3gHML3:dEmF4dJWRWD23y2Lgs3yTtMnidD/A3gq
MD5:	80FE19412194B6418AB45F601E33B1B8
SHA1:	8C9ED65FA53B4980AA9969555D92E54BF03B998F
SHA-256:	EF24C0EF0F911E7A0022C47D9C60501697FB2AB51526DE93D49563DEBE29BEA5
SHA-512:	62AA8F10198F839BE4375E9A32D2A675DF78F204E292D357D696D8D857D25201546C135F630C83216DE3E6718A5B9B476938D4C901D8B7A627C1671793401E8C
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# Start/stop the cron daemon..#.### BEGIN INIT INFO.# Provides: cron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind.# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Regular background program processing daemon.# Description: cron is a standard UNIX program that runs user-specified .# programs at periodic scheduled times. vixie cron adds a .# number of features to the basic UNIX cron, including better.# security and more powerful configuration options..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DESC="cron daemon".NAME=cron.DAEMON=/usr/sbin/cron.PIDFILE=/var/run/crond.pid.SCRIPTNAME=/etc/init.d/"$NAME"..test -f $DAEMON \|\| exit 0... /lib/lsb/init-fu

/etc/init.d/cryptdisks

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	976
Entropy (8bit):	5.181841909633422
Encrypted:	false
SSDEEP:	24:ajpGVT5MQsL1bPq2MK+7qcr/ZkVyKDpj+:WQF61PqJkVyKdj+
MD5:	9CAEBB4BCEB94B9F1A5B97A2680F4561
SHA1:	32F8458BE1F072639B91734E81C48DB9802FE1A6
SHA-256:	AB31ACDD56C13C6D4C77AB1778EBF2420344FABA7C6E07EFB1C131668D78B0C2
SHA-512:	89F7CD84A582D66F453CA8D533411FBC59227FBCDF8D3A1BF0E6D38298799D4AFDC9A574DE4BD11DA7DF0021C54FE60C27EEB7B249660C6F74453B3357571CF0
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: cryptdisks.# Required-Start: checkroot cryptdisks-early.# Required-Stop: umountroot cryptdisks-early.# Should-Start: udev mdadm-raid lvm2.# Should-Stop: udev mdadm-raid lvm2.# X-Start-Before: checkfs.# X-Stop-After: umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup remaining encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks.functions ]; then... /lib/cryptsetup/cryptdisks.functions.else..exit 0.fi..INITSTATE="remaining".DEFAULT_LOUD="yes"..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac.

/etc/init.d/cryptdisks-early

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	935
Entropy (8bit):	5.18223738531639
Encrypted:	false
SSDEEP:	12:ajZW0Gy2BTCZN2MVW4qVS5sNBq2dX9qLgcIcrEHcrEWZm2dpBdMyuDHkkGKErIK2:ajpG/TTMkw5Mq2C+7ZKYZkVyKDvj+
MD5:	0F7B8D8BA5E602A8A69C32FF6E51CA39
SHA1:	5E4D996737B49ECBFD48513E8FAF2CF7BAFF5B02
SHA-256:	E966A8856B3160444F25398E61220BB0B95593CF68D97007DF11D2471095FF02
SHA-512:	A21E2D2D62F34771BFEA56C46B49AE82A16F1CEC55553667A5806D7F373044C6084650A520DDAD67E411E839CE557214EF903447083BA8FDF52FDDF1F7A35FA2
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: cryptdisks-early.# Required-Start: checkroot.# Required-Stop: umountroot.# Should-Start: udev mdadm-raid.# Should-Stop: udev mdadm-raid.# X-Start-Before: lvm2.# X-Stop-After: lvm2 umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup early encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks.functions ]; then... /lib/cryptsetup/cryptdisks.functions.else..exit 0.fi..INITSTATE="early".DEFAULT_LOUD=""..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks-early {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac.

/etc/init.d/cups

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2855
Entropy (8bit):	5.226815906119561
Encrypted:	false
SSDEEP:	48:WQ6MLNMwmbAzAZjCo9q9Ve1J6NH/qAh1UoAaYmUoG/FVv/FkG/UoG/FZRetsR:jBWwmEMZjC9DB7UoAaZUoGDvuG/UoGzX
MD5:	6DB62EE489B833EAB2E5ECB42F10AEBC
SHA1:	68C0B18319DA4F49521B4DE9C9903D05A855FE9A
SHA-256:	67C017367E63117036B4D22B570E7A5FB546A203CF04EFC0FB58CED43287CE10
SHA-512:	20E0B88D92F9DF049BBC4DC607D0F0D6342DD8B1C24F53069CDA1C2DD522F4E2AE59A575CCE2A93B88DB2EFBAC8B62827B595C0DA858534E71A271E461987590
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: cups.# Required-Start: $syslog $remote_fs.# Required-Stop: $syslog $remote_fs.# Should-Start: $network avahi-daemon slapd nslcd.# Should-Stop: $network.# X-Start-Before: samba.# X-Stop-After: samba.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: CUPS Printing spooler and server.# Description: Manage the CUPS Printing spooler and server;.# make it's web interface accessible on http://localhost:631/.### END INIT INFO..# Author: Debian Printing Team <debian-printing@lists.debian.org>..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/cupsd.NAME=cupsd.PIDFILE=/var/run/cups/$NAME.pid.DESC="Common Unix Printing System".SCRIPTNAME=/etc/init.d/cups..unset TMPDIR..# Exit if the package is not installed.test -x $DAEMON \|\| exit 0..mkdir -p /var/run/cups/certs.[ -x /sbin/restorecon ] && /sbin/restorec

/etc/init.d/cups-browsed

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2000
Entropy (8bit):	5.153047261673086
Encrypted:	false
SSDEEP:	48:WQmU3mK7xpvyCKyhfPV5upSYf54v6YSBFQJvFO2L:jj3FpjhnV5upSYuv3ScJY2L
MD5:	78B63A9E0908C2B032833FF0346E02EA
SHA1:	0EE1F3B30BC1D9DE50E35124A943E1F8FCD74195
SHA-256:	2177D721D43FD27F6411DC9E101EF145CC5980A96D0237ACEBF4766BB0C22CF0
SHA-512:	2694D148BDA03998142750DE5F2AC79A89744D9CB3D415A1B3FBC1FB54FDA01A9F049166B62C4ACA5B842717447B8F112193803A8C884982AF0162C83C1B54C2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: cups-browsed.# Required-Start: $syslog $remote_fs $network $named $time.# Required-Stop: $syslog $remote_fs $network $named $time.# Should-Start: avahi-daemon.# Should-Stop: avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: cups-browsed - Make remote CUPS printers available locally.# Description: This daemon browses Bonjour broadcasts of shared remote CUPS.# printers and makes these printers available locally by creating.# local CUPS queues pointing to the remote queues. This replaces.# the CUPS browsing which was dropped in CUPS 1.6.1. For the end.# the behavior is the same as with the old CUPS broadcasting/.# browsing, but in the background the standard method for network.# service announcement and discovery, Bonjour, is used..### END INIT INFO..DAEMON=/usr/sbi

/etc/init.d/dbus

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	2852
Entropy (8bit):	5.107620495538112
Encrypted:	false
SSDEEP:	48:UQJf6TxbM3hSdoCKODtfsQ/+x+KQf7OloGO9F5cK2gY5WxdUtkFEwXmg2:ZJOxbGMBPJfsQmx+x7WoGUuK2gY5W7zY
MD5:	4ADA0122A85FD4D10910C9354ACE0A4C
SHA1:	70902A5DA7A9717748F4B6C01C8DF940069421F4
SHA-256:	BB6E08998FA49AB918CAC312740F6DBDF83A23D8700A2A3AB0F48FBDF85DB7CC
SHA-512:	FB3C7A6A02737CC54804A2062EF38EB261B9DAFBB78EB14067EFF13151C049A82D29896D25E3422B65A388D1CF4E08AB0E5A337018F50A9B588380462641856C
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: dbus.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: D-Bus systemwide message bus.# Description: D-Bus is a simple interprocess messaging system, used.# for sending messages between applications..### END INIT INFO.# -- coding: utf-8 --.# Debian init.d script for D-BUS.# Copyright . 2003 Colin Walters <walters@debian.org>.# Copyright . 2005 Sjoerd Simons <sjoerd@debian.org>..set -e..DAEMON=/usr/bin/dbus-daemon.UUIDGEN=/usr/bin/dbus-uuidgen.UUIDGEN_OPTS=--ensure.NAME=dbus.DAEMONUSER=messagebus.PIDDIR=/var/run/dbus.PIDFILE=$PIDDIR/pid.DESC="system message bus"..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Source defaults file; edit that file to configure this script..PARAMS="".if [ -e /etc/default/dbus ]; then. . /etc/default/dbus.fi..create_machineid() {. # Crea

/etc/init.d/grub-common

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1144
Entropy (8bit):	5.029123988619287
Encrypted:	false
SSDEEP:	24:ajpGPHQ5FKl8vD/HNVKoV8b/9BHkDPstD9b1gT:WQfQ5glUGo6lGDUtD9bc
MD5:	55B3EFEE229D027008CB7052D4065B25
SHA1:	BDE05D048FFB55803E30D6ED9F2B388B9C8C0439
SHA-256:	B6F57C24DC653E97E789B49CB595D682921A80E1C41241C12D39DCE92E1279AF
SHA-512:	A885DCEBC1C10FF3A6053C1AD255CE234EE096D59B17B15B9693AE16DFED2C069AEA58DAFA203E271C4EDB8794EAE5DAD75C7C8FD4BE0FD4C55BE17653B0E7A9
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: grub-common.# Required-Start: $all.# Required-Stop:.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Record successful boot for GRUB.# Description: GRUB displays the boot menu at the next boot if it.# believes that the previous boot failed. This script.# informs it that the system booted successfully..### END INIT INFO..which grub-editenv >/dev/null 2>&1 \|\| exit 0..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..case $1 in. start\|restart\|force-reload)..[ "$VERBOSE" != no ] && log_action_msg "Recording successful boot for GRUB"..[ -s /boot/grub/grubenv ] \|\| rm -f /boot/grub/grubenv..mkdir -p /boot/grub..grub-editenv /boot/grub/grubenv unset recordfail..[ "$VERBOSE" != no ] && log_end_

/etc/init.d/halt

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1375
Entropy (8bit):	5.312906216742266
Encrypted:	false
SSDEEP:	24:ajpGgAsZg+tbUcKXKAQtVIDSDzRC9ZmzioeepiBVZdZr:WQ3sZt6KAQaI9SYziapiBVF
MD5:	B1A277A3F1729DC16481AC8C5F538134
SHA1:	E8573C1C42A2CDC0A60484CD6536490768FAF66E
SHA-256:	FA21DF15EE4E30450536B3F4FB8E3E3B66C8B0E6BEEE141F47B1B4ADE24AFA5F
SHA-512:	C1C03BF06434892F409918B091864A50CE02BC532C3FDE861E7DEFE208EE8D334FE09FFEAF02D964B5B9C3476DBF6613399E4C2DFE808B9D3590B73C14F57A39
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: halt.# Required-Start:.# Required-Stop:.# Default-Start:.# Default-Stop: 0.# Short-Description: Execute the halt command..# Description:.### END INIT INFO..NETDOWN=yes..PATH=/sbin:/usr/sbin:/bin:/usr/bin.[ -f /etc/default/halt ] && . /etc/default/halt... /lib/lsb/init-functions..do_stop () {..if [ "$INIT_HALT" = "" ]..then...case "$HALT" in... [Pp])....INIT_HALT=POWEROFF....;;... [Hh])....INIT_HALT=HALT....;;... )....INIT_HALT=POWEROFF....;;...esac..fi...# See if we need to cut the power...if [ "$INIT_HALT" = "POWEROFF" ] && [ -x /etc/init.d/ups-monitor ]..then.../etc/init.d/ups-monitor poweroff..fi...# Don't shut down drives if we're using RAID...hddown="-h"..if grep -qs '^md.active' /proc/mdstat..then...hddown=""..fi...# If INIT_HALT=HALT don't poweroff...poweroff="-p"..if [ "$INIT_HALT" = "HALT" ]..then...poweroff=""..fi...# Make it possible to not shut down network interfaces,..#

/etc/init.d/hddtemp

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3099
Entropy (8bit):	5.250653281885159
Encrypted:	false
SSDEEP:	48:UnetQlU+vdYb5tM7yL7yi47yIrrFXc6YRy50JDRABzNJuhCv8Z//UZJ7iuT052mS:RtQlTd65tp6iNgcLREQWAsUkTo2mS
MD5:	2409D10195239A2A2495B66FEB312E73
SHA1:	AFE31E47B8FFDF42253F5FBDBAD4C221575C2775
SHA-256:	1F4610D7E36FA74904C70A3F0D8A53F24960B19222534D1A54EE6B1FBDC3D771
SHA-512:	5ED09E097899EC1399FEF52EF688ACE903E1A4EFC6BBF11A46AB95FAE7B294A6470FF7C3C534AE8D46526FF6BFE183CAAE6D93C37AFA18FE737F08D0397B47B5
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.#.# skeleton example file to build /etc/init.d/ scripts..# This file should be used to construct scripts for /etc/init.d..#.# Written by Miquel van Smoorenburg <miquels@cistron.nl>..# Modified for Debian GNU/Linux.# by Ian Murdock <imurdock@gnu.ai.mit.edu>..#.# Version: @(#)skeleton 1.8 03-Mar-1998 miquels@cistron.nl.#..### BEGIN INIT INFO.# Provides: hddtemp.# Required-Start: $remote_fs $syslog $network.# Required-Stop: $remote_fs $syslog $network.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: disk temperature monitoring daemon.# Description: hddtemp is a disk temperature monitoring daemon.### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=hddtemp.DAEMON=/usr/sbin/$NAME.DESC="disk temperature monitoring daemon"..DISKS="/dev/hd[a-z] /dev/hd[a-z][a-z]".DISKS="$DISKS /dev/sd

/etc/init.d/hostname.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1462
Entropy (8bit):	5.099811820003852
Encrypted:	false
SSDEEP:	24:ajpG+5bkHCfmoIribNs28CLfL00+UhzHTFhjKwi1ZdCBi8wcr:WQmkHC+oIGdH7+GDJhjKwi16Bi8w4
MD5:	FAD99685AE0B325CE4A475E8AA3D3275
SHA1:	B3769845FA0284C5BB48A5F1F0A5B06F45F1E91F
SHA-256:	6DB6112EB2567540040221733AD489719FF4927ABE891ECAB487C1BE59D8AA0B
SHA-512:	503D35EBD9636584FC9E0947D728AF6F87F794B91DE68B9BA7B86715205DDEE0E1ABAD56D8B8070D916ED52163112E7979B1B83989037F87117FF7F9704851FF
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: hostname.# Required-Start:.# Required-Stop:.# Should-Start: glibc.# Default-Start: S.# Default-Stop:.# Short-Description: Set hostname based on /etc/hostname.# Description: Read the machines hostname from /etc/hostname, and.# update the kernel value with this value. If.# /etc/hostname is empty, the current kernel value.# for hostname is used. If the kernel value is.# empty, the value 'localhost' is used..### END INIT INFO..PATH=/sbin:/bin... /lib/init/vars.sh.. /lib/lsb/init-functions..do_start () {..[ -f /etc/hostname ] && HOSTNAME="$(cat /etc/hostname)"...# Keep current name if /etc/hostname is missing...[ -z "$HOSTNAME" ] && HOSTNAME="$(hostname)"...# And set it to 'localhost' if no setting was found..[ -z "$HOSTNAME" ] && HOSTNAME=localhost...[ "$VERBOSE" != no ] && log_action_begin_msg "Setting hostn

/etc/init.d/hwclock.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3848
Entropy (8bit):	5.144506024386939
Encrypted:	false
SSDEEP:	96:yYqy3be4txLsMwqTZL1FFTEaTfNvagXQwjVjNvaYXNkeQD:ZZbxtXFZpBTfNvawpjNva4e
MD5:	A3DB5CF382C86CFD56786267EF88D84C
SHA1:	621D8398E547DDAD041825421F2315F54248B715
SHA-256:	9C6874FA0AFA7B4AC34EA0CD4B46B2CB8A872CB1A81D1F97268C35D2B42DB6B5
SHA-512:	72E63492F33ED50D860FE2CEE4EDF4B8AF70C27C63D727DBD27B57C483DCDED3ADD07A62B1E4BDD8423EFEF25C31DBD91E761B87C363EC207276D17EA4BC62A8
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# hwclock.sh.Set and adjust the CMOS clock..#.# Version:.@(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl.#.# Patches:.#..2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>.#.. - Minor cosmetic changes in an attempt to help new.#.. users notice something IS changing their clocks.#.. during startup/shutdown..#.. - Added comments to alert users of hwclock issues.#.. and discourage tampering without proper doc reading..# 2012-02-16 Roger Leigh <rleigh@debian.org>.# - Use the UTC/LOCAL setting in /etc/adjtime rather than.# the UTC setting in /etc/default/rcS. Additionally.# source /etc/default/hwclock to permit configuration...### BEGIN INIT INFO.# Provides: hwclock.# Required-Start: mountdevsubfs.# Required-Stop: mountdevsubfs.# Should-Stop: umountfs.# Default-Start: S.# X-Start-Before: checkroot.# Default-Stop: 0 6.# Short-Description

/etc/init.d/iscsid

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1542
Entropy (8bit):	4.962938769428281
Encrypted:	false
SSDEEP:	24:Upfw/YpMr8MICUV7OlfrDNhay+HNCNclH3U8lrQ5l8u4uu8E:UEuMAMICu7OlN+UclH3U8lc/ZW8E
MD5:	AEC2C14084B8C481BF2A0E18E1BFD5B6
SHA1:	92E0E58A90F0E38FB2416FFA47B7712CBD987A71
SHA-256:	D30B90BCFEBF19F4EB727147C3F3BF5F019D0A6E97B1BA7C7C457F325DD7B562
SHA-512:	70939B66BF10040B3AEEA660787F711E51679D23CDC1E198BD58BCC9FF2AE348F0BE1CFF113B2612E72A3EAC8F2F5E1F7BF54300D43A7BC5369C731B4407D497
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: iscsid.# Required-Start: $network $local_fs.# Required-Stop: $network $local_fs sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: iSCSI initiator daemon (iscsid).# Description: The iSCSI initiator daemon takes care of.# monitoring iSCSI connections to targets. It is.# also the daemon providing the interface for the.# iscisadm tool to talk to when administering iSCSI.# connections..### END INIT INFO..# Author: Christian Seiler <christian@iwakd.de>..DESC="iSCSI initiator daemon".DAEMON=/sbin/iscsid.PIDFILE=/run/iscsid.pid.OMITDIR=/run/sendsigs.omit.d..do_start_prepare() {..if ! /lib/o

/etc/init.d/kerneloops

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3141
Entropy (8bit):	5.246532791803711
Encrypted:	false
SSDEEP:	96:ji8+8hGGv8uebEusZABLm1/pqtoIuSZWg2dtdIeLEMNI:j9G+/eg8XerzE2I
MD5:	56B1CEF472DB59658C65C7EBBA9DB49C
SHA1:	802764BC88D5FDD74277A7A8AA39569A8A8CBA51
SHA-256:	CD1E6A8BDE92511D937CC8B27F101F301886D803EEC08D7EC41AFEDE89DC2AB3
SHA-512:	F185B041D9F4AE09434573EAE8CC725098356490AC183031174ED94656E1141E1E6536D7CBF3B6C4E0BD437299BE8E5E472299589A80E0B2117F9C1EF7BEF1D0
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: kerneloops.# Required-Start: $remote_fs $named $network $time $syslog.# Required-Stop: $remote_fs $named $network $time $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Tool to automatically collect and submit kernel crash signatures.# Description: A tool that collects and submits kernel crash.# signatures to the http://oops.kernel.org website for use by the Linux.# kernel developers..### END INIT INFO..# Author: Laurent Bigonville <bigon@debian.org>..# Do NOT "set -e"..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="Kernel crash collector".NAME=kerneloops.DAEMON=/usr/sbin/$NAME.PIDFILE=/var/run/$NAME.pid.SCRIPTNAME=/etc/init.d/$NAME.ENABLED=1..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read configuration variable file

/etc/init.d/keyboard-setup.dpkg-bak

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1843
Entropy (8bit):	4.746750453855415
Encrypted:	false
SSDEEP:	24:UpGXa53SVd1PeCo+yCvA9MiP7uJx6osjULNPaLTszB88sGJi1mjONIl5zcu4:UQXSi7YC1ypkomPaLTsF8ZNIl5AF
MD5:	7BB2496AB929BE025710CB33BE98A2DB
SHA1:	263EE17C29DF5FB7DD40002EB08C51D09202F195
SHA-256:	5ED1EB8EB919F35833992B9F31C61377CC6E29A1122D87C093CF27C9F4ACA1DE
SHA-512:	3BEEF9A3A45D570B83F2870AE1C7CE3D161F9FB49671DDCE7F8B619755C03FDD1E22F19AC867CADACC09718C2E21B78FE98D43A33F1F0010811C73DB21F37DA1
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: keyboard-setup.# Required-Start: mountkernfs.# Required-Stop:.# Should-Start: keymap udev.# X-Start-Before: checkroot.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set preliminary keymap.# Description: Set the console keyboard as early as possible.# so during the file systems checks the administrator.# can interact. At this stage of the boot process.# only the ASCII symbols are supported..### END INIT INFO..set -e..# This script is not used by keyboard-configuration. It is used.# jointly by console-setup and console-setup-mini..test -f /bin/setupcon \|\| exit 0..if [ -f /etc/default/locale ]; then. # In order to permit auto-detection of the charmap when. # console-setup-mini operates without configuration file.. . /etc/default/locale. export LANG.fi..if [ -f /lib/lsb/init-f

/etc/init.d/killprocs

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1339
Entropy (8bit):	5.059876484466941
Encrypted:	false
SSDEEP:	24:ajpGmigV+Qtjs0vK0kDmxiex6ODTA+E9kJvCrWazpHVv340g5YVZd0tBuL:WQmAQlSBYL6CT9gkJv/aTMYVctB8
MD5:	455DC3DD4C31C030B4FF94E68AC8DDB8
SHA1:	11CBE866D62110534B99EDAF3C5CE7D43DB0732B
SHA-256:	36C27A7F0DF4F07C59C621B8F9BABA081281AAF615028B053ACD017A6CEE130F
SHA-512:	F744B83A1D7458961BCDFB970D38A3DE1F6F8472CE150AD11EE9E7E639A0AF773CC84B25584959B7B4F3D4E888A7507FCC0506A733C0183A48E6ABE7210D6804
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: killprocs.# Required-Start: $local_fs.# Required-Stop:.# Default-Start: 1.# Default-Stop:.# Short-Description: executed by init(8) upon entering runlevel 1 (single)..### END INIT INFO..PATH=/sbin:/usr/sbin:/bin:/usr/bin... /lib/lsb/init-functions..do_start () {..# Kill all processes...log_action_begin_msg "Asking all remaining processes to terminate"..killall5 -15 # SIGTERM..log_action_end_msg 0..alldead=""..for seq in 1 2 3 4 5 6 7 8 9 10; do...# use SIGCONT/signal 18 to check if there are...# processes left. No need to check the exit code...# value, because either killall5 work and it make...# sense to wait for processes to die, or it fail and...# there is nothing to wait for.......if killall5 -18 ; then... :...else... alldead=1... break...fi....sleep 1..done..if [ -z "$alldead" ] ; then.. log_action_begin_msg "Killing all remaining processes".. killall5 -9 # SIGKILL..

/etc/init.d/kmod

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2126
Entropy (8bit):	4.876762459571096
Encrypted:	false
SSDEEP:	24:spGUxLADBzBQYDMAeJbjqg3UlfbcMZC/tCYJGMsMHwDa10ig/CeZNRGglclYt:sQ/dtQYxe5jRQfby/oYJbJQA0i6PvN
MD5:	8055BE7A9861001A4D1C82F4492BC0FC
SHA1:	155EEA8DFCAEAB050001A577226B93E457164A07
SHA-256:	096019F36357E8A303BA8D2B0CD89519B0967F2DE62C4DAD546EE68327E7D1A6
SHA-512:	0CCF018EE65419EC1C4064004A1ABB6BFD930CF91E3AAC40CA8CBF57415FFA8E1D9CC4441079B687CBC86241D4B57FDB5F0482ADD69C5ABC68963AA3B31C3266
Malicious:	true
Preview:	#!/bin/sh -e./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: kmod.# Required-Start: .# Required-Stop: .# Should-Start: checkroot.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Load the modules listed in /etc/modules..# Description: Load the modules listed in /etc/modules..### END INIT INFO..# Silently exit if the kernel does not support modules..[ -f /proc/modules ] \|\| exit 0.[ -x /sbin/modprobe ] \|\| exit 0..[ -f /etc/default/rcS ] && . /etc/default/rcS.. /lib/lsb/init-functions..PATH='/sbin:/bin'..case "$1" in. start). if init_is_upstart; then. exit 1. fi. ;;.. stop\|restart\|reload\|force-reload). log_warning_msg "Action '$1' is meaningless for this init script". exit 0. ;;.. *). log_success_msg "Usage: $0 start". exit 1.esac..load_module() {. local module args. module="$1". args="$2".. if [ "$VERBOSE" != no ]; then. log_action_msg "Loading kernel module $module". modprobe $module $arg

/etc/init.d/lightdm

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3470
Entropy (8bit):	5.277433159012979
Encrypted:	false
SSDEEP:	48:UAbmo8vyUjH3J+cNrWId4KF9wDeX3/FI/F7R7cJ0IB+rd/g1ZsbHaXeZ4td/WzvQ:x8z3J+cNiR8SzGqJHyrDubTMlt
MD5:	70094A8C1A43A24447D18C9B11123238
SHA1:	030471DAE39A16934722E1B5B694CC3A1BBA14C1
SHA-256:	8A464FC5B68C5456B3E212E313BF5FD494325B0520827921B68875DD3F12A2EF
SHA-512:	711AF8F27A51D384F0AC0F1B2B7264F4230B1E39898914F8D725BF76A45B731BC49E998908E8836EAC01AB57948FB0B4112AC929D50CA701C5662EAC36FBB609
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..# Largely adapted from xdm's init script:.# Copyright 1998-2002, 2004, 2005 Branden Robinson <branden@debian.org>..# Copyright 2006 Eugene Konev <ejka@imfi.kspu.ru>.#.# This is free software; you may redistribute it and/or modify.# it under the terms of the GNU General Public License as.# published by the Free Software Foundation; either version 2,.# or (at your option) any later version..#.# This is distributed in the hope that it will be useful, but.# WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License with.# the Debian operating system, in /usr/share/common-licenses/GPL; if.# not, write to the Free Software Foundation, Inc., 51 Franklin Street, .# Fifth Floor, Boston, MA 02110-1301, USA...### BEGIN INIT INFO.# Provides: lightdm.# Required-

/etc/init.d/lm-sensors

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	908
Entropy (8bit):	5.092482167202627
Encrypted:	false
SSDEEP:	12:UZW0QCpBMHQHf7Wc9rlVYhRw/0QvstXoiXmH0+QhKYwO6aock1j6yLRujvlT:UpQi4WyM/IwAp2Hcq13s
MD5:	DE35215AA83E82317BAAF116358E980E
SHA1:	2D2074F85733DAD919A37FC4B67BF71AA36C29AE
SHA-256:	99C5E80F7802ADDB9B7C9F361079E8FBEE064CD586CE20B8E48D6006DD7357FD
SHA-512:	79861D414F4526E86710529D0B017102B8ADFE41CD9F7A19A9891BF003033734F7201560C22B7A2AAAF127BF35C1589FE17925079CB8892FD52B2B73EB6E89D9
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides: lm-sensors.# Required-Start: $remote_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: lm-sensors.# Description: hardware health monitoring.### END INIT INFO... /lib/lsb/init-functions..[ -f /etc/default/rcS ] && . /etc/default/rcS.PATH=/bin:/usr/bin:/sbin:/usr/sbin.PROGRAM=/usr/bin/sensors..test -x $PROGRAM \|\| exit 0..case "$1" in. start)..log_begin_msg "Setting sensors limits"..if [ "$VERBOSE" = "no" ]; then.../usr/bin/sensors -s 1> /dev/null 2> /dev/null.../usr/bin/sensors 1> /dev/null 2> /dev/null..else.../usr/bin/sensors -s.../usr/bin/sensors > /dev/null..fi..log_end_msg 0..;;. stop)..;;. force-reload\|restart)..$0 start..;;. status)..exit 0..;;. *)..log_success_msg "Usage: /etc/init.d/lm-sensors {start\|stop\|restart\|force-reload\|status}"..exit 1.esac..exit 0.

/etc/init.d/lvm2

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	734
Entropy (8bit):	5.196958720698973
Encrypted:	false
SSDEEP:	12:UZW0GNBwO12MVy6Pl4YS1C4t6zkhcSRwDy00Ms8DBxrzvFyURujivFhbyNb:UpGrsMHPvS1C4aOvwgMsGv75vWb
MD5:	400A795660A36BC2E5C4A0487E40C9EA
SHA1:	B9F358372C9D157C7CE3A60491586EF293C508CE
SHA-256:	6BD2551EA4C947A740998966A2170F995CADAB10628A2BD006D3CF2A536E4DCD
SHA-512:	9A2FC3AABC469E4769E7F42B607BECF246D07C0B2E54BBCF8B469E99F44F92F6E231C21CEFBBB328AF5D168B5FDA30F09B66F2AF437D1E15A6BFF5572105027D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: lvm2 lvm.# Required-Start: mountdevsubfs.# Required-Stop:.# Should-Start: udev mdadm-raid cryptdisks-early multipath-tools-boot.# Should-Stop: umountroot mdadm-raid.# X-Start-Before: checkfs mountall.# X-Stop-After: umountfs.# Default-Start: S.# Default-Stop:.### END INIT INFO..SCRIPTNAME=/etc/init.d/lvm2... /lib/lsb/init-functions..[ -x /sbin/vgchange ] \|\| exit 0..case "$1" in. start)..log_action_begin_msg "Setting up LVM Volume Groups"../sbin/lvm vgchange -aay --sysinit >/dev/null..log_action_end_msg "$?"..;;. stop\|restart\|force-reload\|status)..;;. *)..echo "Usage: $SCRIPTNAME start" >&2..exit 3..;;.esac..

/etc/init.d/lvm2-lvmetad

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	610
Entropy (8bit):	5.272032452010441
Encrypted:	false
SSDEEP:	12:UZW0pdRDNeBuYremCU33epBa5kI5GZIq9J9YeUMw2CjX:Upfw/uPi9YvJ9ajX
MD5:	7C95F517710842B75B90A78C1CF22B38
SHA1:	C214BB113F2920BA175AAC0F55F1103D5F6AE68F
SHA-256:	C2ECE49EE896FF0F9883E4EB554ED7AB2398BEDF4C2ECC0FD5B9C9AC133B9FA8
SHA-512:	6FB43A88EEA61CE082465AAB37D96232CC00FB892B15E61233D1D6847E701E8C8D9292150FD631AFDE284491BA6362E44112D6A5ABA37E49E15F18EAA61651DB
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmetad.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 metadata daemon.### END INIT INFO..DESC="LVM2 metadata daemon".DAEMON=/sbin/lvmetad.PIDFILE=/run/lvmetad.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}.

/etc/init.d/lvm2-lvmpolld

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	625
Entropy (8bit):	5.320004352093456
Encrypted:	false
SSDEEP:	12:UZW0pdRDNeBuYremCU33VLBa5kI5GKq9XquaZ+w2CjX:Upfw/lti9OXyljX
MD5:	4C535177E2C0123329DE7B41F3B5B5A1
SHA1:	62FAED3252EAF2DE3222576242D6BA1A2772C970
SHA-256:	B59430BB8361A951409F89A4B437EBBA2C4A425C582AA7F36D1325B865F3EA72
SHA-512:	E18FA33DBBBDEBC7516E61EBA9B9B257A24BBB4A1D6A3549CAB9A56B271EFC95C1B050826BFC8B1AF586D2209855E4AF3EC81902FD216762E0F195B218D3E8F5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmpolld.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 poll daemon.### END INIT INFO..DESC="LVM2 poll daemon".DAEMON=/sbin/lvmpolld.DAEMON_ARGS="-t 60".PIDFILE=/run/lvmpolld.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}.

/etc/init.d/lxcfs

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2417
Entropy (8bit):	4.4723907434804655
Encrypted:	false
SSDEEP:	48:W/puFbA2ZcDGXX01/+/2ZeFI/u/wL5i3eK:2ptDeXKm2tmIlip
MD5:	22A1FDD1C14A39942DC51255E1803816
SHA1:	DD2C9069B1AA679627666EB071EEBC66F68258A6
SHA-256:	EE9A38DB879B8868410C97C00519BBE8715DCA462BB25A8FF30895955341E3CA
SHA-512:	C36C34D0FFCD46465BC7E65DB86A04C828EF1392DC5B0A9ADA83D1214C98A1C901DB5C963145B93C3376CEBF12BC866A356B663D8C6B5C96FF27197B416BDBE6
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Short-Description: FUSE filesystem for LXC.# Description: FUSE filesystem for LXC.# Provides: lxcfs.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Should-Start: cgroupfs-mount.# Should-Stop: cgroupfs-mount.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.### END INIT INFO..DAEMON=/usr/bin/lxcfs.NAME=lxcfs.DESC="FUSE filesystem for LXC".PIDFILE=/var/run/lxcfs.pid... /lib/lsb/init-functions..test -f ${DAEMON} \|\| exit 0..set -e..START="-m --start --quiet --pidfile ${PIDFILE} --name ${NAME} --startas $DAEMON --background".case "$1" in. start). if init_is_upstart; then. exit 1. fi.. # Don't start if bind-mounted from host. [ ! -d /var/lib/lxcfs/proc ] \|\| exit 0.. # Cleanup in case of crash. fusermount -u /var/lib/lxcfs 2> /dev/null \|\| true. [ -L /etc/mtab ] \|\| \. sed -

/etc/init.d/lxd

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2580
Entropy (8bit):	4.4542270277078115
Encrypted:	false
SSDEEP:	48:WYRU/3FbA28JFEUAFbCNs+S/+/2ZeFOty/u/wL5dO3eK:nRU/GFEXFOmDm2XymIl4p
MD5:	4D994067BE62C753667A9F33A6BB3570
SHA1:	6C6E26B7B69C1EF4D3359BE2C4F037EB990312F9
SHA-256:	C9CE2AE1CF7CC0EB00413BF81CEC8A58B07092013C75C526F4EBFC232B6C0862
SHA-512:	90B3A3B9464F2475352699FD8C73B0A51D0C7204348C2E06D4386DF5B62D684601F2EE3A93B1C902196020E03692DD07D6A80199776FC6749C9026F946169ECF
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Short-Description: Container hypervisor based on LXC.# Description: Container hypervisor based on LXC.# Provides: lxd.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.### END INIT INFO..DAEMON=/usr/bin/lxd.NAME=lxd.DESC="Container hypervisor based on LXC".PIDFILE=/var/run/lxd.pid... /lib/lsb/init-functions..test -f ${DAEMON} \|\| exit 0..set -e..START="-m --start --quiet --pidfile ${PIDFILE} --name ${NAME} --startas $DAEMON --background".case "$1" in. start). if init_is_upstart; then. exit 1. fi.. /usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load.. echo -n "Starting $DESC: ". ulimit -n 65536. [ -e /etc/environment ] && . /etc/environment. /usr/lib/lxd/lxd-bridge.start. if start-stop-daemon ${START} -- --group lxd --logfile=/var/log/lxd/lxd.log

/etc/init.d/mdadm

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	2404
Entropy (8bit):	5.034080367346154
Encrypted:	false
SSDEEP:	48:Uqbn5omhn7ykY//7xe7ZUVgr1UXdk7tlk7twoBiHb0k7tgGKDOa4iKmgRRvMs:fomh+kYH7pVDXdORQ80fGQ4iKmgH
MD5:	B8E4F2E1DA9E4681F7E61AD6622C10EC
SHA1:	7C8AE5B82AAD13D3D29F587DE74B9B1FAF4642F7
SHA-256:	474717BD13AFFF888DE14D750B920ED563E994084FAF2146DF679EC6CB0F72AE
SHA-512:	C74DC200BA252D2A496E7ECB901A256E8C961D90605D0C7FA549BC1ABA39C1E8066C4052F04DEAEE6F02A3B078B3A7EEC7383AF61E25FA7C6760237774F969F5
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.#.# Start the MD monitor daemon for all active MD arrays if desired..#.# Copyright . 2001-2005 Mario Jou/3en <joussen@debian.org>.# Copyright . 2005-2009 Martin F. Krafft <madduck@debian.org>.# Distributable under the terms of the GNU GPL version 2..#.### BEGIN INIT INFO.# Provides: mdadm.# Required-Start: $local_fs $syslog.# Required-Stop: $local_fs $syslog sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: MD monitoring daemon.# Description: mdadm provides a monitor mode, in which it will scan for.# problems with the MD devices. If a problem is found, the.# administrator is alerted via email, or a custom script is.# run..### END INIT INFO.#.set -eu..MDADM=/sbin/mdadm.MDMON=/sbin/mdmon.RUNDIR=/run/mdadm.PIDFILE=$RUNDIR/monitor.pid.DEBIANCONFIG=/etc/default/mdadm..test -x "$MDADM" \|\| exit 0..test -f /proc/mdstat \|\| exit 0..

/etc/init.d/mdadm-waitidle

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1238
Entropy (8bit):	4.73282902968205
Encrypted:	false
SSDEEP:	24:UpGhM7v4M52U0qhpxFYHl7AlJRmgR+FOHJVy7Z02U+K/TpBY:UQhhM5vP3xyHJAHRJhHJQVq/lG
MD5:	EB589BBF247EBBD2369D648BA43A39C5
SHA1:	35D845703B5C764CC786A60253257662CEF0173A
SHA-256:	26587F37DBB9AE3970CCB85CE62422B088D5C6F632D9E50EFEC22CABF6BB52FA
SHA-512:	F8E8F42C1C8C87565346DBD83234F94D1B4492809180511DE8FD0B530AEC8C46D27B75AC8BF288D0C0260312E3CA24633A8B3F9C6C3CD479CE3444EBE5672C2B
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: mdadm-waitidle.# Required-Start:.# Required-Stop:.# Should-Stop: halt reboot kexec.# X-Stop-After: umountroot.# Default-Start:.# Default-Stop: 0 6.# Short-Description: Wait for MD arrays to become idle.# Description: Waits until all MD arrays are in idle and synced state.# before halt/reboot..### END INIT INFO.#.set -eu..MDADM=/sbin/mdadm.test -x "$MDADM" \|\| exit 0.test -f /proc/mdstat \|\| exit 0... /lib/lsb/init-functions..case "${1:-}" in.. start\|restart\|force-reload). # nothing, the only reason the script is here is to stop arrays. ;;.. stop). sync. wait=. for md in /sys/block/md*/md ; do. [ -d "$md" ] \|\| continue. [ "$wait" ] \|\| log_action_begin_msg "Waiting for MD arrays to become idle". wait=y. [ -w $md/sync_action ] && echo idle > $md/sync_action. done. if [ "$wait" ]; then. # mdadm --wait-clean has a sh

/etc/init.d/mountall-bootclean.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	742
Entropy (8bit):	4.984187221221359
Encrypted:	false
SSDEEP:	12:ajZW0GkQBwUkH2R9lKhfFFNnW/xJi0SYnGKE3fdARMsBLbxPrn:ajpGDjg2pg/8/xJieGZd0tBZr
MD5:	19EDF3530FF72C1CD8D49FD6ADD1FFA6
SHA1:	092B66B3B6C94824BA1F62EC8E2A3914B0E2A1F0
SHA-256:	B15453F750E15EB9AB10D52B5CF3D1D0B914CCF9C6B5182D992D1944817DBDF4
SHA-512:	51F6E6496304F4466A73B4B9CE9FFE7EC815FCBEFF5B0320AEF8B6D0B4EAC6EEF740825325EBE0747EF771FB9EB21ACE5A3CE3925A7D42D6F6F87A7447A509C8
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: mountall-bootclean.# Required-Start: mountall.# Required-Stop:.# Default-Start: S.# Default-Stop:.# X-Start-Before: bootmisc.# Short-Description: bootclean after mountall..# Description: Clean temporary filesystems after.# all local filesystems have been mounted..### END INIT INFO... /lib/lsb/init-functions.. /lib/init/bootclean.sh..case "$1" in. start\|"")..# Clean /tmp, /var/lock, /var/run..clean_all..exit $?..;;. restart\|reload\|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop\|status)..# No-op..;;. *)..echo "Usage: mountall-bootclean.sh [start\|stop]" >&2..exit 3..;;.esac..:.

/etc/init.d/mountall.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2340
Entropy (8bit):	5.1134673781375
Encrypted:	false
SSDEEP:	48:WQeiH+SzvgFWQ7Op1HcepuaeLDoIakX+Mv5nItL3aPi1ctB9:jeS+SzvgWQip1Hc7DvXxx0mqYB9
MD5:	101C526876BAFF5284EDF97A1CCE415F
SHA1:	C99C30F22FB26BF20E62EB6F7B9E21ECEFEC52C6
SHA-256:	107CA17EF5205821764E41244E63859F6AE1F4153E77A73836B6FCFD59C4FCFC
SHA-512:	6190E1F4F7174F5F3BE4BF80D2E653209EAB136513D78391D1B78424A770DFD8EC5DD3DA5A0F6479355A2F5AA2D36BF58B3DACD997425B0C4DFCD5066866A38A
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: mountall.# Required-Start: checkfs checkroot-bootclean.# Required-Stop: .# Default-Start: S.# Default-Stop:.# Short-Description: Mount all filesystems..# Description:.### END INIT INFO..PATH=/sbin:/bin.. /lib/lsb/init-functions.. /lib/init/vars.sh.. /lib/init/tmpfs.sh... /lib/init/mount-functions.sh.. /lib/init/swap-functions.sh..# for ntfs-3g to get correct file name encoding.if [ -r /etc/default/locale ]; then... /etc/default/locale..export LANG.fi..do_start() {..#..# Mount local file systems in /etc/fstab...#..mount_all_local() {...if mountpoint -q /usr; then....# May have been mounted read-only by initramfs.....# Remount with unmodified options from /etc/fstab.....mount -o remount /usr...fi...mount -a -t nonfs,nfs4,smbfs,cifs,ncp,ncpfs,coda,ocfs2,gfs,gfs2,ceph \....-O no_netdev..}..pre_mountall..if [ "$VERBOSE" = no ]..then...log_action_begin_msg "Mounting local filesystems"...mount_al

/etc/init.d/mountdevsubfs.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1500
Entropy (8bit):	5.160342305809812
Encrypted:	false
SSDEEP:	24:ajpGe53AmgoGz2r7za0T/eSPhTlhLRBnfTZBdqf/IqeM6ChmtBCkL:WQmta0xL3fVBdqfQqV6ChmtBCy
MD5:	D3D625B5114B824314419842F262D3DB
SHA1:	BD30F220D80F165D77B6755BB480AAF277C9CE33
SHA-256:	31B448F272993B5F166AC7C395ABD6B61BD2C251023C0AEA4EC591EC6704C0AD
SHA-512:	6E93C7DA98CE0CD6EB7B45B1180EFE23EE5D147E9A02702534A34EE047880F1C38C61149C87D592E0041637D7E7BD1F3B7D712B32DEEEF88B7DE37725A4DFAB0
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: mountdevsubfs.# Required-Start: mountkernfs.# Required-Stop:.# Should-Start: udev.# Default-Start: S.# Default-Stop:.# Short-Description: Mount special file systems under /dev..# Description: Mount the virtual filesystems the kernel provides.# that ordinarily live under the /dev filesystem..### END INIT INFO.#.# This script gets called multiple times during boot.#..PATH=/sbin:/bin.TTYGRP=5.TTYMODE=620.[ -f /etc/default/devpts ] && . /etc/default/devpts..KERNEL="$(uname -s)"... /lib/lsb/init-functions.. /lib/init/vars.sh.. /lib/init/tmpfs.sh... /lib/init/mount-functions.sh..# May be run several times, so must be idempotent..# $1: Mount mode, to allow for remounting.mount_filesystems () {..MNTMODE="$1"...# Mount a tmpfs on /run/shm..mount_shm "$MNTMODE"...# Mount /dev/pts..if [ "$KERNEL" = Linux ]..then...if [ ! -d /dev/pts ]...then....mkdir --mode=755 /dev/pts.

/etc/init.d/mountkernfs.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1603
Entropy (8bit):	5.060301654632043
Encrypted:	false
SSDEEP:	24:ajpGeg577D/wJgSD/eSPhTlhLRqp5ywEi2Zg0XgbzHTgIGM6ChmtB3WL:WQee7D4JgSzxLMya2+b7TgIt6ChmtB3E
MD5:	C14F264ABFA6F38758449F2E23F1593C
SHA1:	9F5EF6D32F94909D9AF83A62CE4440E822F40244
SHA-256:	0C8412A6536055D8CC5FCE0AD3CDB8823EF8EAD8C02629963D5DDE2BF296ACBD
SHA-512:	276070ADFC78C703F966802ADFF407C8AA54DBFA9C641910304589F75C486F3664272D2718967F100EBB93B55FFC2DF2A68A9B9DF5415AD51BA33090C3DD8803
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: mountkernfs.# Required-Start:.# Required-Stop:.# Should-Start: glibc.# Default-Start: S.# Default-Stop:.# Short-Description: Mount kernel virtual file systems..# Description: Mount initial set of virtual filesystems the kernel.# provides and that are required by everything..### END INIT INFO..PATH=/sbin:/bin.. /lib/lsb/init-functions.. /lib/init/vars.sh.. /lib/init/tmpfs.sh... /lib/init/mount-functions.sh..# May be run several times, so must be idempotent..# $1: Mount mode, to allow for remounting.mount_filesystems () {..MNTMODE="$1"...#..# Mount tmpfs on /run and/or /run/lock..#..mount_run "$MNTMODE"..mount_lock "$MNTMODE"...#..# Mount proc filesystem on /proc..#..domount "$MNTMODE" proc "" /proc proc "-onodev,noexec,nosuid"...#..# Mount sysfs on /sys..#..# Only mount sysfs if it is supported (kernel >= 2.6)..if grep -E -qs "sysfs\$" /proc/filesystems..then...do

/etc/init.d/mountnfs-bootclean.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	750
Entropy (8bit):	5.009779160700117
Encrypted:	false
SSDEEP:	12:ajZW0GTBaEtH2R9lIfFFGRUnW/xJi0SYnGKE3fdARMsBLbPrn:ajpG11Z2pS/GJ/xJieGZd0tBnr
MD5:	6D35F77A6166D8B1A06057BE87466683
SHA1:	159C4518F1FD6FB37EBE99BBA76A7B1AD288B3A3
SHA-256:	193BE1ED9C4D3CA1ED8C81AFEF0E9D799B12F9F7B31D57E2C0393C447F583A96
SHA-512:	3E39980C3C6E0658CE84E7AF4CC9B76702C57F213F16931B5DC16F58C62350C2CA12A1D301477B794A1602C50893D4D45D7D63AA4146CA149EA4458CD0C910DA
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: mountnfs-bootclean.# Required-Start: $local_fs mountnfs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# X-Start-Before: bootmisc.# Short-Description: bootclean after mountnfs..# Description: Clean temporary filesystems after.# network filesystems have been mounted..### END INIT INFO... /lib/lsb/init-functions.. /lib/init/bootclean.sh..case "$1" in. start\|"")..# Clean /tmp, /var/lock, /var/run..clean_all..exit $?..;;. restart\|reload\|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop\|status)..# No-op..;;. *)..echo "Usage: mountnfs-bootclean.sh [start\|stop]" >&2..exit 3..;;.esac..:.

/etc/init.d/mountnfs.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2495
Entropy (8bit):	4.93940903836391
Encrypted:	false
SSDEEP:	48:WQeM10Ash9VF13Kwcg0lzfRUo375RGB8Fq/Lyw8rsdLh1:j9boLEwcLKogOPwD1
MD5:	E2199DAFA9939D3B48F46F7CD3345BF7
SHA1:	6C16A4C9417C2AD265DCFC62B095EA7B8A79A503
SHA-256:	BD72A784EE53F32B016401964244486ED257879A33F4D8D932CCD583AC339997
SHA-512:	17480E40D092941A40441A8CF487AB7D8AE7551D5D1F8E09EC0FB5910BBD513CD5E64BEB6854C277738692CB8D4633328BC005E4A17C04B52788AF76D6C44EF6
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: mountnfs.# Required-Start: $local_fs.# Required-Stop:.# Should-Start: $network $portmap nfs-common udev-mtab.# Default-Start: S.# Default-Stop:.# Short-Description: Wait for network file systems to be mounted.# Description: Network file systems are mounted by.# /etc/network/if-up.d/mountnfs in the background.# when interfaces are brought up; this script waits.# for them to be mounted before carrying on..### END INIT INFO... /lib/lsb/init-functions.. /lib/init/vars.sh.. /lib/init/mount-functions.sh..do_wait_async_mount() {..# Read through fstab line by line. If it is NFS, set the flag..# for mounting NFS file systems. If any NFS partition is found..# then wait around for it....waitnfs=..for file in "$(eval ls $(fstab_files))"; do...if [ -f "$file" ]; then....while read DEV MTPT FSTYPE OPTS REST; do.....case "$DEV" in.....

/etc/init.d/network-manager

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1796
Entropy (8bit):	5.2674161714067065
Encrypted:	false
SSDEEP:	48:WQ3OLVNuaieaz+uSA9eulA3hZd+yZOYUP:j6Czt+uSA9eulAF+DYK
MD5:	9B92C2A627655E461FF34FE7E0B2E0BA
SHA1:	5AD7F0CB7C5FED6B8C0BAB719A7AD54A2955BB6A
SHA-256:	A8423DBBB7FE42D01542189C4765E42E9053D6B325B1A03768190FB68FB277FA
SHA-512:	C8621210A60720306DDAD14D67017A68778C111AA1BC44EE02E4D3495D9B84A3CC0AF5B2EE693BC80223AE246971CE4F761784A1B94EC43792ED7C6E94FE8802
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: network-manager.# Required-Start: $remote_fs dbus udev.# Required-Stop: $remote_fs dbus udev.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: network connection manager.# Description: Daemon for automatically switching network .#.. connections to the best available connection..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DESC="network connection manager".NAME="NetworkManager"..DAEMON=/usr/sbin/$NAME..PIDFILE=/var/run/$NAME/$NAME.pid..SCRIPTNAME=/etc/init.d/network-manager..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..test -f /etc/default/NetworkManager && . /etc/default/NetworkManager..#.#.Function that starts the daemon/service..#.d_start() {..start-stop-daemon --start --quiet --pidfile $PIDFILE

/etc/init.d/networking

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4810
Entropy (8bit):	5.117938082728971
Encrypted:	false
SSDEEP:	96:RvdqkypptjMk645JhMe4T6z3GPDXEtQ9VSLtlv:RFqdpptQk645JhqezsDXE69cLt1
MD5:	5D111DC02B6113D354CABBF2B3B08D1E
SHA1:	6A00D56E17E34468915D66B2BDBACEF34F559F22
SHA-256:	36A73AEF57D313FAE8D32FC5F36D6608885910850CE252F75161D4CE270D8408
SHA-512:	B62A8C9F3729B0441A26C02606A5B985A00E8CA139968E5D8F8E3B6887C0D9D2B4FAA69D72186DA9F304522F5E5F51BD9F66BA07B210F9B764EF285B87C96D21
Malicious:	true
Preview:	#!/bin/sh -e./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: networking ifupdown.# Required-Start: mountkernfs $local_fs urandom.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Raise network interfaces..# Description: Prepare /run/network directory, ifstate file and raise network interfaces, or take them down..### END INIT INFO..PATH="/sbin:/bin".RUN_DIR="/run/network".IFSTATE="$RUN_DIR/ifstate".STATEDIR="$RUN_DIR/state"..[ -x /sbin/ifup ] \|\| exit 0.[ -x /sbin/ifdown ] \|\| exit 0... /lib/lsb/init-functions..CONFIGURE_INTERFACES=yes.EXCLUDE_INTERFACES=.VERBOSE=no..[ -f /etc/default/networking ] && . /etc/default/networking..verbose="".[ "$VERBOSE" = yes ] && verbose=-v..process_exclusions() {. set -- $EXCLUDE_INTERFACES. exclusions="". for d. do..exclusions="-X $d $exclusions". done. echo $exclusions.}..process_options() {. [ -e /etc/network/options ] \|\| return 0. log_warn

/etc/init.d/ondemand

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1620
Entropy (8bit):	5.316267916051372
Encrypted:	false
SSDEEP:	24:ajpGpo4yNA+tENksBQTUk0sH60X5aQ80TEKRQtsfGU2Fi14kTwKyqrsVSqV:WQa4/+/sBQwk0ELp1HAoAizw8rsVhV
MD5:	FD8538AF72704388C7411CF2533A7506
SHA1:	B2C6CCCCDD1979D01C562A7EB7ECC2C122B68C61
SHA-256:	1D77DAC241F0757658C94411DBFA39E2C6C121E9BE9B3859473E5D567B23D7FB
SHA-512:	DDB7C6C0932497A7891C1068935CC2F079DEBF4968511501FE1D756F9C4C8035271EBB29589508E77937062DCCAF40666D1585CC4997C021DA84B8A8D6088599
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: ondemand.# Required-Start: $remote_fs $all.# Required-Stop:.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Set the CPU Frequency Scaling governor to "ondemand".### END INIT INFO..# Don't run if we're going to start an Android LXC container:.[ ! -f /etc/init/lxc-android-config.conf ] \|\| exit 0..PATH=/sbin:/usr/sbin:/bin:/usr/bin... /lib/init/vars.sh.. /lib/lsb/init-functions..AVAILABLE="/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors".DOWN_FACTOR="/sys/devices/system/cpu/cpufreq/ondemand/sampling_down_factor"..case "$1" in. start). .start-stop-daemon --start --background --exec /etc/init.d/ondemand -- background. ;;. background)..sleep 60 # probably enough time for desktop login...[ -f $AVAILABLE ] \|\| exit 0..read governors < $AVAILABLE..case $governors in...interactive)....GOVERNOR="interactive"....break....;;...ondemand)....GOVERNOR="ond

/etc/init.d/open-iscsi

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2542
Entropy (8bit):	5.10762352610323
Encrypted:	false
SSDEEP:	48:WQUMRMrEm3cy8NYINgZlfEMtWBAl3ATeTPAdWINRdWdtREg02AC9ArANTcAhicV:jb2rH338yPZlff/lwA4dWIJCMDUbb
MD5:	5EED0777A077113CDE608466C6E0E422
SHA1:	2D31CD68EFAC51A6FC2EA45593EED371E9883850
SHA-256:	5AFDED26E6C266BA029E5BE5FE0426812EF7101E8A1F7305834A068E2B4090FE
SHA-512:	F3F05CD26411F81DDFA8C9727B755857C418F0894A868CF63A97BCD444F82691E943771042D8E336699AB1418B4FE984A6843FB7D83C6FC9E262AC6DECAF471C
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: open-iscsi iscsi.# Required-Start: $network $local_fs iscsid.# Required-Stop: $network $local_fs iscsid sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Login to default iSCSI targets.# Description: Login to default iSCSI targets at boot and log out.# of all iSCSI targets at shutdown..### END INIT INFO..PATH=/sbin:/bin.DAEMON=/sbin/iscsid.ADM=/sbin/iscsiadm.PIDFILE=/run/iscsid.pid.NAMEFILE=/etc/iscsi/initiatorname.iscsi.CONFIGFILE=/etc/iscsi/iscsid.conf.OMITDIR=/run/sendsigs.omit.d..[ -x "$DAEMON" ] \|\| exit 0... /lib/lsb/init-functions..# Include defaults if available.if [ -f /etc/default/open-iscsi ]; then... /etc/default/open-iscsi.fi...if [ ! -d /sys/class/ ]; then. log_failure_msg "iSCSI requires a mounted sysfs, not started.". exit 0.fi..RETVAL=0..start() {..if ! [ -s $PIDFILE ] \|\| ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; th

/etc/init.d/open-vm-tools

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1885
Entropy (8bit):	4.863430460367773
Encrypted:	false
SSDEEP:	48:USa/f0aOHh8I/X/kA4pWh8FgM8QhmMl8FkgPooG2DKYUH:pa/f0aOB8If4e8j8Q8Ml8OmooG2D3a
MD5:	4E8593AFCC46826D947FF7DF86AF6FD7
SHA1:	609B7FCEC7EB30CA8D73865A4C114C06275635BB
SHA-256:	86FBF2B2538F7A01F1F51DA0CA4194C19ADDEBDA7E561E59772A3E3CD0C65C9F
SHA-512:	9D8C37A9B0CE75F192125FBE13C59EEE963111B8E23B74EFBE8D95C133639825B2DC1869DC9C2BA239F0E95405197B13F14C17004E518AC943C63F8D778EB101
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides:..open-vm-tools.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# X-Start-Before:.# X-Stop-After:.# Default-Start:.2 3 4 5.# Default-Stop:..0 1 6.# Description:..Runs the open-vm-tools services.# Short-Description:.Runs the open-vm-tools services.### END INIT INFO... /lib/lsb/init-functions..exit_if_not_in_vm () {. if which systemd-detect-virt 1>/dev/null; then. checktool='systemd-detect-virt'. else. checktool='vmware-checkvm'. fi.. if ! ${checktool} \| grep -iq vmware; then. echo "open-vm-tools: not starting as this is not a VMware VM". exit 0. fi.}..case "${1}" in. start). # Check if we're running inside VMWare. exit_if_not_in_vm.. log_daemon_msg "Starting open-vm daemon" "vmtoolsd". start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1.

/etc/init.d/plymouth

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1405
Entropy (8bit):	5.3081834192747115
Encrypted:	false
SSDEEP:	24:UpQsqE3A2EYVwMwRwDTMBgH2APfcVwAPYIpPgfS+xGgEIT8YojAf5XERmgLGmgOi:USsl3AhYG7RgzWAsVwAgGYfdxz58Y9f5
MD5:	8BDCF11C0150CE4668A13430EBA02C97
SHA1:	679269AD7CCFD40D1E58A9CBF3F572D73F9090D6
SHA-256:	8F4315C47A0DCE90577DAF9477FFA6129E79B96AFBC51229E7B564F2132921A3
SHA-512:	CA9CE6073B26CD95FBCA88A55891D2070FEB30A1BDA2DE70F0EC92FEE47B468D2B46C80E156332EB9CF1FD36AB2372506108A97A4E721A5552328F2974BA63AC
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides:..plymouth.# Required-Start:.udev $remote_fs $all.# Required-Stop:.$remote_fs.# Should-Start:..$x-display-manager.# Should-Stop:..$x-display-manager.# Default-Start:.2 3 4 5.# Default-Stop:..0 6.# Short-Description:.Stop plymouth during boot and start it on shutdown.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth".DESC="Boot splash manager"..test -x /sbin/plymouthd \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..SPLASH="true".for ARGUMENT in $(cat /proc/cmdline).do..case "${ARGUMENT}" in...splash)....SPLASH="true"....;;....nosplash\|plymouth.enable=0)....SPLASH="false"....;;..esac.done..case "${1}" in..start)...case "${SPLASH}" in....true)...../bin/plymouth quit --retain-splash.....;;...esac...;;...stop)...case "${SPLASH}" in....true).....if ! plymouth --ping.....then....../sbin/plymouthd --mode=shutdown.....fi......R

/etc/init.d/plymouth-log

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	791
Entropy (8bit):	5.280472297283459
Encrypted:	false
SSDEEP:	12:UZW0QsnBEfVmWr2lr4HhJ8PWXsbgwfGgrCRuD02ggvRiqhtcy5RujGqGRujrVgz:UpQsBEf0FlwhuPBb9GgpHggvR4MLoVI
MD5:	59B5F87A634F24C9688B22D42A656C4B
SHA1:	3B0B2E32FBBDAE0F9F1241B8017DEE9F20615111
SHA-256:	87CC91D672AC6AB7E338707F751158A3193460BDB0995276135858F8ADF96623
SHA-512:	8E1A5C978864BBFC333E37941BA02378487983F6E13A8AEC4FCEA228FFA128CEFFC29FB323E6613A47F7E0A02022B49390378E9133873E14CF0412B0DF5D7565
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides:..plymouth-log.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# Should-Start:.# Should-Stop:.# Default-Start:.S.# Default-Stop:.# Short-Description:.Inform plymouth that /var/log is writable.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth-log".DESC="Boot splash manager (write log file)"..test -x /bin/plymouth \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..case "${1}" in..start)...if plymouth --ping...then..../bin/plymouth update-root-fs --read-write...fi...;;...stop\|restart\|force-reload)....;;...*)...echo "Usage: ${0} {start\|stop\|restart\|force-reload}" >&2...exit 1...;;.esac..exit 0.

/etc/init.d/pppd-dns

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	651
Entropy (8bit):	4.9401586952729915
Encrypted:	false
SSDEEP:	12:sZW0G7Ba5kHQ9YGEkigLGE6hhWkyUDRuj9SbURujrLf7XcMKj:spGdigvBOfUNUSsofX+j
MD5:	6B1457E72917C381CAF967251D3BFA79
SHA1:	58AC42AC978222303F3A4AC170EAA93538C750E1
SHA-256:	F2FD4D4693FC92272A4197A240A036160980FB811C376F8620DE4C72E1CE7BE4
SHA-512:	BA619B4D1FB9A5824485B6410AB9DAFCB2BE132392C1209041791269D76FE9FE5C938B331E49A11A2C04FB7EC97F4957A0F5DCDA428BEAA2EB57B97DD0D8CB89
Malicious:	true
Preview:	#!/bin/sh -e./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: pppd-dns.# Required-Start: $local_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Restore resolv.conf if the system crashed..# Description: Restore /etc/resolv.conf if the system crashed before the.# ppp link was shut down..### END INIT INFO... /lib/lsb/init-functions..case "$1" in. start) ;;. stop\|restart\|force-reload) exit 0 ;;. *) echo "Usage: $0 {start\|stop\|restart\|force-reload}" >&2; exit 1 ;;.esac..[ -x /etc/ppp/ip-down.d/0000usepeerdns ] \..&& exec /etc/ppp/ip-down.d/0000usepeerdns..

/etc/init.d/procps

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1231
Entropy (8bit):	5.167403040278733
Encrypted:	false
SSDEEP:	24:ajp1aapxWTeA25+Z+nMfciMTPezlxSoWah9ZcD+Hj5O:WKabWqA+ZnMEhQMahoD2j5O
MD5:	F55A88B0A3A1EA6429668E7CC6CBEB02
SHA1:	5A07F159DB3AB2E9135968EDF7364AF169F88FF4
SHA-256:	925BB77C2D82F0CC3DE5A63EA14D5C317AB9EAE91E8DA48EE97DFE90C085FE3B
SHA-512:	B7B4D10DE5E4046D61B2F177F7C777885C6202FCDAC3B6B4AD8887928759ABD36959DAE895E505BA70F67439A425D30BC79893B71BFC3D5088BFD582ED1C3049
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.# /etc/init.d/procps: Set kernel variables from /etc/sysctl.conf.#.# written by Elrond <Elrond@Wunder-Nett.org>..### BEGIN INIT INFO.# Provides: procps.# Required-Start: mountkernfs $local_fs.# Required-Stop:.# Should-Start: udev module-init-tools.# X-Start-Before: $network.# Default-Start: S.# Default-Stop:.# Short-Description: Configure kernel parameters at boottime.# Description: Loads kernel parameters that are specified in /etc/sysctl.conf.### END INIT INFO..PATH=/sbin:/bin..SYSCTL=/sbin/sysctl..test -x $SYSCTL \|\| exit 0... /lib/lsb/init-functions..# Comment this out for sysctl to print every item changed.QUIET_SYSCTL="-q"..# Check for existance of the default file and exit if not there,.# Closes #52839 for the boot-floppy people.if [ -f /etc/default/rcS ] ; then. . /etc/default/rcS.fi..set -e..case "$1" in..start\|restart\|force-reload\|reload)...log_action_begin_msg "Setting kernel variables "...STATUS=0...

/etc/init.d/qemu-kvm

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	817
Entropy (8bit):	5.010180376863751
Encrypted:	false
SSDEEP:	12:ajZW0GABwwej2J4JwJ5G8QiXJsnUJmug9ey2j5dURujrpqdLn:ajpGC5zJk8DXJpkuOJopql
MD5:	EE1787A9C62BA6697DF747E028778D02
SHA1:	2609C586A258EDF3C92B494E708ED22EA4C5DC83
SHA-256:	465A343C25C17B52E52EE1801A0C1257BC79EABF236DAC27F958B5911FF27938
SHA-512:	23A399F0861F894627CC75FCB5E083A20084F0EB21A2EDE012A7A46F3861F6BB083944130728FC0AA26970828C8354129F25F85E28C6E6E474304E97487C376F
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: qemu-system-x86.# Required-Start: mountkernfs.# Required-Stop: .# Should-Start: udev devfsd.# Should-Stop: .# Default-Start: S.# Default-Stop: .# Short-Description: QEMU KVM module loading script.# Description: This script loads the kernel modules needed by QEMU KVM.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin... /lib/lsb/init-functions..test -x /usr/share/qemu/init/qemu-kvm-init \|\| exit 5..start() {. log_daemon_msg "Configuring kvm" "qemu-kvm". /usr/share/qemu/init/qemu-kvm-init start. log_end_msg $?.}..case "$1" in. start\|restart\|force-reload). start. ;;. stop). ;;. *). echo "Usage: $0 {start\|stop\|restart\|force-reload}" >&2. exit 3. ;;.esac..:.

/etc/init.d/rc

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	6405
Entropy (8bit):	5.168106466794845
Encrypted:	false
SSDEEP:	192:rasE4mlMYMEvkuouPzKk2RMLueD10bKku37eWTYjg:y4iTzKkBNcKkZD0
MD5:	F2A1B1742F225BA7D7D144E54BA3A34C
SHA1:	2A5BD15966F4D7AE42C72225AFC5EA9B614FE4BA
SHA-256:	7672C4BE0E86FE2F77FE61EB2E59872B39082D5CA4BEB4ECF4A4E120A6FF84A5
SHA-512:	ACB3B6952C484404886FD1DA591EF9CF3A9F0B15AC7EA567AD1C70009089313B79369F4260A700E45DF6E323C835AC9E9F99649764C3E076630760DF48FB9210
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.#.# rc.#.# Starts/stops services on runlevel changes..#.# Optimization: A start script is not run when the service was already.# configured to run in the previous runlevel. A stop script is not run.# when the the service was already configured not to run in the previous.# runlevel..#.# Authors:.# .Miquel van Smoorenburg <miquels@cistron.nl>.# .Bruce Perens <Bruce@Pixar.com>..PATH=/sbin:/usr/sbin:/bin:/usr/bin.export PATH..# Un-comment the following for interactive debugging. Do not un-comment.# this for debugging a real boot process as no scripts will be executed..# debug=echo..# Make sure the name survive changing the argument list.scriptname="$0"..umask 022..on_exit() {..echo "error: '$scriptname' exited outside the expected code flow.".}.trap on_exit EXIT # Enable emergency handler..# Ignore CTRL-C only in this shell, so we can interrupt subprocesses..trap ":" INT QUIT TSTP..# Set onlcr to avoid staircase effect..stty onlcr 0>&1..#

/etc/init.d/rc.local

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	859
Entropy (8bit):	4.934215698844869
Encrypted:	false
SSDEEP:	24:ajpGAE/HcftENbbkATnAwywKyqrsd5xSqV:WQAEvcf8xTnAwyw8rsdbhV
MD5:	A082413B8FA9F587AAA6C1F0090308C4
SHA1:	FED071EF10817D015B4BE7F5CE1BE64412E93F02
SHA-256:	0E7415339F6852D5D768CAF388C183D2A7F1F6416FEFDA37F5C2BDE34808AA74
SHA-512:	C7BF3D720449ADE57B0E586A20874C7D846D6A0FAE4AE6C2A29D66F5931A1FAE97FE7BB0AE0675167C9F0BBC14181BDC0E6A8CFF8A7EE4C1DBE636A2B2DE6AAE
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: rc.local.# Required-Start: $all.# Required-Stop:.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run /etc/rc.local if it exist.### END INIT INFO...PATH=/sbin:/usr/sbin:/bin:/usr/bin... /lib/init/vars.sh.. /lib/lsb/init-functions..do_start() {..if [ -x /etc/rc.local ]; then.. [ "$VERBOSE" != no ] && log_begin_msg "Running local boot scripts (/etc/rc.local)".../etc/rc.local...ES=$?...[ "$VERBOSE" != no ] && log_end_msg $ES...return $ES..fi.}..case "$1" in. start)..do_start. ;;. restart\|reload\|force-reload). echo "Error: argument '$1' not supported" >&2. exit 3. ;;. stop\|status). # No-op. exit 0. ;;. *). echo "Usage: $0 start\|stop" >&2. exit 3. ;;.esac.

/etc/init.d/rcS

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	156
Entropy (8bit):	4.518110660064288
Encrypted:	false
SSDEEP:	3:TFKxKvGTdWyK3p0jG0IGtMFM+PY4StNEgmRa45K/KKeMGMv:JkK+TdWn060BEihPia45K/KKkMv
MD5:	60118307469D789517373BD58D7098AC
SHA1:	833B65A8A43E54B9E7FDC2A830762E5CF965C7C0
SHA-256:	E8CF66B68B06925F967A7FB3F8B89BD99CFF3F790E0543E4548572C302C5D21E
SHA-512:	7AFC24A41E37231CC1550EC2F306F8C7F2FD5FB0DA889F313A770E8796DC2168A2EBE1E53B1A5A3C833FABB8163425F7DF513D7EFC2A022F4DEF883E6EEDE84E
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.#.# rcS.#.# Call all S??* scripts in /etc/rcS.d/ in numerical/alphabetical order.#..exec /etc/init.d/rc S.

/etc/init.d/reboot

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	700
Entropy (8bit):	5.167023212499158
Encrypted:	false
SSDEEP:	12:ajZW0GrIBEHs2Qxitj7dVN5JsALyBJgKesBkGKE3fdP1bWL:ajpG2Asz8tjhVvJs7g6BVZdPIL
MD5:	43785708CEB80DF6CF5A65A04C541934
SHA1:	88F05550C9BCA76634105B224F0A155576D6423A
SHA-256:	7B6CCF2266CB2DED25C4D6857444CB5C47B21A353DD5D877C9483DEFF9ACC3E1
SHA-512:	21002055411F9AD34262C5D53FE4A1D4988E3BF1CB2228D72AD8CA2055B3148BFE6F2ED452D572C3741533906FD845247BF83BCBA498F555EE16946E1A606A79
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: reboot.# Required-Start:.# Required-Stop:.# Default-Start:.# Default-Stop: 6.# Short-Description: Execute the reboot command..# Description:.### END INIT INFO..PATH=/sbin:/usr/sbin:/bin:/usr/bin... /lib/lsb/init-functions..do_stop () {..# Message should end with a newline since kFreeBSD may..# print more stuff (see #323749)..log_action_msg "Will now restart"..reboot -d -f -i.}..case "$1" in. start)..# No-op..;;. restart\|reload\|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop)..do_stop..;;. status)..exit 0..;;. *)..echo "Usage: $0 start\|stop" >&2..exit 3..;;.esac.

/etc/init.d/resolvconf

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	4188
Entropy (8bit):	5.162934722725907
Encrypted:	false
SSDEEP:	48:UpPgo9idDtX9CT2DdDBI30Qo3AMA4pMrNbYih3CVp1iEG7r/LfcgIjjT:EPgsMJbDMo3AKp0NcUC7N8DN2
MD5:	5086C1B0263E9239E2F63B691E522B2C
SHA1:	B64ABF70C2B288B51B85CF737F8357C23D87EFCD
SHA-256:	033FA0492CDFEDE9CEE3C248D90023C15A5001EAA14780883596D4A137F227F4
SHA-512:	9E7B8ED5DF97CF02FBBE928B6529E706154448D6C590EEAE0A3C72839DBEC098E3CA838B1712DD27131CFCE8FE70BCABF47B00E4D422C45EF5CEE006B0AAB5AE
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.#.### BEGIN INIT INFO.# Provides: resolvconf.# Required-Start: $local_fs.# Required-Stop: $local_fs.# X-Start-Before: networking ifupdown.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Nameserver information manager.# Description: This service manages the list of nameserver addresses.# used by the libc resolver and name service caches.### END INIT INFO.#.# This file is part of the resolvconf package..#.# We really need "X-Stop-Before: networking ifupdown" too because.# terminal ifdowns shouldn't update resolv.conf;.# however there is unfortunately no such thing as "X-Stop-Before"..#.# This file is not used in Ubuntu..#..# Don't use set -e; check return status instead...[ -x /sbin/resolvconf ] \|\| exit 0..PATH=/sbin:/bin.RUN_DIR=/run/resolvconf.ENABLE_UPDATES_FLAGFILE="${RUN_DIR}/enable-updates".POSTPONED_UPDATE_FLAGFILE="${RUN_DIR}/postponed-update"... /lib/lsb/init-functio

/etc/init.d/rsync

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4394
Entropy (8bit):	5.218737436097571
Encrypted:	false
SSDEEP:	96:rdRM3o498RTFzaNBU0TKPuHow8gdgHoqNUPk5:rdRM3J98WBU0GmIwx+IqNUc5
MD5:	B8304D947D8F859F3A9A7A04357D4B65
SHA1:	581F32AEE6ABC7CCC85E9AB9B929406A88F3D1CD
SHA-256:	62B62E688950D5C15FFFEEEAE7F503BEADCD73DFDEE3ADBCBB784AAE9C095C0F
SHA-512:	668CFE4176F2E6649338F72318ECB9B48DD1A9B9C2B8374338A2D5527A197B5EC13761A96C6AAAB6C0382BC492A1AF1B94B99871DAE02E95A1409FDCE1CD5867
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides: rsyncd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: $named autofs.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: fast remote file copy program daemon.# Description: rsync is a program that allows files to be copied to and.# from remote machines in much the same way as rcp..# This provides rsyncd daemon functionality..### END INIT INFO..set -e..# /etc/init.d/rsync: start and stop the rsync daemon..DAEMON=/usr/bin/rsync.RSYNC_ENABLE=false.RSYNC_OPTS=''.RSYNC_DEFAULTS_FILE=/etc/default/rsync.RSYNC_CONFIG_FILE=/etc/rsyncd.conf.RSYNC_PID_FILE=/var/run/rsync.pid.RSYNC_NICE_PARM=''.RSYNC_IONICE_PARM=''..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -s $RSYNC_DEFAULTS_FILE ]; then. . $RSYNC_DEFAULTS_FILE. case "x$RSYNC_ENABLE" in..xtrue\|xfalse).;;..xinetd)..exit

/etc/init.d/rsyslog

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2835
Entropy (8bit):	5.275501511859103
Encrypted:	false
SSDEEP:	48:WQcqmpKHnuoB/SWSZABLG/tm3RpZWE/eXt5IG3/LqWpvU8lbzZdaZsYb:j5sKHuQ8ZABLG1m3rZWE2Xt5IG3/R5Jg
MD5:	2E23EE4CFACE8AC0B96F74682E3C38CF
SHA1:	02F4203379080DF98FBE60FB4807210BD87DF060
SHA-256:	4D0D959795CA9B2F90A8A437720DBC133481CD7952F44BD6ED903100E8C76A34
SHA-512:	0955498ADBDCEE8EE7DBF8714D5930309DD45F8F48DB4F2A6D01FD3F0E6352ECDC94BC23C1A09F84947643ED8FB27BBCB2B16984130D1A3B6E11EC4125761A12
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: rsyslog.# Required-Start: $remote_fs $time.# Required-Stop: umountnfs $time.# X-Stop-After: sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: enhanced syslogd.# Description: Rsyslog is an enhanced multi-threaded syslogd..# It is quite compatible to stock sysklogd and can be .# used as a drop-in replacement..### END INIT INFO..#.# Author: Michael Biebl <biebl@debian.org>.#..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="enhanced syslogd".NAME=rsyslog..RSYSLOGD=rsyslogd.DAEMON=/usr/sbin/rsyslogd.PIDFILE=/var/run/rsyslogd.pid..SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read configuration variable file if it is present.[ -r /etc/default/$NAME ] && . /etc/default/$NAME..# Define LSB log_*

/etc/init.d/saned

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2561
Entropy (8bit):	5.022406104104129
Encrypted:	false
SSDEEP:	48:Wp7Y0uJi5t7RbEDa4q4JwG/odm93XD/XnL/iOsd:W7YdKbn3G/UmFXzXLY
MD5:	176534406DBEE0E904912A86BD700532
SHA1:	455EAC8401D09190DA478BA72201AE627605EDDE
SHA-256:	F90039DA674F505DDD7427CFBD76BB83C339A80250DE43090B687AF3CEEB36F7
SHA-512:	3625195F275DC9808FB21A9C7F33E9815FF034672B40DDDD26F039E081839D86ED8E580B6D45A3C308DF984144E0D3D1C51E99FF19121714CAFE7BB6BF73E5FB
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.#.### BEGIN INIT INFO.# Provides: saned.# Required-Start: $syslog $local_fs $remote_fs.# Required-Stop: $syslog $local_fs $remote_fs.# Should-Start: dbus avahi-daemon.# Should-Stop: dbus avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: SANE network scanner server.# Description: saned makes local scanners available over the.# network..### END INIT INFO... /lib/lsb/init-functions..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/saned.NAME=saned.DESC="SANE network scanner server"..test -x $DAEMON \|\| exit 0..RUN=no.RUN_AS_USER=saned..# Get lsb functions.. /lib/lsb/init-functions..# Include saned defaults if available.if [ -f /etc/default/saned ] ; then. . /etc/default/saned.fi..if [ "x$RUN" != "xyes" ] ; then. log_success_msg "$NAME disabled; edit /etc/default/saned". exit 0.fi..DAEMON_OPTS="-a $RUN_AS_USER"..

/etc/init.d/screen-cleanup

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1265
Entropy (8bit):	5.003296537336768
Encrypted:	false
SSDEEP:	24:UpO6Nr+XEgBYxABSO21pgrqeYCRjeyvcsTN/RuT7d/Luld/7K9jx:UlQSO23WqeYSjeybRRuHdTuld/7K9jx
MD5:	F76284E51F417C76724E0FECCC631A21
SHA1:	9AADD76ED14B14C0332093C19182E31F1678CA2E
SHA-256:	690D5177791DCCCE4F256AAADEE7D932760549D3B9E7E0746EACF31A31C2072F
SHA-512:	4AE37B74830C5E0FCF58D15FB74DFDB91C3638747944094A2302DBD9011BD63F9B37D7D28BB928FCB3DD74F04E2A72BD63DEC2B37266126ED6A0F27588AEF9C3
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $.#.# Script to remove stale screen named pipes on bootup..#..### BEGIN INIT INFO.# Provides: screen-cleanup.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: screen sessions cleaning.# Description: Cleans up the screen session directory and fixes its.# permissions if needed..### END INIT INFO..set -e..test -f /usr/bin/screen \|\| exit 0..SCREENDIR=/var/run/screen..case "$1" in.start). if test -L $SCREENDIR \|\| ! test -d $SCREENDIR; then. rm -f $SCREENDIR. mkdir $SCREENDIR. chown root:utmp $SCREENDIR. [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR. fi. find $SCREENDIR -type p -delete.# If the local admin has used dpkg-statoverride to install the screen.# binary with different set[ug]id bits, change the permissions of.# $SCREENDIR accordingly. BINARYPERM=`stat -c%a /

/etc/init.d/sendsigs

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3966
Entropy (8bit):	5.144611601815684
Encrypted:	false
SSDEEP:	96:jwaoY4nfw9LUF/UWfkiS7IdzHmV5V00a317uZBP:jwaoNQWDS7Idzc3NK17wJ
MD5:	03730F1AD266020C55AFF519599C0F25
SHA1:	D9D5CC7BB9E4D87179BA497EBD79BDF2AAEEE11B
SHA-256:	5C76C80BF8C543B26966A686D3199C7B2B66782808FD898CF002D0C020593997
SHA-512:	7CFDF9B1576F675244F35181D493601D0F85085F727773D892D8CC3398C72FA0E32402910421ED073FCCD8FA68BA379EEEC2B031E1CBB37D54B97C5A9B4BFF41
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: sendsigs.# Required-Start: .# Required-Stop: umountnfs.# Default-Start:.# Default-Stop: 0 6.# Short-Description: Kill all remaining processes..# Description: .### END INIT INFO..PATH=/sbin:/usr/sbin:/bin:/usr/bin... /lib/lsb/init-functions..# Make it possible to see who the misbehaving processes are.report_unkillable() {..[ -x /usr/share/apport/unkillable_shutdown ] \|\| return..if [ ! -e /etc/default/apport ] \|\| ! grep -q '^enabled[[:space:]]=[[:space:]]1' /etc/default/apport; then...return..fi../usr/share/apport/unkillable_shutdown $OMITPIDS.}..upstart_killed_jobs () {..initctl list \| grep 'stop/killed'.}..upstart_jobs () {..initctl list \| grep -E '(start/\|stop/killed)' \| sed -n -e "/process [0-9]/s/.*process //p".}..do_stop () {..OMITPIDS=...for omitfile in /run/sendsigs.omit; do...if [ -e $omitfile ]; then....for pid in $(cat $omitfile); do.....OMITPIDS="${OMITPIDS:+$OMITPIDS }-o

/etc/init.d/single

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	636
Entropy (8bit):	5.148986557386882
Encrypted:	false
SSDEEP:	12:ajZW0G2yjBamhHZw90DiNiIs4yMdKHyCgvJYkGKE3fdARMsBLbWL:ajpG2+1lV+QIsGdKSHhYVZd0tBuL
MD5:	E01FF4B44B55C9D0D9FB078D9E286F47
SHA1:	30987FA6E868BB1189815B9B31620899AD7D003A
SHA-256:	B061D14E4BDA4AA5A93595061A342286D08E4BB00AFE14BE3CFBCE459BCE42FE
SHA-512:	EBC8E74CEE15AE02E957207AFF0673FEDC136ADCE56BDE78D90E34F7A0DF1DDFFFB234DD30718870A690D20494F56E3A2B0799CE3A6E320244AE200C1985B5B1
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: single.# Required-Start: $local_fs $all killprocs.# Required-Stop:.# Default-Start: 1.# Default-Stop:.# Short-Description: executed by init(8) upon entering runlevel 1 (single)..### END INIT INFO..PATH=/sbin:/bin... /lib/lsb/init-functions..do_start () {..log_action_msg "Will now switch to single-user mode"..exec init -t1 S.}..case "$1" in. start)..do_start..;;. restart\|reload\|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop\|status)..# No-op..;;. *)..echo "Usage: $0 start\|stop" >&2..exit 3..;;.esac.

/etc/init.d/skeleton

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1126
Entropy (8bit):	4.804284780671611
Encrypted:	false
SSDEEP:	12:UZW0pdRDNeBuYremCU3+B1Lsczixlc3gT4JM1QsaXJJCU2AioX/C8C62OC9eR7A9:Upfw/MCczZ3uTbOlJCd62p9+ABHn
MD5:	2FF9D7A59EBA8D566EDABFF6C0C0FC56
SHA1:	973FFBAD1F6AE7A7710E281A3B11B9E5B457E83F
SHA-256:	62CFA98B2AA25EB9108851B4991ACEC54BEBFB58798ED0A1A8E2EEDA57E59657
SHA-512:	AB0D0EFD59074999FBE6284DDBCAAEC050191D68A5A188BBD739765CEFA0E1EE33A528BB02077C02930386973C0AC6AA00635264D8C641DAFF986F78860A8C68
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: skeleton.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Example initscript.# Description: This file should be used to construct scripts to be.# placed in /etc/init.d. This example start a.# single forking daemon capable of writing a pid.# file. To get other behavoirs, implemend.# do_start(), do_stop() or other functions to.# override the defaults in /lib/init/init-d-script..### END INIT INFO..# Author: Foo Bar <foobar@baz.org>.#.# Please remove the "Author" lines above and replace them.# wi

/etc/init.d/speech-dispatcher

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2156
Entropy (8bit):	5.1499946240950205
Encrypted:	false
SSDEEP:	48:WSAUwDVw48/ayKzyFMHDUqmSYr4BbZrPlrOsKhoOUPqAH5DmAR8jC:rALDVw48/3KziMfmDEBbZrPlr1KhjYqy
MD5:	3FCC44E174947998AE5F14563B29D3A1
SHA1:	5F618A3AEA247F8CDCFC36FAA25D71EC8FE006F9
SHA-256:	8D6AE8D31950EA3D7FFB8D3266F95C16984BAD71E09D78F8E279939ADED4DF85
SHA-512:	DCEB58FFF3F7DE5ECB91E012AC577E9F28A627D5A96DBAB02317956085E4B9C2BC00644A0F65E4DC40918E9E4D97106F0488F6A56BD0F2DC2BBB188690F259F8
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides: speech-dispatcher.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: festival.# Should-Stop: festival.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Speech Dispatcher.# Description: Common interface to speech synthesizers.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/speech-dispatcher.PIDFILE=/var/run/speech-dispatcher/speech-dispatcher.pid.NAME=speech-dispatcher.DESC='Speech Dispatcher'.USER=speech-dispatcher..test -f $DAEMON \|\| exit 0... /lib/lsb/init-functions..RUN=no..# Include speech-dispatcher defaults if available.if [ -f /etc/default/speech-dispatcher ] ; then. . /etc/default/speech-dispatcher.fi..if [ "x$RUN" != "xyes" ] ; then. log_action_msg "$NAME disabled; edit /etc/default/speech-dispatcher". exit 0.fi..set -e..do_start () {. PIDDIR=`dirname $PIDFILE`. [ -e

/etc/init.d/ssh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4116
Entropy (8bit):	5.0599122216765595
Encrypted:	false
SSDEEP:	96:rkXSV2Of0JrNqR2ok52Hok6ok+XHqzokJKQGUokjO8IB+:r1oOf0JZq3k52Ikpk4KcksQ6kjBIB+
MD5:	1A07067D4F7F4E87B9102FEE99357296
SHA1:	78CFEC3B4A8E1AD432243C61A048A9B81BDAF2DE
SHA-256:	D04CF1B3A060B3CB40065DED258C8F6C202F90D430325D8E4B426B4C7C5755BB
SHA-512:	255D42DC37207F5A9CA0B0964A9619B2E5084E89E09ED17E92B1B63D6DE8DF4527689C858C84552E4995E3ACE302E0E6B0F5D8D7F452CFC50352A3CF729438E6
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides:..sshd.# Required-Start:.$remote_fs $syslog.# Required-Stop:.$remote_fs $syslog.# Default-Start:.2 3 4 5.# Default-Stop:...# Short-Description:.OpenBSD Secure Shell server.### END INIT INFO..set -e..# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon..test -x /usr/sbin/sshd \|\| exit 0.( /usr/sbin/sshd -\? 2>&1 \| grep -q OpenSSH ) 2>/dev/null \|\| exit 0..umask 022..if test -f /etc/default/ssh; then. . /etc/default/ssh.fi... /lib/lsb/init-functions..if [ -n "$2" ]; then. SSHD_OPTS="$SSHD_OPTS $2".fi..# Are we running from init?.run_by_init() {. ([ "$previous" ] && [ "$runlevel" ]) \|\| [ "$runlevel" = S ].}..check_for_upstart() {. if init_is_upstart; then..exit $1. fi.}..check_for_no_start() {. # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists. if [ -e /etc/ssh/sshd_not_to_be_run ]; then ..if [ "$1" = log_end_msg ]; then.. log_end_msg 0 \|\| t

/etc/init.d/udev

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	6126
Entropy (8bit):	5.0732030834817685
Encrypted:	false
SSDEEP:	96:R5Q+Gh+BYNN4DTHeIKUyxwfYq5B0POGGgR9gda+guvR04d74VdymT:ROI8SPQUVDL2Qda+gKRjd8VdymT
MD5:	E08B52335F029B1BE6F098D57CE66B89
SHA1:	78A5ADAB6B13329429EF4F62CDCE89E370161BA3
SHA-256:	CBBAFC0043D0777D27CDBAF5D4999335D269514BE1FEE703D66F635316CD4205
SHA-512:	701CA820AD3BFCCF1509C01B9E10C190CA144CDD74C5A1C4F7C65D1B7502446646CC64E098E65A97390BDCC1F6F179EAF5FB5FA4DC1555A7F9B0C6DB60B5B116
Malicious:	true
Preview:	#!/bin/sh -e./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: udev.# Required-Start: mountkernfs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Start systemd-udevd, populate /dev and load drivers..### END INIT INFO..# we need to unmount /dev/pts/ and remount it later over the devtmpfs.unmount_devpts() {. if mountpoint -q /dev/pts/; then. umount -n -l /dev/pts/. fi.. if mountpoint -q /dev/shm/; then. umount -n -l /dev/shm/. fi.}..# mount a devtmpfs over /dev, if somebody did not already do it.mount_devtmpfs() {. if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then. mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev. return. fi.. if ! mount -n -o nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then. log_failure_msg "udev requires devtmpfs support, not started". log_end_msg 1. fi.. return 0.}..create_dev_makedev() {. if [ -e /sbin/MAKEDEV ]; then

/etc/init.d/umountfs

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2776
Entropy (8bit):	5.340216814333301
Encrypted:	false
SSDEEP:	48:WQm5H+ng1KaeEkiF21tn1Vkh1rqr1RiBVF:j0+ndbi81tn1V01r+1YBP
MD5:	15A3D26E97A547A24B70B41945985DBE
SHA1:	8F23BD0DB6973B5171448D6C24516B029C8C9E77
SHA-256:	5230F4B1223DAD0C54F6FCE711D6947703ABF32021F66773C6AF412C320D6099
SHA-512:	E7A0D6ECBA082448FFA31731615DFBD7E8DB3165A50C1C5EE2331DBA38F9D188E91BC5077552642B504F8F83BBC7EDC735F4419D7090457CD1E19A47EFD90C8D
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: umountfs.# Required-Start:.# Required-Stop: umountroot.# Default-Start:.# Default-Stop: 0 6.# Short-Description: Turn off swap and unmount all local file systems..# Description:.### END INIT INFO..PATH=/sbin:/usr/sbin:/bin:/usr/bin.. /lib/init/vars.sh... /lib/lsb/init-functions..umask 022..do_stop () {..PROTECTED_MOUNTS="$(sed -n ':a;/^[^ ]* \/ /!{H;n;ba};{H;s/.//;x;s/\n//;p}' /proc/mounts)"..WEAK_MTPTS="" # be gentle, don't use force..REG_MTPTS=""..TMPFS_MTPTS=""..while read -r DEV MTPT FSTYPE REST..do...echo "$PROTECTED_MOUNTS" \| grep -qs "^$DEV $MTPT " && continue...case "$MTPT" in... /\|/proc\|/dev\|/.dev\|/dev/pts\|/dev/shm\|/dev/.static/dev\|/proc/\|/sys\|/sys/\|/run\|/run/\|/dev/vcs)....continue....;;...esac...case "$FSTYPE" in... proc\|procfs\|linprocfs\|sysfs\|usbfs\|usbdevfs\|devpts)....continue....;;... tmpfs)....TMPFS_MTPTS="$MTPT $TMPFS_MTPTS"....;;... *)....if echo "$PROTECTED_MOUNTS

/etc/init.d/umountnfs.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2241
Entropy (8bit):	5.334860350758973
Encrypted:	false
SSDEEP:	48:WQpM115ysnalG/BjgeDuRF5VGGvw2bZNBuDiBVJ:je0snalG5jgNfEQbZNY2BH
MD5:	E772199B6AA76CB860998762772118B0
SHA1:	65225DBCC8FD260101AAD23FE5162BBDF85575BB
SHA-256:	1C10E014B079E0176A6031DBB60C064BBD7709ECAB8868C76773921151142E8D
SHA-512:	005771F26FCDAF078B24AB22AA0A6024D93A5A4182A3AFFDDEDDCBFF441C3C9CF9D9B14F7D36427EBF801B523F98949D22B556B5B1B624693E08497AD3ACD291
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: umountnfs.# Required-Start:.# Required-Stop: umountfs.# Should-Stop: $network $portmap nfs-common.# Default-Start:.# Default-Stop: 0 6.# Short-Description: Unmount all network filesystems except the root fs..# Description: Also unmounts all virtual filesystems (proc,.# devpts, usbfs, sysfs) that are not mounted at the.# top level..### END INIT INFO..PATH=/sbin:/usr/sbin:/bin:/usr/bin.KERNEL="$(uname -s)".RELEASE="$(uname -r)".. /lib/init/vars.sh... /lib/lsb/init-functions..case "${KERNEL}:${RELEASE}" in. Linux:[01].\|Linux:2.[01].)..FLAGS=""..;;. Linux:2.[23].\|Linux:2.4.?\|Linux:2.4.?-\|Linux:2.4.10\|Linux:2.4.10-)..FLAGS="-f"..;;. )..FLAGS="-f -l"..;;.esac..do_stop () {..# Write a reboot record to /var/log/wtmp before unmounting..halt -w...# Remove bootclean flag files (precaution against symlink attacks)..rm -f /tmp/.clean /run/.cl

/etc/init.d/umountroot

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1918
Entropy (8bit):	5.219141756792212
Encrypted:	false
SSDEEP:	24:ajpGn7M52gSkfC5NqEtcp/WpznmG0FRwBFO5FRwFtPtN7WD+c+FLMjQNQ+iBVZdN:WQI5/SV7Ncxe0p5qtN7I+NLQQNQ+iBVF
MD5:	DF4A62A27B7FD9965B56836C47C04B19
SHA1:	24157FA9047398E75C22797251D487DAAD1D1606
SHA-256:	70294D6190C6185FDFA4278D4FE62BCDCF51A600A45FFFE5E510296CCE54DA31
SHA-512:	CD4A64DBD0314C1F43A005FF7D04DB7121F3890B94C5AF5BABD8EE75AC1B8DE88A6FEF73283BE95AA89977790F019EDFE8A198C1F17159D07D86CED48C52F3ED
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: umountroot.# Required-Start:.# Required-Stop:.# Should-Stop: halt reboot kexec.# Default-Start:.# Default-Stop: 0 6.# Short-Description: Mount the root filesystem read-only..### END INIT INFO..PATH=/sbin:/bin.. /lib/init/vars.sh... /lib/lsb/init-functions..do_stop () {..[ "$VERBOSE" = no ] \|\| log_action_begin_msg "Mounting root filesystem read-only"..# Ask init to re-exec itself before we go down if it has been..# upgraded this cycle. It'll lose all its state, but at least..# it won't hold open files on the root filesystem (lp:#672177)...if [ -f /var/run/init.upgraded ]..then...old_map=$( cat /proc/1/maps )...map=$old_map...telinit u \|\| :...i=0...timeout=5...while [ "$map" = "$old_map" ]...do....sleep 1....map=$( cat /proc/1/maps )..../usr/bin/logger "waiting for init to respawn"....i=$((i+1))....if [ $i -eq $timeout ] ; then.....break....fi...done....if [ "$map" = "$old_map" ] ; then

/etc/init.d/unattended-upgrades

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1430
Entropy (8bit):	5.31866948988862
Encrypted:	false
SSDEEP:	24:ajpgXni+12wpFKFOGofwHlf/HNVKowwflHFhF/7Px1g7:Wuni23FKFpbF3GnoHFDbxU
MD5:	9E66B1FC8E360542079A02590192E1CA
SHA1:	CEB8C3A0410A451007A49FEC0DA7B13F6A927D65
SHA-256:	60B745E392E248FFFF386B4DC7930D96D6D628D3646ECEB3069EB53CDA20FEBF
SHA-512:	E6B14FC8F4A062AD321908BC389D858F5BBD4255B19F28FABEB0ED046F1811D6A3A4A0DBEE89C115339B0B2FA08302F7260F0D6250C81F84C5C113AB24D7C377
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.#.### BEGIN INIT INFO.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Provides: unattended-upgrade-shutdown-check.# Default-Start: 2 3 4 5.# Default-Stop: 0 6.# Short-Description: Check if unattended upgrades are being applied.# Description: Check if unattended upgrades are being applied.# and wait for them to finish.### END INIT INFO.set -e..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin..NAME="unattended-upgrades-shutdown".DESC="unattended package upgrades shutdown".SCRIPTNAME="/etc/init.d/$NAME".SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"..if [ -x /usr/bin/python3 ]; then. PYTHON=python3.else. PYTHON=python.fi..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.2-14) to ensure that this file is present.. /lib/lsb/init-fu

/etc/init.d/urandom

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3150
Entropy (8bit):	5.097870337911406
Encrypted:	false
SSDEEP:	48:WQfHEpKjg+FnYjSHwNO9OT/oR4wwi96AgX/ocMxHQuTE1UH8fQw8wLA:jcMjJCSJcT/oRB196n/bMxHurQw8n
MD5:	90986CC28757D3C7658E859F2D5B88A4
SHA1:	EFFF12D6C4C578CD2B6BE24E3964C15C48084D4E
SHA-256:	05BD2B8DFB3810A54C34E6EA2B7A83E6A361F87CECBF330A447325E36D0D89C1
SHA-512:	EB57DB1C8009D74417018914C5BB5BBA24E92F5A00A30B67C60F976AA6617DE16427AC50A20DA08CF6E3E21EAC8933470C778A6AF65C25316E9013E3B69257E0
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: urandom.# Required-Start: $local_fs $time.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Save and restore random seed between restarts..# Description: This script saves the random seed between restarts..# It is called from the boot, halt and reboot scripts..### END INIT INFO..## Assumption 1: We assume $SAVEDFILE is a file (or a symlink.## to a file) that resides on a non-volatile medium that persists.## across reboots..## Case 1a: Ideally, it is readable and writeable. Its is unshared,.## i.e. its contents are unique to this machine. It is protected so.## that its contents are not known to attackers..## Case 1b: Less than ideally, it is read-only. Its contents are.## unique to this machine and not known to attackers..SAVEDFILE=/var/lib/urandom/random-seed..[ -c /dev/urandom ] \|\| exit 0..PATH=/sbin:/bin.if ! POOL

/etc/init.d/x11-common

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2796
Entropy (8bit):	4.868694202450775
Encrypted:	false
SSDEEP:	48:UAET9C1gFkVFZSVwxIRyf71vrBy9DuIpPX5uCXAepm1L//WAhW476XGMgHv:magFkVeVLSBT09DuYX5HX3ardqXy
MD5:	72E55C48D087AEEDCC6EBF15F9588452
SHA1:	27F0E569CB6DF6E7CB6558028243792F9252949D
SHA-256:	80EDD0D7ACFA85068AEC37753AF29F93AF3CCE73B3A44FB87ECD9092E55682DB
SHA-512:	14CE530EB2FA9F353964435E00421198ADB0136FF540788081E70BFC6C5CF7BA68D3C808DD5E2098CD775F5E4CC6B540BE9D5507776CC16047B7455929421D75
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# /etc/init.d/x11-common: set up the X server and ICE socket directories.### BEGIN INIT INFO.# Provides: x11-common.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: set up the X server and ICE socket directories.### END INIT INFO..set -e..PATH=/usr/bin:/usr/sbin:/bin:/sbin.SOCKET_DIR=.X11-unix.ICE_DIR=.ICE-unix... /lib/lsb/init-functions.if [ -f /etc/default/rcS ]; then. . /etc/default/rcS.fi..do_restorecon () {. # Restore file security context (SELinux).. if which restorecon >/dev/null 2>&1; then. restorecon "$1". fi.}..# create a directory in /tmp..# assumes /tmp has a sticky bit set (or is only writeable by root).set_up_dir () {. DIR="/tmp/$1".. if [ "$VERBOSE" != no ]; then. log_progress_msg "$DIR". fi. # if $DIR exists and isn't a directory, move it aside. if [ -e $DIR ] && ! [ -d $DIR ] \|\| [ -h $DIR ]; then. mv "$DIR" "$(mktemp -d

/etc/selinux/configs.conf

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	data
Category:	dropped
Size (bytes):	379
Entropy (8bit):	6.701306705914665
Encrypted:	false
SSDEEP:	6:UU1yyi73wauXWNn3l9A9N29Wu8vx8G9LXcHkC+H+zhOygjp7ZhWGZZfgn:UU4yiR3WNluAcH4+zRKp7RI
MD5:	F37B2B93BEA1A1E576D4DEEDC24CC164
SHA1:	5E67766DDA67F2678DC9F1453FC716E27EEE95F0
SHA-256:	9AD984272237E21148CA463040B42C3DEBEE116126800AB14C4EFE8AEB3C6130
SHA-512:	82D1BEF6451B197BC9CCC1812E91A3E1C100AC90DDC2BB5453C101A6CD9EADFF4B5F07EA6829893B3A2555EE94A92CB304320A4BBFAC356C1B3F9ED147AA1067
Malicious:	true
Preview:	>07?7.dg$5?W@.W..X.dahfw$..UE.D..D.y{pb=3x%<`xtLOM@D}hz%HFP..H.UAF.^e...EU@JY.<fl\|n?dn\|0de-iy.n53~{u~!t"'HE..HMBJHGJ....O_T..UO...F.A.\|w/9(~v,G....D.......M@.Y.YYP__SUD\ZP..7j6 70=7...]Pj?:gnscsg)#)+(r8.qt0a\|tv~0;?0cz\|v/-r!`++"--BOB..#rry~FOCFLuv~p#{1di1*hdih....$bnoe5420_QXWnbm{(?,zry\|~.....[.`&/?ob:Q...A....T.....S.A.btgn.qp) x}.W.@WMt\|teaq15<6cgc[JDRlyhhx:.._IBY...AT_J!w...

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
Entropy (8bit):	7.891974736083943
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	systemd-udevd (deleted)
File size:	226'727 bytes
MD5:	079a2a9ca1da0f3e023de3ae04e5d3e4
SHA1:	1d8a7ee1266731a84e7031d1bee446c8815acce6
SHA256:	22615e5bf518c4236c94af82b5689cd519eccd99eaf55e90aba45b5836b4fc36
SHA512:	8f8e414b4b385c9dcf63361dae03fc51b2dc2e4dfcc4627627e7cb666671156d2eac20b2d653b65b9fb7e6c95c7fec792681bf35e6a930cae7fd64c02c97787e
SSDEEP:	6144:1hUiTpvhq1Hmnqve/yLIHIS88T5u46qhrfzrmCuLO:1u2nq1HmWe6LSIStIq1fvJyO
TLSH:	6324239555970412D4CCE3B37AF698F225DBD45338CA8F160BB3B9DA83D398068388DB
File Content Preview:	.ELF....................Hz..4...........4. ...(.....................Qr..Qr.................../.../..................Q.td...............................LUPX!....................j........?d..ELF.......e.......4..>... ...(.....=..d-.#../.....;.....0......R.d

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - Linux
ABI Version:	0
Entry Point Address:	0xc27a48
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0xc01000	0xc01000	0x27251	0x27251	7.8939	0x5	R E	0x1000
LOAD	0xfb8	0x80a2fb8	0x80a2fb8	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x10

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 9, 2024 18:35:56.450423956 CEST	47134	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:35:56.450475931 CEST	443	47134	45.148.120.142	192.168.2.20
Aug 9, 2024 18:35:56.450634956 CEST	47134	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:35:56.450695038 CEST	47134	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:35:56.450704098 CEST	443	47134	45.148.120.142	192.168.2.20
Aug 9, 2024 18:35:56.450721025 CEST	47134	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:35:56.450937986 CEST	443	47134	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.492561102 CEST	47136	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.492614031 CEST	443	47136	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.492671013 CEST	47136	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.492748976 CEST	47136	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.492757082 CEST	443	47136	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.492830992 CEST	443	47136	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.513906002 CEST	47138	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.513950109 CEST	443	47138	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.513993025 CEST	47138	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.514050007 CEST	47138	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.514056921 CEST	443	47138	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.514090061 CEST	47138	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.514157057 CEST	443	47138	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.538341999 CEST	47140	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.538361073 CEST	443	47140	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.538427114 CEST	47140	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.538572073 CEST	47140	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.538585901 CEST	443	47140	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.538650036 CEST	443	47140	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:26.538661003 CEST	47140	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.538671017 CEST	443	47140	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.563944101 CEST	47142	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.563986063 CEST	443	47142	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.564088106 CEST	47142	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.564088106 CEST	47142	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.564115047 CEST	443	47142	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.564237118 CEST	443	47142	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.586097956 CEST	47144	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.586147070 CEST	443	47144	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.586188078 CEST	47144	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.586225986 CEST	47144	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.586231947 CEST	443	47144	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.586253881 CEST	47144	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.586328030 CEST	443	47144	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.616573095 CEST	47146	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.616621017 CEST	443	47146	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.616831064 CEST	47146	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.616831064 CEST	47146	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.616868019 CEST	443	47146	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.617046118 CEST	443	47146	45.148.120.142	192.168.2.20
Aug 9, 2024 18:36:56.617136955 CEST	47146	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.617146015 CEST	443	47146	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.639816999 CEST	47148	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.639857054 CEST	443	47148	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.639934063 CEST	47148	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.640125036 CEST	47148	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.640137911 CEST	443	47148	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.640239000 CEST	443	47148	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.654463053 CEST	47150	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.654503107 CEST	443	47150	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.654571056 CEST	47150	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.654700994 CEST	47150	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.654714108 CEST	443	47150	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.654778004 CEST	443	47150	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.654799938 CEST	47150	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.654809952 CEST	443	47150	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.684024096 CEST	47152	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.684051991 CEST	443	47152	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.684093952 CEST	47152	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.684139967 CEST	47152	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.684150934 CEST	443	47152	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:26.684164047 CEST	47152	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.684204102 CEST	443	47152	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:56.702919006 CEST	47154	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.702975035 CEST	443	47154	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:56.703042030 CEST	47154	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.703111887 CEST	47154	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.703123093 CEST	443	47154	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:56.704610109 CEST	443	47154	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:56.711519957 CEST	47156	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.711544037 CEST	443	47156	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:56.711585999 CEST	47156	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.711646080 CEST	47156	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.711667061 CEST	443	47156	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:56.711680889 CEST	47156	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.711822033 CEST	443	47156	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:56.968391895 CEST	47158	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.968436956 CEST	443	47158	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:56.968493938 CEST	47158	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.968549967 CEST	47158	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.968554974 CEST	443	47158	45.148.120.142	192.168.2.20
Aug 9, 2024 18:37:56.968564987 CEST	47158	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.968735933 CEST	443	47158	45.148.120.142	192.168.2.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 9, 2024 18:35:56.422586918 CEST	34039	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:35:56.450238943 CEST	53	34039	8.8.8.8	192.168.2.20
Aug 9, 2024 18:35:56.450833082 CEST	54435	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:35:56.462614059 CEST	53	54435	8.8.8.8	192.168.2.20
Aug 9, 2024 18:35:56.462908983 CEST	36250	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:06.463298082 CEST	48977	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:16.464065075 CEST	59771	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:26.464432955 CEST	45597	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:36:26.492311954 CEST	53	45597	8.8.8.8	192.168.2.20
Aug 9, 2024 18:36:26.494373083 CEST	51549	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:36:26.513773918 CEST	53	51549	8.8.8.8	192.168.2.20
Aug 9, 2024 18:36:26.528007030 CEST	43805	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:36:26.538219929 CEST	53	43805	8.8.8.8	192.168.2.20
Aug 9, 2024 18:36:26.538964033 CEST	57061	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:36:26.549550056 CEST	53	57061	8.8.8.8	192.168.2.20
Aug 9, 2024 18:36:26.549777985 CEST	47807	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:36.550483942 CEST	56961	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:46.550853968 CEST	60970	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:36:56.551369905 CEST	33781	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:36:56.563771009 CEST	53	33781	8.8.8.8	192.168.2.20
Aug 9, 2024 18:36:56.564846992 CEST	38134	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:36:56.585989952 CEST	53	38134	8.8.8.8	192.168.2.20
Aug 9, 2024 18:36:56.603920937 CEST	53266	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:36:56.616296053 CEST	53	53266	8.8.8.8	192.168.2.20
Aug 9, 2024 18:36:56.617160082 CEST	44228	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:36:56.627007008 CEST	53	44228	8.8.8.8	192.168.2.20
Aug 9, 2024 18:36:56.627511024 CEST	38057	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:06.628360033 CEST	39314	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:16.628979921 CEST	47561	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:26.629867077 CEST	39821	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:37:26.639467001 CEST	53	39821	8.8.8.8	192.168.2.20
Aug 9, 2024 18:37:26.642879009 CEST	49152	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:37:26.654174089 CEST	53	49152	8.8.8.8	192.168.2.20
Aug 9, 2024 18:37:26.675465107 CEST	42950	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:37:26.683876038 CEST	53	42950	8.8.8.8	192.168.2.20
Aug 9, 2024 18:37:26.684259892 CEST	54930	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:37:26.692043066 CEST	53	54930	8.8.8.8	192.168.2.20
Aug 9, 2024 18:37:26.692575932 CEST	44188	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:36.693094969 CEST	36150	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:46.693836927 CEST	56274	443	192.168.2.20	45.148.120.142
Aug 9, 2024 18:37:56.694178104 CEST	53036	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:37:56.702590942 CEST	53	53036	8.8.8.8	192.168.2.20
Aug 9, 2024 18:37:56.704255104 CEST	34848	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:37:56.711308956 CEST	53	34848	8.8.8.8	192.168.2.20
Aug 9, 2024 18:37:56.727011919 CEST	60991	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:37:56.968064070 CEST	53	60991	8.8.8.8	192.168.2.20
Aug 9, 2024 18:37:56.968669891 CEST	59506	53	192.168.2.20	8.8.8.8
Aug 9, 2024 18:37:56.975460052 CEST	53	59506	8.8.8.8	192.168.2.20
Aug 9, 2024 18:37:56.975675106 CEST	48499	443	192.168.2.20	45.148.120.142

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 9, 2024 18:35:56.422586918 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:35:56.450833082 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:26.464432955 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:26.494373083 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:26.528007030 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:26.538964033 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:56.551369905 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:56.564846992 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:56.603920937 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:56.617160082 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:26.629867077 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:26.642879009 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:26.675465107 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:26.684259892 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:56.694178104 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:56.704255104 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:56.727011919 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:56.968669891 CEST	192.168.2.20	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Aug 9, 2024 18:35:56.450238943 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:35:56.462614059 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:26.492311954 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:26.513773918 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:26.538219929 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:26.549550056 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:56.563771009 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:56.585989952 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:56.616296053 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:36:56.627007008 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:26.639467001 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:26.654174089 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:26.683876038 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:26.692043066 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:56.702590942 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:56.711308956 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:56.968064070 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:37:56.975460052 CEST	8.8.8.8	192.168.2.20	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.baidu.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.20	47134	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:35:56.450695038 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.20	47136	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:36:26.492748976 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.20	47138	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:36:26.514050007 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.20	47140	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:36:26.538572073 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.20	47142	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:36:56.564088106 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.20	47144	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:36:56.586225986 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.20	47146	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:36:56.616831064 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.20	47148	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:37:26.640125036 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.20	47150	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:37:26.654700994 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.20	47152	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:37:26.684139967 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.20	47154	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:37:56.703111887 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.20	47156	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:37:56.711646080 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.20	47158	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:37:56.968549967 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

System Behavior

Analysis Process: systemd-udevd (deleted) PID: 4713, Parent PID: 4619

General

Start time (UTC):	16:35:55
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	"/tmp/systemd-udevd (deleted)"
File size:	0 bytes
MD5 hash:	unknown

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 4719, Parent PID: 4713

General

Start time (UTC):	16:35:55
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 4720, Parent PID: 4719

General

Start time (UTC):	16:35:55
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 4730, Parent PID: 4720

General

Start time (UTC):	16:36:25
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: systemd-udevd (deleted) PID: 4732, Parent PID: 4720

General

Start time (UTC):	16:36:55
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: systemd-udevd (deleted) PID: 4736, Parent PID: 4720

General

Start time (UTC):	16:37:25
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: systemd-udevd (deleted) PID: 4738, Parent PID: 4720

General

Start time (UTC):	16:37:55
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: systemd-udevd (deleted) PID: 4742, Parent PID: 4720

General

Start time (UTC):	16:38:25
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 4752, Parent PID: 4720

General

Start time (UTC):	16:38:57
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 4756, Parent PID: 4720

General

Start time (UTC):	16:39:29
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 4758, Parent PID: 4720

General

Start time (UTC):	16:40:00
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 4721, Parent PID: 4719

General

Start time (UTC):	16:35:55
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	0 bytes
MD5 hash:	unknown

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
Tactics:	Impact
Data Sources:	File: File Creation, File: File Deletion, File: File Metadata, File: File Modification, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report systemd-udevd (deleted)

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/init.d/acpid

/etc/init.d/alsa-utils

/etc/init.d/anacron

/etc/init.d/apparmor

/etc/init.d/apport

/etc/init.d/atd

/etc/init.d/avahi-daemon

/etc/init.d/binfmt-support

/etc/init.d/bluetooth

/etc/init.d/bootmisc.sh

/etc/init.d/brltty

/etc/init.d/checkfs.sh

/etc/init.d/checkroot-bootclean.sh

/etc/init.d/checkroot.sh

/etc/init.d/console-setup

/etc/init.d/cron

/etc/init.d/cryptdisks

/etc/init.d/cryptdisks-early

/etc/init.d/cups

/etc/init.d/cups-browsed

/etc/init.d/dbus

/etc/init.d/grub-common

/etc/init.d/halt

/etc/init.d/hddtemp

/etc/init.d/hostname.sh

/etc/init.d/hwclock.sh

/etc/init.d/iscsid

/etc/init.d/kerneloops

/etc/init.d/keyboard-setup.dpkg-bak

/etc/init.d/killprocs

/etc/init.d/kmod

Linux Analysis Report
systemd-udevd (deleted)